bc7adfbe41
Bump version of framework to 6.4.38
2024-11-21 03:32:51 -06:00
fefc8438f5
Deprecate real-readline option
2024-11-19 12:38:05 +00:00
d039bead93
Merge pull request #19601 from sjanusz-r7/add-teamcity-login-scanner
...
Add JetBrains TeamCity HTTP Login Scanner
2024-11-15 12:49:10 +00:00
67e27c60ef
Bump version of framework to 6.4.37
2024-11-13 18:39:19 -06:00
763793ee3d
Bump version of framework to 6.4.36
2024-11-07 03:35:44 -06:00
96f6f66429
Land #19550 , Fix username/password generation in case both PASSWORD_SPRAY and USER_AS_PASS are enabled
2024-11-06 13:56:05 +00:00
520ac7ef2b
TeamCity: Correctly encrypt UTF-8 codepoints
2024-11-04 16:33:29 +00:00
2073121f5e
TeamCity: Raise ArgumentError, refactor Crypto as an included module
2024-11-04 16:33:29 +00:00
970beb4c27
TeamCity: Consolidate RSA crypto into login scanner
2024-11-04 16:33:29 +00:00
a6ee189502
TeamCity: Use more exceptions, cache public key
2024-11-04 16:33:29 +00:00
c37f4e6508
TeamCity: Prevent endless recursion and stack explosions in try_login
2024-11-04 16:33:29 +00:00
ed1a5d97c3
TeamCity: use vars_post for login request
2024-11-04 16:33:29 +00:00
84cacb5cca
TeamCity: Fire and forget logout request
2024-11-04 16:33:28 +00:00
cba8962d29
Add JetBrains TeamCity HTTP Login Scanner
2024-11-04 16:33:28 +00:00
ec013f2a73
Bump version of framework to 6.4.35
2024-10-31 09:14:41 -05:00
1af43ca110
Bump version of framework to 6.4.34
2024-10-24 06:48:37 -05:00
4422322cd0
Bump version of framework to 6.4.33
2024-10-17 12:37:56 -05:00
76d3980c44
Bump version of framework to 6.4.32
2024-10-17 04:54:21 -05:00
8c5bead4a0
Added spec to reproduce the username/password generation error in case PASSWORD_SPRAY and USER_AS_PASS are both enabled
...
Added minimal code to fix the issue, extracting the code to generate username:username credentials in the PASSWORD_SPRAY case
2024-10-10 21:15:50 +02:00
93344df7e1
Bump version of framework to 6.4.31
2024-10-10 04:23:08 -05:00
5e2fab24ef
Bump version of framework to 6.4.30
2024-10-03 03:42:02 -05:00
a31261ecf2
Revert "Replace Readline with Reline"
2024-10-02 13:15:12 +01:00
ab7403147f
Bump version of framework to 6.4.29
2024-09-26 17:26:27 -05:00
ab7e02d23f
Merge pull request #19397 from sjanusz-r7/replace-readline-with-reline
...
Replace Readline with Reline
2024-09-20 14:23:40 +01:00
80f050a5f5
Bump version of framework to 6.4.28
2024-09-19 15:52:50 +01:00
720723fa9c
Land #19414 , Add missing constants for the Kerberos login scanner
2024-09-16 11:11:52 +01:00
1a1c21a0b1
Bump version of framework to 6.4.27
2024-09-12 03:35:27 -05:00
8e94a0d805
Land #19352 , add necessary metadata for bruteforce
...
add necessary metadata for bruteforce
2024-09-06 10:18:21 +01:00
e377e746e9
Update lib/metasploit/framework/login_scanner/ldap.rb
2024-09-06 10:10:09 +01:00
6f1acf4610
Bump version of framework to 6.4.26
2024-09-05 03:38:07 -05:00
10dee226c6
Replace Readline with Reline
2024-09-04 16:39:41 +01:00
b9bbfa6567
Bump version of framework to 6.4.25
2024-08-29 03:34:28 -05:00
19e3f29441
Add missing constants for the Kerberos login scanner & set default server_name value in the client
2024-08-23 15:01:18 +02:00
1a35492634
Bump version of framework to 6.4.24
2024-08-22 03:38:31 -05:00
8d838d4d56
Land #19366 , Jenkins Login Scanner improvments
2024-08-21 10:28:22 +01:00
e4726e4f52
Bump version of framework to 6.4.23
2024-08-15 03:40:21 -05:00
a3a24418a8
MS-9517 Jenkins Login Scanner
...
Jenkins does not implement Authentication challenges.
By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.
By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.
The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
2024-08-13 11:16:01 +02:00
233f6dc4d2
Bump version of framework to 6.4.22
2024-08-08 03:38:47 -05:00
29bfc1cca6
add necessary metadata for bruteforce
2024-08-06 10:02:58 -05:00
52fb857b99
Bump version of framework to 6.4.21
2024-08-01 03:40:03 -05:00
03ef015f61
Bump version of framework to 6.4.20
2024-07-25 03:37:00 -05:00
219abdd9c6
Bump version of framework to 6.4.19
2024-07-18 03:33:57 -05:00
6283456164
Bump version of framework to 6.4.18
2024-07-11 03:34:02 -05:00
e549e0ccf4
Bump version of framework to 6.4.17
2024-07-04 03:37:24 -05:00
4909a43bf0
Land #19252 , improve error handling for unhandled errors
2024-07-03 19:20:56 +01:00
4316d52b87
trim exception list
2024-07-03 09:48:27 -05:00
c5717d42d6
MS-9457 Support NO_AUTH_REQUIRED
...
Support the `NO_AUTH_REQUIRED` condition and terminate the scan to avoid further unneeded attempts.
2024-07-02 14:09:01 +02:00
52142f280f
MS-9454 Redis Scanner: Support versions
...
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
2024-06-28 15:25:49 +02:00
e691f72170
Bump version of framework to 6.4.16
2024-06-27 03:34:27 -05:00
51176e778c
MS-9445 Fix Service Reporting
...
Preliminary pull request to resolve an issue with a service not being properly detected for Redis.
* Ensure service name is properly passed down when detecting vulnerabilities
* Ensure Redis properly detects no-auth requirements
2024-06-26 15:11:29 +02:00
Metasploit