fc963bd8bb
Add Proxies support to creating a session with postgres_login
2024-02-16 14:45:17 +00:00
7b56d012e8
Land #18678 , add LDAP capture capabilities
2024-02-15 22:11:04 +00:00
1d406cfc2a
Land #18809 , DNS command improvements
2024-02-14 22:12:30 +00:00
fc5a12431c
Land #18664 , Add an SMB-based fetch payload for Windows
2024-02-14 14:57:32 +01:00
d18520adc6
update rhost and rport calls
2024-02-13 13:00:38 -06:00
c05c6773df
adjust session logic in modules
2024-02-13 11:59:09 -06:00
94223f05fc
update relevant modules to work with sessions
...
separate out optional session logic
fixing session handling
2024-02-09 13:18:49 -06:00
30fc29e0f5
Use PostgreSQL session type for modules
2024-02-09 15:38:06 +00:00
11ca24e290
Specify the record type for PTR lookups
2024-02-08 11:22:33 -05:00
b060809a8d
Addresses logoff PR feedback
2024-02-07 12:51:04 +00:00
e80f0ef8cd
Removes session logic from mixins and uses client instead of datastore for rhost and rport
2024-02-06 14:11:16 +00:00
0e9cad6d45
Adds MySQL session type
2024-02-02 14:39:37 +00:00
48221e594d
Land #18704 , Leverage the module metadata cache in the module_sets
2024-02-02 14:16:46 +00:00
7ac4387d35
Land #18696 , Convert MSSQL mixin to class
2024-02-02 14:14:34 +00:00
35778e92b2
client consolidation
...
convert first module from remote to client
move client to rex
remove metasploit mixin
2024-02-01 17:23:55 -06:00
b5906418c2
Update the HashCapture mixin
...
Use #srvport instead of the datastore and pull in upstream chanes for
the metasploit-credential gem to enable use within payloads.
2024-01-29 13:35:56 -05:00
33306fa4dd
The SRVPORT is already registered
...
The SRVPORT datastore option is registered by the Remote::SMB::Server
mixin so including it here is redundant.
2024-01-29 13:35:54 -05:00
d05b85de50
Land #18680 , Shared SMB Service
...
Merge branch 'land-18680' into upstream-master
2024-01-26 14:42:11 -06:00
15d0d4f0df
Land #18663 , Add new PostgreSQL Session Type
2024-01-24 10:46:26 +00:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
1fe448f2f4
Revert remote/postgres verbosity changes
2024-01-22 14:27:38 +00:00
391bc4e69e
shuffle platform parsing and code quality
2024-01-19 14:30:34 +00:00
fbdb025542
Notify user on failed Postgres connection
2024-01-19 10:29:44 +00:00
a4305f0ca0
Allow PostgreSQL lib to use session client
2024-01-19 10:29:44 +00:00
b8aa55c322
Land #18633 , WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553)
2024-01-17 18:42:52 +01:00
a8d46b3e7a
Land #18627 , Ansible: post gather module, payload deployer, and file reader
2024-01-17 15:26:25 +01:00
6dec82ec24
Remove exec.nil? statement
2024-01-17 15:06:15 +01:00
56a9beb39d
ansible review
2024-01-15 17:18:49 -05:00
2cf045d3c4
Leverage the module metadata cache in the module_sets
2024-01-15 14:56:46 +00:00
5e25a99700
Responded to comments
2024-01-12 13:08:32 -05:00
b031311892
ansible review
2024-01-10 17:29:15 -05:00
e711c9ea43
ansible review
2024-01-10 17:16:57 -05:00
43f4705e60
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-09 12:37:59 -05:00
024bdaec6d
Add a proper rex-based service for the SMB server
2024-01-08 16:54:22 -05:00
b10e8d566b
Initial Rex SMB service to allow sharing
2024-01-05 17:18:08 -05:00
47a58bda3b
saltstack library rubocop and comments
2023-12-24 11:54:22 -05:00
357bdc8c10
ansible post library
2023-12-24 11:49:27 -05:00
b654275ec4
add saltstack lib
2023-12-23 13:52:52 -05:00
e3062d45e0
Module working docs updated
2023-12-20 16:41:52 -05:00
45d2c7f4e0
Land #18566 , CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE
2023-12-18 18:51:36 +01:00
5d5ccd25e1
Removed unnecssary files
2023-12-15 10:46:23 -05:00
ef178298b2
Update lib/msf/core/exploit/remote/http/atlassian/confluence/version.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-12-14 11:55:30 -05:00
5f396245f2
Land #18539 , Add Smb session type
2023-12-12 11:45:19 +00:00
603e5b2bff
Land #18569 , Add a module to perform ASREP-roasts
...
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
2023-12-11 19:58:06 -05:00
862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
16dd06bbac
Added payload plugin mixin
2023-12-11 18:24:13 -05:00
9f126a4d24
Land #18446 , Make DomainControllerRhost optional
...
This PR makes the DomainControllerRhosts option optional,
even when auth is set to kerberos. This change requires
rapid7/rex-socket#64 which was released in the rex-socket 1.5.5 gem.
2023-12-05 17:47:45 -05:00
f000c39b4a
Update to mark DomainControllerRhost as optional
2023-12-05 16:23:35 -05:00
cd8cc75cf3
Add smb session type
2023-12-04 17:55:11 +00:00
e6321e46c4
Land #18565 , Add kerberos cache TGT lookup logic
...
This PR adds an enhancement to adjust the cache lookup logic.
If no TGT for the specific host is found, it will try again but
with any host.
2023-11-28 12:00:48 -05:00
sjanusz-r7