adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,385 Commits 27 Branches 1,043 Tags
e752e1dbca64efd211e68763a66d19ac22d55fbf
Commit Graph

5436 Commits

Author SHA1 Message Date
adfoster-r7 6870efc34a Land #17426, Update all references to old Wiki to point to new docs site 2023-02-01 23:49:20 +00:00
Jack Heysel c90a6f9068 Land #17406, veeam_credential_dump post module 
Veeam Backup & Recovery and Veeam ONE Monitor credential
capture post module for versions 9.x and 11.x.
 2023-02-01 17:29:05 -05:00
h00die 5a374533af cve-2022-1043 2023-01-31 16:02:25 -05:00
h00die 8d58eb6279 cve-2022-1043 2023-01-31 16:02:25 -05:00
Jack Heysel 022760d24a Land #17300, linux LPE cve-2022-22942 module 
This PR adds a linux priv esc against VMWare virtual machines
 with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
 2023-01-31 14:07:55 -05:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
adfoster-r7 433099e539 Land #17563, modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-30 22:16:41 +00:00
Spencer McIntyre 902eaa2562 Add new queries and attributes for ldap_query 2023-01-30 16:24:23 -05:00
adfoster-r7 c68ab9b77f Add Metasploit prompt color highlighting to docs 2023-01-28 22:43:33 +00:00
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
Grant Willcox 6043d0ffba Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
adfoster-r7 2d30909a2f Change option name namespacing convention 2023-01-26 16:17:50 +00:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00
dwelch-r7 4f574d141a Land #17533, Combine pkinit_login with get_ticket 2023-01-25 15:43:12 +00:00
Spencer McIntyre c7ba117fed Land #17534, Update kerberos cipher negotiattion 
Update kerberos to negotiate rc4 if aes256 is disabled
 2023-01-25 10:19:40 -05:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00
adfoster-r7 4c50456b6a Update docs to support links with anchors 2023-01-25 12:16:15 +00:00
adfoster-r7 d18beb486d Update kerberos to negotiate rc4 if aes256 is disabled 2023-01-25 00:27:00 +00:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
Spencer McIntyre 6fe0933c1e Add exploit for CVE-2022-44877 2023-01-20 09:04:24 -05:00
adfoster-r7 4c17b93ca8 Update get ticket module to use aes_key and username convention 2023-01-20 10:47:35 +00:00
Christophe De La Fuente 1e94adc3ab Land #17479, Wordpress paid membership pro unauthenticated sqli (CVE-2023-23488) 2023-01-19 15:36:00 +01:00
Grant Willcox 82fe7120d4 Update ADCS to be AD CS so we have appropriate spelling 2023-01-18 17:07:48 -06:00
Spencer McIntyre ebfcfd4cb9 Land #17066, Add module for Certifried 
Add exploit module for Certifried exploit
 2023-01-18 14:51:03 -05:00
npm-cesium137-io 8ed4f59c60 veeam_credential_dump refinement 
Fixed stupid typo in markdown.

Fixed a bug in the export code that prevented the disposition column
from being exported.
 2023-01-18 14:27:28 -05:00
Christophe De La Fuente 2072111713 Fix from code review & some improvments 
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
 2023-01-18 19:28:06 +01:00
adfoster-r7 c55fcb6ca6 Add additional kerberos documentation 2023-01-18 16:58:34 +00:00
bwatters 607dd9f081 Land #17348, New exploit for CVE-2022-46770 Mirage firewall DoS 
Merge branch 'land-17348' into upstream-master
 2023-01-17 16:52:38 -06:00
h00die be7ca91a8f cve-2022-22942 2023-01-17 15:30:36 -05:00
Grant Willcox 7e23c34e6c Apply fixes per code review 2023-01-17 12:44:22 -06:00
h00die-gr3y da3ae22135 added documentation 2023-01-17 12:44:20 -06:00
h00die 1888264d4d wordpress paid membership pro 2023-01-14 08:34:10 -05:00
h00die 0ac4d3d2e6 doc how to set permissions on service 2023-01-13 17:07:17 -05:00
Spencer McIntyre 3ddcf73c2b Remove the QUICK option altogether 
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.

Also all files are registered for cleanup.
 2023-01-13 17:06:42 -05:00
h00die 90a12cf3b0 unquoted service path tweaks 2023-01-13 17:06:42 -05:00
h00die c52eb09cbb unquoted service path tweaks 2023-01-13 17:06:42 -05:00
adfoster-r7 eddac9321c Merge 6.2.36 master into kerberos feature branch 2023-01-13 17:31:02 +00:00
Christophe De La Fuente 3d22fbcad9 Add exploit module for Certifried exploit 
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
  to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
  to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
 2023-01-13 15:30:50 +01:00
Christophe De La Fuente 29968fb76e Land #17337, Gather Dbeaver Password 2023-01-12 16:06:00 +01:00
Christophe De La Fuente f9b1c17c39 Fix exception handler logic and small improvements 2023-01-11 20:00:09 +01:00
Christophe De La Fuente ada6e73af6 Land #17341, MinIO_Client Post Exploitation Credential Gatherer 2023-01-11 15:36:23 +01:00
cn-kali-team 6738ca2c43 Support multiple platforms 2023-01-11 18:04:29 +08:00
adfoster-r7 6f7d7bcd1c Land #17394, Add ticket converter docs 2023-01-11 02:11:59 +00:00
cn-kali-team 6ef38e305f Support multiple platforms 2023-01-10 15:01:55 +08:00
三米前有蕉皮 a14af52146 Update documentation/modules/post/windows/gather/credentials/minio_client.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-01-10 09:19:58 +08:00
三米前有蕉皮 b72bfec033 Update documentation/modules/post/windows/gather/credentials/minio_client.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-01-10 09:17:40 +08:00
npm-cesium137-io 499d1ccfd7 Refactor veeam_credential_dump 
Changed the SQL queries for DB dump to explicit VARCHAR(4096) to get
around sqlcmd's 256-char column limit.

Refactored the BATCH_DPAPI functionality because I can't seem to let
this pattern go: now actually batches with byte threshold set by
advanced option.

Reduced clutter and redundancy.

Various tweaks and bug fixes.

Updated documentation.
 2023-01-09 16:31:44 -05:00
Krzysztof Burghardt ca0a57124b Add qubes_mirage_firewall_dos module documentation 2023-01-09 13:27:35 -06:00