3bc4639235
Add nthashes to keytab export
2023-03-08 18:03:44 +00:00
252012f48d
Land #17675 , Add support for forging inter-realm Kerberos tickets
2023-03-03 14:17:48 +00:00
efd79eb638
Add support for forging inter-realm Kerberos tickets
2023-03-03 13:20:39 +00:00
0047ce5d3a
Add rbcd exploitation documentation to docs site
2023-03-03 13:18:29 +00:00
f6bfa6a61b
Add in SCHANNEL support, and update modules to fix a hang when using to_json instead of get_operation_result.
2023-02-24 13:50:04 -06:00
6e9b33dc88
Run rubocop on auxiliary admin http modules
2023-02-08 14:30:08 +00:00
433bafdccf
Add missing module notes for stability reliability and side effects
2023-02-08 11:45:17 +00:00
647cf1d402
Return Time from #extract_logon_time
2023-01-27 10:05:02 -05:00
f4976a0f9f
Fix the logon_time in the MS14-068 exploit
2023-01-26 16:16:55 -05:00
2d30909a2f
Change option name namespacing convention
2023-01-26 16:17:50 +00:00
2da5d8ea43
Catch exceptions in inspect_ticket
2023-01-26 09:21:55 -05:00
3d003ff14c
Land #17540 , Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried
2023-01-25 18:39:20 +00:00
5b473e4ede
Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried
2023-01-25 18:22:54 +00:00
21f33296b7
Consolidate PKINIT hash extraction code
2023-01-25 12:16:42 -05:00
44d8304beb
Report the PKCS12 error message
2023-01-25 10:02:37 -05:00
dbe9ee3a77
Update documentation
2023-01-25 08:39:52 -05:00
a5e2c5b3b7
Unify pkinit_login with get_ticket
2023-01-25 08:36:26 -05:00
785e2caa9f
Refactor #send_request_tgt_pkinit, clarify docs
2023-01-25 08:36:26 -05:00
9babcf3564
Add conditions to forge ticket
2023-01-24 13:28:10 +00:00
4c17b93ca8
Update get ticket module to use aes_key and username convention
2023-01-20 10:47:35 +00:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
2072111713
Fix from code review & some improvments
...
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
2023-01-18 19:28:06 +01:00
a28666d3c5
Add additional datastore validation to forge ticket
2023-01-18 10:46:32 +00:00
365b71d60f
Land #17471 , Update get_ticket cache logic
...
Update kerberos get_ticket cache logic
2023-01-17 18:49:08 -05:00
5ed2fe9ad2
Update kerberos get_ticket cache logic
2023-01-17 00:32:18 +00:00
1470396f95
Refactor key validation for inspect_ticket and add module tests
2023-01-13 17:42:32 +00:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
2f145769da
Actually, offered_etypes needs to be an array
2023-01-11 17:08:27 -05:00
a4a5162b92
Remove the etype option in favor of offered_etypes
2023-01-11 10:17:52 -05:00
9dce44f195
Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module
...
Move debug ticket to new module
2023-01-06 11:35:18 -06:00
a18efb7882
Improve description and error messages
2023-01-05 14:24:08 +00:00
a8957bce49
Update tgt response to include key
2022-12-30 13:41:54 +00:00
b2edf1108a
Fix a NameError in pkinit_login
2022-12-16 14:54:46 -05:00
fea259f6e7
Switch everything to use the ticket storage
2022-12-15 18:31:14 -05:00
b2a4bea761
Breakout the ticket storage backend drivers
2022-12-15 18:29:00 -05:00
686b946c5b
Use a new TicketStorage class
...
The goal is to provide an abstraction for how Kerberos tickets are
persisted to disk.
2022-12-15 18:28:54 -05:00
5f52ebeea7
Consolidate the loot_info UID string
2022-12-15 18:26:32 -05:00
cf332a2b20
Move DEBUG_TICKET action from forge ticket to it's own module inspect_ticket
2022-12-15 13:42:30 +00:00
2783e92203
Update windows_secrets_dump and Keytab module to export kerberos keys
2022-12-14 13:40:39 +00:00
a9ccfe31b7
Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch
2022-12-13 19:40:39 +00:00
a80db73bab
Land #17325 , add impersonation for get_ticket
...
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
2022-12-12 09:10:37 -05:00
1e2ada3cce
Add options validation depending on action in forge_ticket.rb
2022-12-06 12:55:42 +00:00
405271a52f
Add pac BinData Model
2022-12-05 14:03:21 +00:00
c6f8bae1ab
Fix from code review and updates the KrbUseCachedCredentials logic
2022-12-02 15:28:08 +01:00
cc61a26668
Add S4U2Self and S4U2Proxy support to impersonate a user
2022-12-01 20:42:13 +01:00
34d1b5b37e
Fix crash in kerberos get ticket module
2022-11-29 10:17:21 +00:00
abe0549db6
Land #17226 , Module to request TGT/TGS tickets
...
Module to request TGT/TGS Kerberos tickets from the KDC
2022-11-28 11:59:17 -05:00
5280580c08
Fixes from code review
2022-11-18 11:02:32 +01:00
f4a65a220a
Support ON_BEHALF_OF in icpr_cert
...
Add the code necessary to request certificates on behalf of other users.
This is necessary to exploit templates vulnerable to ESC2 and ESC3.
2022-11-17 12:12:35 -05:00
eff9a16e00
Use the access mask data type
...
Also switch from bit16 to uint16 so it's little endian.
2022-11-14 12:27:38 -05:00
adfoster-r7