adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,134 Commits 27 Branches 1,043 Tags
e52edf447c8c15feb50331f031bf8dfe5e1bcef7
Commit Graph

3243 Commits

Author SHA1 Message Date
adfoster-r7 b281d46c2d Merge pull request #19495 from cdelafuente-r7/fix/pkinit/san_extension 
Fix crash in `Kerberos::Client::Pkinit#extract_user_and_realm` with specific SAN extension
 2024-10-16 23:10:38 +01:00
dwelch-r7 9cb3fefb40 Land #19539, Keep LDAP sessions alive 2024-10-15 11:28:08 +01:00
Diego Ledda d2b4175f49 Land #19497, add Wordpress SQLi Mixin 
Land #19497, add Wordpress SQLi Mixin
 2024-10-14 13:13:52 +02:00
Ashley Donaldson c732fed617 Feedback from code review 2024-10-11 08:22:39 +11:00
Ashley Donaldson 22cf3f05d5 Send a benign LDAP request every 10 minutes to keep sessions alive 2024-10-11 08:22:39 +11:00
Valentin Lobstein c259ce090a Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 17:22:33 +02:00
Valentin Lobstein c15f186311 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:54 +02:00
Valentin Lobstein fb35f6709a Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:44 +02:00
Valentin Lobstein 94145eafe9 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:32 +02:00
Valentin Lobstein 6c048df53f Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:23 +02:00
Valentin Lobstein de5324e160 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:13 +02:00
Valentin Lobstein 3987a761e7 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:04:01 +02:00
Valentin Lobstein 31a66d537b Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:52 +02:00
Valentin Lobstein c1521633f4 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:42 +02:00
Valentin Lobstein 8cbe572f49 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:32 +02:00
Valentin Lobstein d01e8d4dd5 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-10-09 00:03:23 +02:00
Chocapikk 05c579fd65 Add report_host, report_service and report_vuln 2024-10-03 16:12:37 +02:00
Chocapikk f52cd8ba57 Add coding: binary header 2024-09-30 13:01:25 +02:00
Chocapikk 1e95cba5f2 Randomize values 2024-09-25 18:55:26 +02:00
Valentin Lobstein 22443b53d6 Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-25 16:39:09 +02:00
Valentin Lobstein 0409d4ec9c Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-25 16:38:36 +02:00
Chocapikk a5d9a06b9a Fix with datastore['RHOST'] 2024-09-25 04:43:27 +02:00
Chocapikk 2d6862ccd4 Add recommendations 2024-09-25 03:57:17 +02:00
Chocapikk a1b4106260 Fix wordpress_sqli_get_users_credentials and rename wordpress_sqli_initialize 2024-09-25 01:57:46 +02:00
Chocapikk fa0d54eaf2 Add Metasploit::Credential::Creation to use create_credential 2024-09-25 01:00:48 +02:00
Chocapikk 3da638e37e Using dynamic prefix in table 2024-09-25 00:58:09 +02:00
Chocapikk 14f1d6a786 Add Msf::Exploit::Remote::HTTP::Wordpress::SQLi 2024-09-25 00:33:19 +02:00
Christophe De La Fuente b5107583f1 Fix crash in #extract_user_and_realm with specific san extension 2024-09-24 14:34:09 +02:00
jvoisin 9f4fa3ba67 Make lib/msf/core/exploit/remote/http/wordpress/admin.rb a tad more portable 
- Randomize the license header, based on examples from
  https://developer.wordpress.org/plugins/plugin-basics/header-requirements/,
  as plugins developers are likely copy-pasting them in their own plugins.
- Use the php_preamble/php_system_block combo instead of hardcoding
  system/base64, as `system` might not be available on some WordPress
  deployments, and the combo has some low-hanging evasions for this case.
 2024-09-17 21:53:27 +02:00
Spencer McIntyre 409b1aed45 Land #19461, Modernize NetWkstaUserEnum 
Modernize NetWkstaUserEnum in smb scanner
 2024-09-17 10:14:02 -04:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
Alex Romero 9fac88f709 Update lib/msf/core/exploit/remote/ms_wkst.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-09-17 00:32:34 +03:30
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
cgranleese-r7 720723fa9c Land #19414, Add missing constants for the Kerberos login scanner 2024-09-16 11:11:52 +01:00
NtAlexio2 92234641bc modernize enumuser_domain in smb scanner 2024-09-13 16:12:01 -04:00
dwelch-r7 9de9b525d9 Land #19432, Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-09-11 14:57:48 +01:00
Christophe De La Fuente 1b4362b6d5 Set default server_name in #send_request_tgt_pkinit 2024-09-09 18:03:15 +02:00
Chocapikk 43fabb07e5 Update doc + module + (mixin see #19444) 2024-09-08 06:56:13 +02:00
Jack Heysel 152710403d Land #19330, Add SSL opt in start_service 
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
 2024-09-05 09:08:07 -07:00
Chocapikk 37042d837e Add spip_plugin_version function to retrieve plugin version from config.txt or Composed-By header 2024-09-04 22:17:06 +02:00
Chocapikk 586cf482ce Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-08-30 20:37:32 +02:00
Dean Welch d86e85aeea Remove whitespace from spip version regex 2024-08-30 11:42:55 +01:00
Dean Welch 6532107eb4 Remove whitespace from spip version regex 2024-08-30 11:33:15 +01:00
jvoisin 2c79c3d02f Add a mixin to get SPIP version and make use of it 2024-08-28 17:17:53 +02:00
Christophe De La Fuente 19e3f29441 Add missing constants for the Kerberos login scanner & set default server_name value in the client 2024-08-23 15:01:18 +02:00
adeherdt-r7 a3a24418a8 MS-9517 Jenkins Login Scanner 
Jenkins does not implement Authentication challenges.

By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.

By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.

The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
 2024-08-13 11:16:01 +02:00
Heyder Andrade 10e4668e68 Update lib/msf/core/exploit/remote/http_server.rb 
Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com>
 2024-07-25 19:05:48 +02:00
adfoster-r7 89cf0223d1 Kerberos asrep roasting improvements 2024-07-24 18:01:11 +01:00
redwaysecurity.com dc282f5cc4 Cleanup 2024-07-19 12:38:50 +02:00
redwaysecurity.com 117c2b9298 feat: Allow explicit SSL configuration in start_service method 
The start_service method now allows users to specify their SSL preferences directly through the opts parameter. If the ssl option is not provided in opts, it will default to the value in datastore['SSL'].

This change enhances the flexibility and usability of the start_service method, preventing unintended behavior when users need to control the SSL setting explicitly.

Closes #19329
 2024-07-19 12:33:13 +02:00