adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,889 Commits 27 Branches 1,043 Tags
b40fc5afa8a6c75eb4765a3e9cfca87fbaa1e9db
Commit Graph

809 Commits

Author SHA1 Message Date
Spencer McIntyre 409b1aed45 Land #19461, Modernize NetWkstaUserEnum 
Modernize NetWkstaUserEnum in smb scanner
 2024-09-17 10:14:02 -04:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
Alex Romero 9fac88f709 Update lib/msf/core/exploit/remote/ms_wkst.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-17 00:32:34 +03:30
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
cgranleese-r7 720723fa9c Land #19414, Add missing constants for the Kerberos login scanner 2024-09-16 11:11:52 +01:00
NtAlexio2 92234641bc modernize enumuser_domain in smb scanner 2024-09-13 16:12:01 -04:00
dwelch-r7 9de9b525d9 Land #19432, Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-09-11 14:57:48 +01:00
Christophe De La Fuente 1b4362b6d5 Set default server_name in #send_request_tgt_pkinit 2024-09-09 18:03:15 +02:00
Chocapikk 43fabb07e5 Update doc + module + (mixin see #19444) 2024-09-08 06:56:13 +02:00
Jack Heysel 152710403d Land #19330, Add SSL opt in start_service 
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
 2024-09-05 09:08:07 -07:00
Chocapikk 37042d837e Add spip_plugin_version function to retrieve plugin version from config.txt or Composed-By header 2024-09-04 22:17:06 +02:00
Chocapikk 586cf482ce Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-08-30 20:37:32 +02:00
Dean Welch d86e85aeea Remove whitespace from spip version regex 2024-08-30 11:42:55 +01:00
Dean Welch 6532107eb4 Remove whitespace from spip version regex 2024-08-30 11:33:15 +01:00
jvoisin 2c79c3d02f Add a mixin to get SPIP version and make use of it 2024-08-28 17:17:53 +02:00
Christophe De La Fuente 19e3f29441 Add missing constants for the Kerberos login scanner & set default server_name value in the client 2024-08-23 15:01:18 +02:00
adeherdt-r7 a3a24418a8 MS-9517 Jenkins Login Scanner 
Jenkins does not implement Authentication challenges.

By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.

By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.

The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
 2024-08-13 11:16:01 +02:00
Heyder Andrade 10e4668e68 Update lib/msf/core/exploit/remote/http_server.rb 
Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com>
 2024-07-25 19:05:48 +02:00
adfoster-r7 89cf0223d1 Kerberos asrep roasting improvements 2024-07-24 18:01:11 +01:00
redwaysecurity.com dc282f5cc4 Cleanup 2024-07-19 12:38:50 +02:00
redwaysecurity.com 117c2b9298 feat: Allow explicit SSL configuration in start_service method 
The start_service method now allows users to specify their SSL preferences directly through the opts parameter. If the ssl option is not provided in opts, it will default to the value in datastore['SSL'].

This change enhances the flexibility and usability of the start_service method, preventing unintended behavior when users need to control the SSL setting explicitly.

Closes #19329
 2024-07-19 12:33:13 +02:00
Spencer McIntyre a6fd6defcb Escape LDAP query strings 2024-06-18 17:47:56 -04:00
Christophe De La Fuente 764dc89997 Update Java::HTTP::ClassLoader and CmdStager::HTTP 
- Add specific #on_request_uri, #start_service and #resource_uri methods with distinct names
 2024-06-13 16:39:24 +02:00
bcoles 4eecb8ee96 Moodle::Login.moodle_login: fix login success verification regex 2024-06-03 01:49:04 +10:00
adfoster-r7 25a1318052 Land #19170, Refactor smb lookupsid module 2024-05-17 13:43:52 +01:00
Spencer McIntyre 638ad36b12 Fixed names that were missed while refactoring 2024-05-17 10:59:37 +01:00
sjanusz-r7 34ab7d97b2 Follow MS-LSAD and MS-LSAT spec for LSARPC & LookupSids 2024-05-17 10:59:37 +01:00
sjanusz-r7 138a553b36 Add support for configurable RPORT, session & default rports to lookupsid 2024-05-17 10:59:37 +01:00
sjanusz-r7 d569077564 Refactor smb_lookupsid module to use RubySMB 2024-05-17 10:59:37 +01:00
Dean Welch 68f7334348 Fix kerberos auth and missing method error when querying with -a 2024-05-15 16:11:40 +01:00
Dean Welch 7cdea94000 Convert ldap modules to use the new ldap session type 2024-05-15 15:12:51 +01:00
Dean Welch e693b9588c Update ldap modules to support an ldap session 2024-05-15 15:12:51 +01:00
Dean Welch df32ce2db9 Add ldap query support to the ldap session 2024-05-15 15:12:51 +01:00
Dean Welch 3cedb20f75 Add initial ldap session support 2024-05-15 15:12:51 +01:00
Spencer McIntyre 69e35005ee Add TLS channel binding for kerberos 2024-05-08 16:30:24 -04:00
Spencer McIntyre cc3fd3bfa0 Update #build_gss_ap_req_checksum_value 
This updates the #build_gss_ap_req_checksum_value method to allow
control over the flags and channel binding information.
 2024-05-08 16:24:54 -04:00
Spencer McIntyre 8dabe17121 Pass the ticket storage setting 2024-05-08 16:24:54 -04:00
Spencer McIntyre 942d47bec5 Add TLS channel binding for NTLM 2024-05-08 16:24:48 -04:00
Christophe De La Fuente 8c76143a9d Land #19127, Ldap signing 2024-05-07 17:28:36 +02:00
Spencer McIntyre 5523f13394 Fix a message that should refer to LDAP::Signing 2024-05-06 09:40:28 -04:00
Spencer McIntyre 69d603e6fc Switch to an enum option for the signing 2024-05-03 10:27:10 -04:00
adfoster-r7 4c84f8830f Land #18907, add mssql_version module 2024-05-03 14:33:35 +01:00
cgranleese-r7 bb473f4004 Reimplement password_spray into login modules 2024-05-03 13:00:24 +01:00
Simon Janusz 76d7fe8dbd Land #19095, Refactor smb_enumusers 2024-04-25 15:45:23 +01:00
Jack Heysel aea95c052e Land #18723, Improve Gitlab fingerprinting 
A webpage exists that can be reached without authentication that
contains a hash that can be used to determine the approximate version of
gitlab running on the endpoint. This PR adds enhances our current GitLab
fingerprinting capabilities to include the aforementioned technique.
 2024-04-24 12:13:15 -07:00
Zach Goldman d0a714d1e8 refactor packet parsing code 2024-04-24 15:06:36 -04:00
Zach Goldman 3897b49ca6 add mssql_version module 2024-04-24 15:06:36 -04:00
Jack Heysel bc4a532cd7 Changed format of GITLAB_CSS_MAP 2024-04-24 11:38:22 -07:00
Jack Heysel f018295509 Ensure range of Rex::Version objects are always returned 2024-04-24 10:00:16 -07:00
adfoster-r7 e5cf357f9e Land #19078, ldap acceptance tests 2024-04-24 17:59:24 +01:00