fc963bd8bb
Add Proxies support to creating a session with postgres_login
2024-02-16 14:45:17 +00:00
7b56d012e8
Land #18678 , add LDAP capture capabilities
2024-02-15 22:11:04 +00:00
1d406cfc2a
Land #18809 , DNS command improvements
2024-02-14 22:12:30 +00:00
fc5a12431c
Land #18664 , Add an SMB-based fetch payload for Windows
2024-02-14 14:57:32 +01:00
d18520adc6
update rhost and rport calls
2024-02-13 13:00:38 -06:00
c05c6773df
adjust session logic in modules
2024-02-13 11:59:09 -06:00
94223f05fc
update relevant modules to work with sessions
...
separate out optional session logic
fixing session handling
2024-02-09 13:18:49 -06:00
30fc29e0f5
Use PostgreSQL session type for modules
2024-02-09 15:38:06 +00:00
11ca24e290
Specify the record type for PTR lookups
2024-02-08 11:22:33 -05:00
b060809a8d
Addresses logoff PR feedback
2024-02-07 12:51:04 +00:00
e80f0ef8cd
Removes session logic from mixins and uses client instead of datastore for rhost and rport
2024-02-06 14:11:16 +00:00
0e9cad6d45
Adds MySQL session type
2024-02-02 14:39:37 +00:00
48221e594d
Land #18704 , Leverage the module metadata cache in the module_sets
2024-02-02 14:16:46 +00:00
7ac4387d35
Land #18696 , Convert MSSQL mixin to class
2024-02-02 14:14:34 +00:00
35778e92b2
client consolidation
...
convert first module from remote to client
move client to rex
remove metasploit mixin
2024-02-01 17:23:55 -06:00
b5906418c2
Update the HashCapture mixin
...
Use #srvport instead of the datastore and pull in upstream chanes for
the metasploit-credential gem to enable use within payloads.
2024-01-29 13:35:56 -05:00
33306fa4dd
The SRVPORT is already registered
...
The SRVPORT datastore option is registered by the Remote::SMB::Server
mixin so including it here is redundant.
2024-01-29 13:35:54 -05:00
d05b85de50
Land #18680 , Shared SMB Service
...
Merge branch 'land-18680' into upstream-master
2024-01-26 14:42:11 -06:00
15d0d4f0df
Land #18663 , Add new PostgreSQL Session Type
2024-01-24 10:46:26 +00:00
1fe448f2f4
Revert remote/postgres verbosity changes
2024-01-22 14:27:38 +00:00
391bc4e69e
shuffle platform parsing and code quality
2024-01-19 14:30:34 +00:00
fbdb025542
Notify user on failed Postgres connection
2024-01-19 10:29:44 +00:00
a4305f0ca0
Allow PostgreSQL lib to use session client
2024-01-19 10:29:44 +00:00
b8aa55c322
Land #18633 , WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553)
2024-01-17 18:42:52 +01:00
2cf045d3c4
Leverage the module metadata cache in the module_sets
2024-01-15 14:56:46 +00:00
5e25a99700
Responded to comments
2024-01-12 13:08:32 -05:00
43f4705e60
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-09 12:37:59 -05:00
024bdaec6d
Add a proper rex-based service for the SMB server
2024-01-08 16:54:22 -05:00
b10e8d566b
Initial Rex SMB service to allow sharing
2024-01-05 17:18:08 -05:00
e3062d45e0
Module working docs updated
2023-12-20 16:41:52 -05:00
45d2c7f4e0
Land #18566 , CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE
2023-12-18 18:51:36 +01:00
5d5ccd25e1
Removed unnecssary files
2023-12-15 10:46:23 -05:00
ef178298b2
Update lib/msf/core/exploit/remote/http/atlassian/confluence/version.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-12-14 11:55:30 -05:00
5f396245f2
Land #18539 , Add Smb session type
2023-12-12 11:45:19 +00:00
603e5b2bff
Land #18569 , Add a module to perform ASREP-roasts
...
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
2023-12-11 19:58:06 -05:00
862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
16dd06bbac
Added payload plugin mixin
2023-12-11 18:24:13 -05:00
9f126a4d24
Land #18446 , Make DomainControllerRhost optional
...
This PR makes the DomainControllerRhosts option optional,
even when auth is set to kerberos. This change requires
rapid7/rex-socket#64 which was released in the rex-socket 1.5.5 gem.
2023-12-05 17:47:45 -05:00
f000c39b4a
Update to mark DomainControllerRhost as optional
2023-12-05 16:23:35 -05:00
cd8cc75cf3
Add smb session type
2023-12-04 17:55:11 +00:00
e6321e46c4
Land #18565 , Add kerberos cache TGT lookup logic
...
This PR adds an enhancement to adjust the cache lookup logic.
If no TGT for the specific host is found, it will try again but
with any host.
2023-11-28 12:00:48 -05:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
2ea1f43f12
Unit test for new kerberos client pre-auth behaviour
2023-11-27 17:10:19 +11:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
2ead152173
Add specific module to perform ASREP-roasting
2023-11-24 07:43:49 +11:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
8d4ae4bc78
Check the cache for a TGT without a host
...
This fixes allows forged golden tickets to be reused from the cache
2023-11-21 14:19:47 -05:00
1b4099f5a3
Copy across some more properties from the PAC
2023-11-21 13:51:05 +11:00
45a5c62308
Fix diamond tickets
2023-11-20 10:11:38 +11:00
sjanusz-r7