e6354f3452
Revert "Report more vulns when importing acunetix XML file"
2026-02-20 17:32:42 +00:00
7251d88419
Merge pull request #20969 from sjanusz-r7/report-more-acunetix-vulns
...
Report more vulns when importing acunetix XML file
2026-02-13 15:26:40 +00:00
8b58c62375
Merge pull request #20807 from webbsssss/fix/acunetix-vulnerability-import
...
Fix #17932 : Allow Acunetix vulnerabilities to be imported without complete web_page data
2026-02-13 15:25:54 +00:00
f741d568b4
Report more vulns when importing acunetix XML file
2026-02-13 14:55:13 +00:00
93b0c3004f
removed: the mixin's String16 class to stop BinData registry collisions and reverted: MsTdsLogin7 to its original :string16
2026-01-26 23:00:52 +05:30
82bae54abe
ensured: MsTdsLogin7 UTF-18 fields use RubySMB String16
2026-01-25 10:59:02 +05:30
eb49dade6f
Merge pull request #20755 from rudraditya21/feature/kerberos-clock-skew
...
Added: Option to adjust kerberos clock
2026-01-19 10:00:54 -08:00
36827c486d
Add more specific error messages
2026-01-15 18:20:36 -05:00
658c251b66
Merge pull request #20472 from jheysel-r7/feat/mod/badsuccessor
...
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 15:43:35 -05:00
c1023fd62a
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 12:34:45 -08:00
166c8b75d2
updated: error message
2026-01-09 22:29:22 +05:30
61004db2be
Merge pull request #20370 from msutovsky-r7/fix/smb_login_crash
...
Fixes smb_login crash
2026-01-06 10:34:23 +00:00
3fc047db5d
fix: Allow Acunetix vulnerabilities to be imported without complete web_page data ( #17932 )
2025-12-24 22:47:37 +05:30
c49a376280
added: Option to adjust kerberos clock (issue-> #20587 )
...
- Added KrbClockSkew advanced option and parser to offset Kerberos timestamps
- Propagate skew through Kerberos client/authenticators (LDAP/SMB/HTTP/WinRM/MSSQL) and scanners
- Updated docs for new option and extended kerberos client specs for clock skew handling
- Clean up kerberos client error handling/style per rubocop
2025-12-08 01:47:51 +05:30
66a4aba1ad
Remove the old MS-TDS SSL Proxy code
2025-12-02 16:10:07 -05:00
9c1f545562
Initialize the info for web sockets
2025-12-02 16:10:07 -05:00
d4ba707fa5
Add the new encrypted MsTds channel
2025-12-02 16:10:06 -05:00
dcd3a62e88
Switch to the new fiber relay manager
2025-12-02 16:09:58 -05:00
20fcecc963
Adds exception raising
2025-11-28 12:40:23 +01:00
4a012dd06a
Merge pull request #20637 from zeroSteiner/feat/mod/smb-to-mssql
...
Add an SMB to MSSQL NTLM Relay module
2025-11-24 09:17:45 -08:00
ebc70000ce
Support auto authentication for MSSQL
2025-11-19 17:11:34 -05:00
147cf9bc82
fix: include stdapi/stdapi in namespaced extensions
2025-11-13 10:51:04 -05:00
b2d1095d22
Fix oracle login crash
2025-10-23 10:30:57 +01:00
c2ccac414d
Remove the USE_WINDOWS_AUTHENT option
...
It's redundant with the Mssql::Auth option which is an enum and supports
all the authentication mechanisms. This eliminates the ambiguity between
the meaning and precedence of the options.
2025-10-21 11:20:51 -04:00
7bfa17eb24
Update the kerberos login method too
2025-10-16 16:29:19 -04:00
1cc412d95b
Use the new Login7 for plain SQL login too
2025-10-16 16:29:19 -04:00
609537d845
Finish the Login7 definition
2025-10-16 16:29:19 -04:00
581b938772
Add some MsTds definitions
2025-10-16 16:29:19 -04:00
0996cee71d
Refactor the login method to make it smaller
2025-10-16 16:29:19 -04:00
10d1f53692
Merge pull request #19975 from dledda-r7/feat/split-stdapi
...
Split Stdapi
2025-10-08 13:00:04 -05:00
7d8aa260e4
fix: better extension suggestion with an unknown command
2025-10-07 09:53:02 -04:00
763f631852
fix: better loading check for split-stdapi
2025-10-06 08:40:09 -04:00
35fe047a6e
chore: stdapi extensions fix comments, and format
2025-10-06 07:29:32 -04:00
381ed892fa
chore: stdapi command dispatcher fix comments, and format
2025-10-06 06:48:12 -04:00
a1ab9b8ca9
Update lib/rex/post/meterpreter/extensions/stdapi_audio/stdapi_audio.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2025-10-06 10:31:54 +02:00
69ebefec13
Update lib/rex/post/meterpreter/client_core.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2025-10-06 10:30:45 +02:00
650ee9f6f1
Update lib/rex/payloads/meterpreter/config.rb
2025-10-06 10:10:05 +02:00
5f2adab0e7
fix: updated stdapi loading logic
2025-10-03 09:53:50 -04:00
889941487b
fix: fix logic for split stdapi loading
2025-09-26 09:43:20 -04:00
dd802fa8a6
fix: fix mettle stdapi split regression
2025-09-26 06:54:24 -04:00
196e19808d
Add some error handling for kerberos options
2025-08-28 10:00:19 -04:00
7fdb1e03fa
Tie in Kerberos authentication for HTTP modules
2025-08-22 15:58:18 -04:00
53ce08ef6e
feat: add stdapi_webcam extension
2025-08-21 07:13:36 -04:00
0206663565
feat: add stdapi_ui extension
2025-08-21 07:13:36 -04:00
02995f2f7d
feat: add stdapi_railgun extension
2025-08-21 07:13:35 -04:00
809599a7d6
feat: add stdapi_audio extension
2025-08-21 07:13:35 -04:00
94cc3d0a29
feat: add stdapi_sys extension
2025-08-21 07:13:34 -04:00
44efeffef1
fix: removing duplicate dispatchers stdapi_fs and stdapi_net
2025-08-21 07:13:34 -04:00
2af25bb294
fix: disable already loaded commands to allow multiple stdapi loading
2025-08-21 07:13:34 -04:00
a265deb37e
fix: stdapi_net correct wrapped object alias
2025-08-21 07:13:33 -04:00
Simon Janusz