d810267f8d
Pull in Dean's changes from #17443 to fix LDAP failure references.
2023-01-17 16:31:08 -06:00
e03fd42a29
Update to fix some warnings in YARD, fix review comments, and also replace @see with proper links for easier navigation
2023-01-05 17:44:24 -06:00
e218210feb
Update ldap_connect documentation to set Object as the return type
2023-01-05 10:51:18 -06:00
c71ba23a10
Fix up incorrectly indented documentation, remove excess lines, and add in correct type return information from debugging sessions
2023-01-04 11:09:23 -06:00
bfb80db9db
Add in missing YARD documentation for lib/msf/core/exploit/remote/ldap.rb
2022-12-30 16:07:08 -06:00
431804ef15
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
f24df8a051
Change an exception class and drop DOMAIN passing
2022-11-28 10:06:14 -05:00
009c6c5350
Add the MaxBackendRetries datastore option
2022-11-28 09:45:04 -05:00
3805a79079
Add support for Exchange Data Access Group (DAG)
...
This updates the HttpSsrf class to retry requests to the Powershell
backend when they fail because they were routed to a new server. Now
when the transport is initialized, it will store the backend used by the
first successful request.
2022-11-23 15:37:58 -05:00
29d57dde66
Consolidate into ProxyMaybeShell
2022-11-18 17:01:01 -05:00
d1a7170020
Land #17021 , Gitea Git fetch RCE module - CVE-2022-30781
2022-11-17 12:28:29 +01:00
645a1c25a3
Update method documentation and indentation
2022-11-09 16:27:31 +07:00
13bb31feeb
Update module
...
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
2022-11-09 04:52:18 +07:00
a50cca27e6
remove cookie_jar manipulation
2022-11-09 00:48:23 +07:00
52d867bbc7
follow Ruby coding convetions
...
- combine gitea_version into get_gitea_version for the check method
- validate empty username
2022-11-09 00:41:30 +07:00
c980f4f9ee
add more custom error exception
2022-11-09 00:27:12 +07:00
540984804d
Apply suggestions from code review
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-08 14:09:31 +07:00
c1d092b70d
Minor tweaks
...
Filter out enrollable certs by default and print the warning higher. Add
periods to all messages for consistency. Drop the message from
vprint_good to vprint_status when the query works.
2022-11-07 10:37:12 -05:00
79ac775443
Perform updates from code review.
2022-11-04 15:44:28 -05:00
8922e5b203
Add in first initial implementation of ESC module and updates to associated libraries.
2022-11-04 15:43:34 -05:00
45ddcf02c9
Remove unused mix in, add low bound to check
2022-11-01 10:42:43 -05:00
af9175325b
Update lib/msf/core/exploit/remote/http/webmin/login.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-01 10:42:42 -05:00
ad5b03ed96
Finished TODOs and added docs
2022-11-01 10:40:00 -05:00
fa7d677d45
Consolidate and improve LDAP error handling
2022-10-31 10:56:17 -04:00
1e50ba3415
Move to Hashes module, address requested changes
...
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-10-17 17:28:31 -04:00
06aefb630a
string true to bool true
2022-10-03 19:50:04 -04:00
aa0dc86bd8
get csrf from the html body instead
2022-10-01 19:59:23 +07:00
02b5f8678c
add repository error class
2022-10-01 17:43:42 +07:00
e9d8068078
update and tidy the lib comments
2022-10-01 16:22:21 +07:00
cc2db82886
add repository create and migrate helpers
2022-10-01 01:13:28 +07:00
29944a0a1b
add repository create and migrate url
2022-10-01 01:12:54 +07:00
c5d3867980
add migration error class
2022-10-01 01:11:58 +07:00
88e4261a88
Add common lib for Gitea repository
2022-10-01 01:10:55 +07:00
cbff63958c
Move version check and login to common library
2022-09-30 22:09:01 +07:00
3a281234df
Add feature flagged datastore rewrite, with support for option fallback lookups
2022-09-16 12:59:02 +01:00
f65119b353
Support OpenSSL3 and run Ubuntu 22.04 in test matrix
2022-08-03 15:49:53 +01:00
f9a951d034
Land #16737 , Remove initial code duplication between mssql clients
2022-07-20 19:44:25 +02:00
39f288bfe3
Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters
2022-07-11 01:37:41 +10:00
5bc618e642
Remove initial code duplication between mssql clients
2022-07-01 14:26:04 +01:00
67ea2bc23c
Land #16630 Fix duplicate ntlm hash storage
...
Net-NTLM (v1 and v2) hashes were being duplicated when
stored in the database due to the unique data in the challenge
dispite being the same. This fixes that issue
2022-06-08 14:07:34 -04:00
1a7cbe5b4f
Update lib/msf/core/exploit/remote/smb/server/hash_capture.rb
2022-06-08 13:45:57 -04:00
a983bbd8ba
Land #16615 , Solicited multicast-address creation bugfix
2022-06-07 14:41:52 -05:00
2b99967d0c
Merge branch 'master' into fix/duplicate-netntlm
2022-06-07 11:42:51 -04:00
a47b3fe694
Don't report duplicate Net-NTLM hashes
2022-05-27 14:13:06 -04:00
1e5f86703f
Report the correct JtR type
2022-05-27 10:16:02 -04:00
862c6a94a2
Log ntlm_session hashes too
...
Despite being called ntlm_session, these hashes are capable of being
cracked as the John 'netntlm' format. Additionally the format is
reported as NTLMv1-SSP in similar tools.
2022-05-27 10:07:39 -04:00
c33f284786
change from lambda to line by line logic
2022-05-24 16:24:15 +03:00
7f9ead454e
bugfix of improper solicited address creation
2022-05-23 15:25:53 +03:00
19a9ff1198
Update a couple of modules for the new SMB server
2022-05-16 14:39:45 -04:00
Spencer McIntyre