ab7e02d23f
Merge pull request #19397 from sjanusz-r7/replace-readline-with-reline
...
Replace Readline with Reline
2024-09-20 14:23:40 +01:00
80f050a5f5
Bump version of framework to 6.4.28
2024-09-19 15:52:50 +01:00
720723fa9c
Land #19414 , Add missing constants for the Kerberos login scanner
2024-09-16 11:11:52 +01:00
1a1c21a0b1
Bump version of framework to 6.4.27
2024-09-12 03:35:27 -05:00
8e94a0d805
Land #19352 , add necessary metadata for bruteforce
...
add necessary metadata for bruteforce
2024-09-06 10:18:21 +01:00
e377e746e9
Update lib/metasploit/framework/login_scanner/ldap.rb
2024-09-06 10:10:09 +01:00
6f1acf4610
Bump version of framework to 6.4.26
2024-09-05 03:38:07 -05:00
10dee226c6
Replace Readline with Reline
2024-09-04 16:39:41 +01:00
b9bbfa6567
Bump version of framework to 6.4.25
2024-08-29 03:34:28 -05:00
19e3f29441
Add missing constants for the Kerberos login scanner & set default server_name value in the client
2024-08-23 15:01:18 +02:00
1a35492634
Bump version of framework to 6.4.24
2024-08-22 03:38:31 -05:00
8d838d4d56
Land #19366 , Jenkins Login Scanner improvments
2024-08-21 10:28:22 +01:00
e4726e4f52
Bump version of framework to 6.4.23
2024-08-15 03:40:21 -05:00
a3a24418a8
MS-9517 Jenkins Login Scanner
...
Jenkins does not implement Authentication challenges.
By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.
By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.
The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
2024-08-13 11:16:01 +02:00
233f6dc4d2
Bump version of framework to 6.4.22
2024-08-08 03:38:47 -05:00
29bfc1cca6
add necessary metadata for bruteforce
2024-08-06 10:02:58 -05:00
52fb857b99
Bump version of framework to 6.4.21
2024-08-01 03:40:03 -05:00
03ef015f61
Bump version of framework to 6.4.20
2024-07-25 03:37:00 -05:00
219abdd9c6
Bump version of framework to 6.4.19
2024-07-18 03:33:57 -05:00
6283456164
Bump version of framework to 6.4.18
2024-07-11 03:34:02 -05:00
e549e0ccf4
Bump version of framework to 6.4.17
2024-07-04 03:37:24 -05:00
4909a43bf0
Land #19252 , improve error handling for unhandled errors
2024-07-03 19:20:56 +01:00
4316d52b87
trim exception list
2024-07-03 09:48:27 -05:00
c5717d42d6
MS-9457 Support NO_AUTH_REQUIRED
...
Support the `NO_AUTH_REQUIRED` condition and terminate the scan to avoid further unneeded attempts.
2024-07-02 14:09:01 +02:00
52142f280f
MS-9454 Redis Scanner: Support versions
...
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
2024-06-28 15:25:49 +02:00
e691f72170
Bump version of framework to 6.4.16
2024-06-27 03:34:27 -05:00
51176e778c
MS-9445 Fix Service Reporting
...
Preliminary pull request to resolve an issue with a service not being properly detected for Redis.
* Ensure service name is properly passed down when detecting vulnerabilities
* Ensure Redis properly detects no-auth requirements
2024-06-26 15:11:29 +02:00
afa973e05e
Fix reids_login scanner when auth is enabled
2024-06-26 13:32:16 +01:00
bccad774fd
Bump version of framework to 6.4.15
2024-06-20 03:37:28 -05:00
f5aea8c11b
Bump version of framework to 6.4.14
2024-06-13 03:39:08 -05:00
a511729dce
add explicit error handling to base login scanner
2024-06-11 13:01:08 -05:00
a9078b4d68
Bump version of framework to 6.4.13
2024-06-06 03:33:45 -05:00
ebfbd3d305
Bump version of framework to 6.4.12
2024-05-30 03:39:13 -05:00
7eefa4b1ee
Bump version of framework to 6.4.11
2024-05-23 03:34:03 -05:00
e3fdfd6c71
Bump version of framework to 6.4.10
2024-05-16 03:39:08 -05:00
68f7334348
Fix kerberos auth and missing method error when querying with -a
2024-05-15 16:11:40 +01:00
9e4f958af7
keep ldap connection open for use in a session
2024-05-15 15:12:51 +01:00
3cedb20f75
Add initial ldap session support
2024-05-15 15:12:51 +01:00
b1cd5b3476
Land #19132 , Add LDAPS Channel Binding
...
Add channel binding information to Metasploits NTLM and Kerberos
authentication for the LDAP protocol. This enables users to authenticate
to domain controllers where the hardened security configuration setting
is in place
2024-05-13 11:31:10 -07:00
2a8b36d432
Bump version of framework to 6.4.9
2024-05-09 07:11:01 -05:00
69e35005ee
Add TLS channel binding for kerberos
2024-05-08 16:30:24 -04:00
942d47bec5
Add TLS channel binding for NTLM
2024-05-08 16:24:48 -04:00
a999ad49a0
Move the LDAP encryptors to their own files
2024-05-08 10:16:40 -04:00
8c76143a9d
Land #19127 , Ldap signing
2024-05-07 17:28:36 +02:00
69d603e6fc
Switch to an enum option for the signing
2024-05-03 10:27:10 -04:00
d105ae10ff
Fixes some password_spray issues
2024-05-02 15:43:07 +01:00
4c7f1e6520
Bump version of framework to 6.4.8
2024-05-02 03:37:55 -05:00
8a08f6a083
Land #19075 , Modularise the Softing login code
...
Merge branch 'land-19075' into upstream-master
2024-04-29 14:47:44 -05:00
b607c70611
Bump version of framework to 6.4.7
2024-04-25 03:35:58 -05:00
b5f4dfae71
Make encrypting/signing an option
2024-04-24 13:24:05 +10:00
adfoster-r7