05cbd1d9a3
Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM)
...
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
2024-11-20 11:18:58 -08:00
f7e210d3e9
Merge pull request #19624 from cdelafuente-r7/fix/mod/ms_icpr
...
Fix a crash when generating CSRs with OpenSSL 3.4.0
2024-11-19 10:58:52 -05:00
523a172e23
Load Readline without a conditional
2024-11-19 13:02:06 +00:00
fefc8438f5
Deprecate real-readline option
2024-11-19 12:38:05 +00:00
7bab1c1980
Fix specs and add algorithm argument
2024-11-18 17:17:58 +01:00
de39b693b7
Merge pull request #19645 from adeherdt-r7/MS-9862-rails-upgrade-preparation-migration-manager
...
MS-9862 Ruby on Rails Upgrade Preparation : Migration
2024-11-15 08:44:05 +01:00
6be0182b1f
Fix crash when using modules
2024-11-14 21:19:41 +00:00
b80bd252a8
MS-9862 Ruby on Rails Upgrade Preparation : Migration
...
Updating the logic in the `Msf::DbManager::Migration` to adhere to modern Rails standards and no longer manually control the connection. The connection pool and handling is fully controlled by ActiveRecord, which has a better understanding of what needs to be done than we do.
2024-11-14 11:37:54 +01:00
0d0631aa2a
Squash to a single line of output
2024-11-13 11:27:17 +00:00
24e19e4ebb
Update the ESC8 relay module to use the new helper
...
It also fixes some unrelated minor issues found in the module and the documentation
2024-11-12 18:23:31 +01:00
2c009d02f9
place current action display behind feature flag
2024-11-12 15:53:30 +00:00
6018adbbb3
Display current action and number of available actions on module use
2024-11-12 15:53:30 +00:00
35bb832b7c
Add create_csr helper under Rex::Proto
...
Also update `ms_icpr.rb` to use it
2024-11-12 12:34:20 +01:00
422ecd8d3f
Remove setting version for CSR
2024-11-12 12:34:20 +01:00
f16991af07
Merge pull request #19623 from adfoster-r7/fix-kerberos-cache-storage-exception
...
Fix Kerberos cache storage exception
2024-11-11 09:31:13 -05:00
2206b0c288
Merge pull request #19617 from sjanusz-r7/fix-shell-include
...
Check for nil res when setting echo shell
2024-11-11 10:23:15 +00:00
abfc24efdc
Fix Kerberos cache storage exception
2024-11-08 11:25:28 +00:00
3ccf18f8e9
Merge pull request #19610 from cgranleese-r7/fixes-report-summary
...
Updates report summary mixin with an additional fallback when finding creds
2024-11-07 19:24:40 +00:00
2470a45eb1
Fix out of scope variable with original behaviour
2024-11-06 18:33:34 +11:00
e709a18128
Merge pull request #19404 from bwatters-r7/smb2http_relay
...
SMB to NTLM HTTP Relay with ESC8 module
2024-11-05 14:12:08 -05:00
975c1ac71f
Check for nil res when setting echo shell
2024-11-05 13:31:07 +00:00
e130092d87
Add a missing require statement
2024-11-04 09:37:12 -05:00
7d8baee574
Add some error handling and more logging
2024-11-04 09:37:12 -05:00
80d883b55e
Consistently use strings for HTTP request options
2024-11-04 09:37:12 -05:00
4a4ec9aea4
Add some more logging
2024-11-04 09:37:12 -05:00
316a967414
Update the ESC8 module for the new changes
2024-11-04 09:37:08 -05:00
dc6cb34a21
Updates report summary mixin to have additional fallback when looking for creds
2024-11-01 15:27:31 +00:00
1bfa0755a8
Land #19518 , Add support for RISC-V 32-bit / 64-bit Little Endian payloads
2024-11-01 11:18:30 +00:00
afbf9af930
Merge pull request #19600 from adfoster-r7/mark-enum-chrome-as-superseded
...
Mark older browser modules for windows as superceded
2024-10-31 11:33:03 +00:00
5e217fb93a
Mark enum_chrome as superceded
2024-10-30 16:21:05 +00:00
b2075e5e6b
Merge pull request #19553 from smashery/offered-etype-fix
...
Only retrieve cached credentials that match the requested KrbOfferedEncryptionTypes
2024-10-28 09:47:26 -04:00
6965c2f60a
Merge pull request #19551 from smashery/ldap_session_bugfix
...
Don't require Username and Password for every RHost auth: allows Scha…
2024-10-25 17:12:30 -04:00
27d5c95323
Refactor into an SMB server relay mixin
2024-10-24 16:25:40 -04:00
9822f3e812
Decouple the NTLM relaying logic
2024-10-24 16:25:40 -04:00
8ba0019ca0
Refactor the existing relay target client code
2024-10-24 16:25:40 -04:00
a18b2b3671
code cleanup and documentation
2024-10-24 15:23:10 -05:00
dff4a8ba7c
Updates per Spencer
2024-10-24 15:23:10 -05:00
c4c1aae565
Update smb thread logging, fix control flow, use RELAY_TARGET, other suggestions
2024-10-24 15:23:10 -05:00
74f6bc7d13
Remove Rescues and Rubocop
2024-10-24 15:23:10 -05:00
6dcf63267b
Fix rescue clauses
2024-10-24 15:23:10 -05:00
0b94fdf75f
Fix up suggestions from Spencer et al.
2024-10-24 15:23:10 -05:00
1fb0b728a8
Fix timeout, add query_only mode and allow skipping the termplate query
2024-10-24 15:23:10 -05:00
4c598c1981
Move ESC8 logic to module and limit debug printing
2024-10-24 15:23:09 -05:00
5b1746f73f
Add support for multiple certs
2024-10-24 15:23:09 -05:00
0ba3db9466
Working, but ugly
2024-10-24 15:23:09 -05:00
af25c94e6a
Change to send_request_raw
2024-10-24 15:23:09 -05:00
d94081faf1
Not working; need to checnge to send_request_raw?
2024-10-24 15:23:09 -05:00
2c760bd842
Tracking down hash issues
2024-10-24 15:23:09 -05:00
7d86c99ba6
Currently getting a bad username/password message
2024-10-24 15:23:09 -05:00
8c9f670b81
Merge pull request #19576 from adfoster-r7/fix-crash-when-importing-metasploit-xml-file
...
Fix crash when importing Metasploit xml file
2024-10-23 10:14:01 +01:00
jheysel-r7