adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,842 Commits 27 Branches 1,043 Tags
c70043f84286ed1eff7da2fef5dd7f2122b81663
Commit Graph

2045 Commits

Author SHA1 Message Date
sjanusz-r7 a99fae420a Capitalize TeamCity correctly 2024-12-17 14:27:41 +00:00
Metasploit 2355ab546d Bump version of framework to 6.4.41 2024-12-12 03:32:50 -06:00
Metasploit 52ebbc19ca Bump version of framework to 6.4.40 2024-12-05 03:32:37 -06:00
jheysel-r7 e8911f9129 Land #19402 vCenter Sudo LPE (CVE-2024-37081) 2024-12-04 18:25:05 -08:00
sjanusz-r7 76c93f4d33 Log search for TeamCity in body instead of headers 2024-12-02 22:04:56 +00:00
sjanusz-r7 e827cccd48 Improve TeamCity Login Scanner 2024-11-29 16:52:00 +00:00
Metasploit 6ca45601fb Bump version of framework to 6.4.39 2024-11-28 03:32:30 -06:00
Metasploit bc7adfbe41 Bump version of framework to 6.4.38 2024-11-21 03:32:51 -06:00
sjanusz-r7 fefc8438f5 Deprecate real-readline option 2024-11-19 12:38:05 +00:00
h00die f38661d6c3 pod user working 2024-11-18 07:30:21 -05:00
adfoster-r7 d039bead93 Merge pull request #19601 from sjanusz-r7/add-teamcity-login-scanner 
Add JetBrains TeamCity HTTP Login Scanner
 2024-11-15 12:49:10 +00:00
Metasploit 67e27c60ef Bump version of framework to 6.4.37 2024-11-13 18:39:19 -06:00
Metasploit 763793ee3d Bump version of framework to 6.4.36 2024-11-07 03:35:44 -06:00
cgranleese-r7 96f6f66429 Land #19550, Fix username/password generation in case both PASSWORD_SPRAY and USER_AS_PASS are enabled 2024-11-06 13:56:05 +00:00
h00die 773355f0e8 making bcenter lpe progress 2024-11-04 16:26:08 -05:00
sjanusz-r7 520ac7ef2b TeamCity: Correctly encrypt UTF-8 codepoints 2024-11-04 16:33:29 +00:00
sjanusz-r7 2073121f5e TeamCity: Raise ArgumentError, refactor Crypto as an included module 2024-11-04 16:33:29 +00:00
sjanusz-r7 970beb4c27 TeamCity: Consolidate RSA crypto into login scanner 2024-11-04 16:33:29 +00:00
sjanusz-r7 a6ee189502 TeamCity: Use more exceptions, cache public key 2024-11-04 16:33:29 +00:00
sjanusz-r7 c37f4e6508 TeamCity: Prevent endless recursion and stack explosions in try_login 2024-11-04 16:33:29 +00:00
sjanusz-r7 ed1a5d97c3 TeamCity: use vars_post for login request 2024-11-04 16:33:29 +00:00
sjanusz-r7 84cacb5cca TeamCity: Fire and forget logout request 2024-11-04 16:33:28 +00:00
sjanusz-r7 cba8962d29 Add JetBrains TeamCity HTTP Login Scanner 2024-11-04 16:33:28 +00:00
h00die 5d2bc4aa3c add vcenter server appliance to ssh platform 2024-11-03 14:47:40 -05:00
Metasploit ec013f2a73 Bump version of framework to 6.4.35 2024-10-31 09:14:41 -05:00
Metasploit 1af43ca110 Bump version of framework to 6.4.34 2024-10-24 06:48:37 -05:00
Metasploit 4422322cd0 Bump version of framework to 6.4.33 2024-10-17 12:37:56 -05:00
Metasploit 76d3980c44 Bump version of framework to 6.4.32 2024-10-17 04:54:21 -05:00
Mathieu 8c5bead4a0 Added spec to reproduce the username/password generation error in case PASSWORD_SPRAY and USER_AS_PASS are both enabled 
Added minimal code to fix the issue, extracting the code to generate username:username credentials in the PASSWORD_SPRAY case
 2024-10-10 21:15:50 +02:00
Metasploit 93344df7e1 Bump version of framework to 6.4.31 2024-10-10 04:23:08 -05:00
Metasploit 5e2fab24ef Bump version of framework to 6.4.30 2024-10-03 03:42:02 -05:00
Simon Janusz a31261ecf2 Revert "Replace Readline with Reline" 2024-10-02 13:15:12 +01:00
Metasploit ab7403147f Bump version of framework to 6.4.29 2024-09-26 17:26:27 -05:00
adfoster-r7 ab7e02d23f Merge pull request #19397 from sjanusz-r7/replace-readline-with-reline 
Replace Readline with Reline
 2024-09-20 14:23:40 +01:00
adfoster-r7 80f050a5f5 Bump version of framework to 6.4.28 2024-09-19 15:52:50 +01:00
cgranleese-r7 720723fa9c Land #19414, Add missing constants for the Kerberos login scanner 2024-09-16 11:11:52 +01:00
Metasploit 1a1c21a0b1 Bump version of framework to 6.4.27 2024-09-12 03:35:27 -05:00
cgranleese-r7 8e94a0d805 Land #19352, add necessary metadata for bruteforce 
add necessary metadata for bruteforce
 2024-09-06 10:18:21 +01:00
cgranleese-r7 e377e746e9 Update lib/metasploit/framework/login_scanner/ldap.rb 2024-09-06 10:10:09 +01:00
Metasploit 6f1acf4610 Bump version of framework to 6.4.26 2024-09-05 03:38:07 -05:00
sjanusz-r7 10dee226c6 Replace Readline with Reline 2024-09-04 16:39:41 +01:00
Metasploit b9bbfa6567 Bump version of framework to 6.4.25 2024-08-29 03:34:28 -05:00
Christophe De La Fuente 19e3f29441 Add missing constants for the Kerberos login scanner & set default server_name value in the client 2024-08-23 15:01:18 +02:00
Metasploit 1a35492634 Bump version of framework to 6.4.24 2024-08-22 03:38:31 -05:00
dwelch-r7 8d838d4d56 Land #19366, Jenkins Login Scanner improvments 2024-08-21 10:28:22 +01:00
Metasploit e4726e4f52 Bump version of framework to 6.4.23 2024-08-15 03:40:21 -05:00
adeherdt-r7 a3a24418a8 MS-9517 Jenkins Login Scanner 
Jenkins does not implement Authentication challenges.

By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.

By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.

The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
 2024-08-13 11:16:01 +02:00
Metasploit 233f6dc4d2 Bump version of framework to 6.4.22 2024-08-08 03:38:47 -05:00
Zach Goldman 29bfc1cca6 add necessary metadata for bruteforce 2024-08-06 10:02:58 -05:00
Metasploit 52fb857b99 Bump version of framework to 6.4.21 2024-08-01 03:40:03 -05:00