d05b85de50
Land #18680 , Shared SMB Service
...
Merge branch 'land-18680' into upstream-master
2024-01-26 14:42:11 -06:00
15d0d4f0df
Land #18663 , Add new PostgreSQL Session Type
2024-01-24 10:46:26 +00:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
1fe448f2f4
Revert remote/postgres verbosity changes
2024-01-22 14:27:38 +00:00
fbdb025542
Notify user on failed Postgres connection
2024-01-19 10:29:44 +00:00
a4305f0ca0
Allow PostgreSQL lib to use session client
2024-01-19 10:29:44 +00:00
b8aa55c322
Land #18633 , WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553)
2024-01-17 18:42:52 +01:00
a8d46b3e7a
Land #18627 , Ansible: post gather module, payload deployer, and file reader
2024-01-17 15:26:25 +01:00
6dec82ec24
Remove exec.nil? statement
2024-01-17 15:06:15 +01:00
56a9beb39d
ansible review
2024-01-15 17:18:49 -05:00
5e25a99700
Responded to comments
2024-01-12 13:08:32 -05:00
b031311892
ansible review
2024-01-10 17:29:15 -05:00
e711c9ea43
ansible review
2024-01-10 17:16:57 -05:00
43f4705e60
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-09 12:37:59 -05:00
024bdaec6d
Add a proper rex-based service for the SMB server
2024-01-08 16:54:22 -05:00
b10e8d566b
Initial Rex SMB service to allow sharing
2024-01-05 17:18:08 -05:00
47a58bda3b
saltstack library rubocop and comments
2023-12-24 11:54:22 -05:00
357bdc8c10
ansible post library
2023-12-24 11:49:27 -05:00
b654275ec4
add saltstack lib
2023-12-23 13:52:52 -05:00
e3062d45e0
Module working docs updated
2023-12-20 16:41:52 -05:00
45d2c7f4e0
Land #18566 , CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE
2023-12-18 18:51:36 +01:00
5d5ccd25e1
Removed unnecssary files
2023-12-15 10:46:23 -05:00
ef178298b2
Update lib/msf/core/exploit/remote/http/atlassian/confluence/version.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-12-14 11:55:30 -05:00
5f396245f2
Land #18539 , Add Smb session type
2023-12-12 11:45:19 +00:00
603e5b2bff
Land #18569 , Add a module to perform ASREP-roasts
...
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
2023-12-11 19:58:06 -05:00
862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
16dd06bbac
Added payload plugin mixin
2023-12-11 18:24:13 -05:00
9f126a4d24
Land #18446 , Make DomainControllerRhost optional
...
This PR makes the DomainControllerRhosts option optional,
even when auth is set to kerberos. This change requires
rapid7/rex-socket#64 which was released in the rex-socket 1.5.5 gem.
2023-12-05 17:47:45 -05:00
f000c39b4a
Update to mark DomainControllerRhost as optional
2023-12-05 16:23:35 -05:00
cd8cc75cf3
Add smb session type
2023-12-04 17:55:11 +00:00
e6321e46c4
Land #18565 , Add kerberos cache TGT lookup logic
...
This PR adds an enhancement to adjust the cache lookup logic.
If no TGT for the specific host is found, it will try again but
with any host.
2023-11-28 12:00:48 -05:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
2ea1f43f12
Unit test for new kerberos client pre-auth behaviour
2023-11-27 17:10:19 +11:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
2ead152173
Add specific module to perform ASREP-roasting
2023-11-24 07:43:49 +11:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
8d4ae4bc78
Check the cache for a TGT without a host
...
This fixes allows forged golden tickets to be reused from the cache
2023-11-21 14:19:47 -05:00
1b4099f5a3
Copy across some more properties from the PAC
2023-11-21 13:51:05 +11:00
45a5c62308
Fix diamond tickets
2023-11-20 10:11:38 +11:00
5e9ff17e59
Handle NTHASH tickets, including warning users that it's a terrible idea
2023-11-17 19:24:25 +11:00
fb9bd2cae1
Use empty string for missing values rather than nil
2023-11-17 15:09:30 +11:00
9d873cb7ac
Fix bug in writing UpnDnsInfo structure, and include in sapphire PAC
2023-11-17 13:49:55 +11:00
24490cbe1e
Replicate Logon domain name and extra sids from sapphire ticket
2023-11-17 13:16:40 +11:00
4e6a29d0fb
Implement sapphire tickets
2023-11-15 22:31:11 +11:00
bdb13601ae
Implement diamond tickets
2023-11-15 16:13:01 +11:00
fc988c2033
Fix db2 scanner module crashes
2023-11-13 21:41:28 +00:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
c243125612
Land #18379 , Improve ccache hostname matching
...
The service authenticator was filtering out valid credentials
when the hostname wasnt an exact match when credentials for
a domain should work on a subdomaini. This PR fixes that issue.
2023-11-07 22:08:15 -05:00
7024d4ecac
remove redundant unless expression
2023-11-07 09:06:58 +00:00
bwatters