adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,876 Commits 27 Branches 1,043 Tags
a18efb7882b47e68736dee5bd02bc56a80321bf6
Commit Graph

2814 Commits

Author SHA1 Message Date
adfoster-r7 a9ccfe31b7 Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch 2022-12-13 19:40:39 +00:00
Spencer McIntyre a80db73bab Land #17325, add impersonation for get_ticket 
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
 2022-12-12 09:10:37 -05:00
Dean Welch d239e9b007 Don't autoload krb5Pac 2022-12-06 13:01:47 +00:00
Dean Welch 1e2ada3cce Add options validation depending on action in forge_ticket.rb 2022-12-06 12:55:42 +00:00
Dean Welch 405271a52f Add pac BinData Model 2022-12-05 14:03:21 +00:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
Christophe De La Fuente c6f8bae1ab Fix from code review and updates the KrbUseCachedCredentials logic 2022-12-02 15:28:08 +01:00
Christophe De La Fuente cc61a26668 Add S4U2Self and S4U2Proxy support to impersonate a user 2022-12-01 20:42:13 +01:00
Christophe De La Fuente d3057f15b2 Land #17275, Add Exploit For CVE-2022-41082 (ProxyNotShell) 2022-11-30 18:16:19 +01:00
adfoster-r7 750192afa4 Add pkinit error codes 2022-11-29 10:36:10 +00:00
Spencer McIntyre cd828a82c8 Fix the DH key construction for OpenSSL3 2022-11-28 14:54:10 -05:00
Spencer McIntyre abe0549db6 Land #17226, Module to request TGT/TGS tickets 
Module to request TGT/TGS Kerberos tickets from the KDC
 2022-11-28 11:59:17 -05:00
Spencer McIntyre f24df8a051 Change an exception class and drop DOMAIN passing 2022-11-28 10:06:14 -05:00
Spencer McIntyre 009c6c5350 Add the MaxBackendRetries datastore option 2022-11-28 09:45:04 -05:00
Spencer McIntyre 3805a79079 Add support for Exchange Data Access Group (DAG) 
This updates the HttpSsrf class to retry requests to the Powershell
backend when they fail because they were routed to a new server. Now
when the transport is initialized, it will store the backend used by the
first successful request.
 2022-11-23 15:37:58 -05:00
Spencer McIntyre 29d57dde66 Consolidate into ProxyMaybeShell 2022-11-18 17:01:01 -05:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
adfoster-r7 8efc6c5304 Land #17103, Consolidate KdcOptionFlags and TicketFlags 2022-11-09 17:27:17 +00:00
Dean Welch 7c2134d941 Consolidate KdcOptionFlags and TicketFlags 2022-11-09 17:08:26 +00:00
adfoster-r7 65f6aaca82 Land #17077, Add support for AES keys for silver/golden ticket forging 2022-11-09 16:51:11 +00:00
Dean Welch 23ff829e52 Add support for AES keys for silver/golden ticket forging 2022-11-09 13:01:13 +00:00
krastanoel 645a1c25a3 Update method documentation and indentation 2022-11-09 16:27:31 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
Christophe De La Fuente 37fd441b0f Land #17117, Authenticate to Kerberos with PKINIT 2022-11-08 18:54:03 +01:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
krastanoel c980f4f9ee add more custom error exception 2022-11-09 00:27:12 +07:00
Spencer McIntyre e70861fc87 Land #17239, Fix broken kerberos login module 2022-11-08 11:21:17 -05:00
adfoster-r7 30fe07801b Fix broken kerberos login module 2022-11-08 15:49:21 +00:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
Spencer McIntyre c1d092b70d Minor tweaks 
Filter out enrollable certs by default and print the warning higher. Add
periods to all messages for consistency. Drop the message from
vprint_good to vprint_status when the query works.
 2022-11-07 10:37:12 -05:00
Dean Welch ee46d18505 Add yard docs and address review comments 2022-11-07 12:10:01 +00:00
Dean Welch a110465fe4 Add module for converting kerberos ticket formats 2022-11-07 12:10:01 +00:00
Grant Willcox 79ac775443 Perform updates from code review. 2022-11-04 15:44:28 -05:00
Grant Willcox 8922e5b203 Add in first initial implementation of ESC module and updates to associated libraries. 2022-11-04 15:43:34 -05:00
Christophe De La Fuente eb051ec9a7 Add get_ticket module 2022-11-04 18:46:47 +01:00
Spencer McIntyre 6e453a3f4f Fix a bug in #extract_user_and_realm 
While iterating over asn_san_seq, if the tag doesn't match either of the
two conditions, user and domain will be nil which leads to a problem
later on.
 2022-11-03 10:51:52 -04:00
Jack Heysel 45ddcf02c9 Remove unused mix in, add low bound to check 2022-11-01 10:42:43 -05:00
jheysel-r7 af9175325b Update lib/msf/core/exploit/remote/http/webmin/login.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-01 10:42:42 -05:00
Jack Heysel ad5b03ed96 Finished TODOs and added docs 2022-11-01 10:40:00 -05:00
adfoster-r7 7774b7ddcf Merge remote-tracking branch 'upstream/master' into merge-6.2.25-master-into-kerberos-feature-branch 2022-10-31 23:15:11 +00:00
Spencer McIntyre fa7d677d45 Consolidate and improve LDAP error handling 2022-10-31 10:56:17 -04:00
Christophe De La Fuente 4ec7eea436 Fixes from code review 2022-10-28 15:33:34 +02:00
Christophe De La Fuente 52904b8cb6 Add support to Kerberos 
- Add kerberos authenticator to `scanner/smb/smb_login` and the
  corresponding login scanner library
- Add new options: `UseCachedCredentials` and `StoreCredentialCache`
- Add `use_cached_credentials` attribute to
  Kerberos::ServiceAuthenticator::Base. This enables/disables the use of
  cached Kerberos credentials from the database.
- Add `store_credential_cache` attribute to
  Kerberos::ServiceAuthenticator::Base. This enables/disables storing
  Kerberos TGS MIT Credential Cache to the database.
 2022-10-21 16:16:10 +02:00
Matthew Dunn 1e50ba3415 Move to Hashes module, address requested changes 
Fix rubocop

Move identify to hashes module up one layer, use full reference to identify_hash instead of full include

Fix SMTP require

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Address remaining requested changes, reference constants directly

Add all the missing direct references

Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-10-17 17:28:31 -04:00
Ashley Donaldson 09e740d48d Changes from code review 2022-10-17 17:19:50 +11:00
Ashley Donaldson c7bab60a3e Fix to support DNS entries in certificate files 2022-10-07 15:17:07 +11:00
Ashley Donaldson 80bb1867bc Added documentation for the module 2022-10-07 14:24:37 +11:00
Ashley Donaldson 793a05f9f3 Added comments for new functions 2022-10-07 11:55:47 +11:00
Ashley Donaldson b5a076a1f1 Neaten parameter and error handling 2022-10-07 11:24:39 +11:00