ed88e5397c
Merge pull request #20553 from BenoitDePaoli/fix/userpass_password_persistence
...
fix: ensure USERPASS_FILE credentials store password (set private_type)
2025-09-18 15:39:08 -04:00
c1b9cc7150
Bump version of framework to 6.4.90
2025-09-18 03:32:20 -05:00
08c43670ff
fix: ensure USERPASS_FILE credentials store password (set private_type)
2025-09-17 15:42:03 +02:00
5eecb1feac
Land #20535 , adds a test login scanner and fixes ANONYMOUS_LOGIN
...
Add a test login scanner and fix ANONYMOUS_LOGIN
2025-09-16 16:51:26 +02:00
831912a81b
Bump version of framework to 6.4.89
2025-09-12 16:38:50 -05:00
c27138a5bf
Filter for an edge case in response codes
2025-09-12 16:49:49 -04:00
d3d2950e80
Merge pull request #20537 from zeroSteiner/fix/null-cache-path
...
Check the path is set before checking the file exists
2025-09-12 05:18:37 -07:00
96a83143f1
Merge pull request #20479 from msutovsky-r7/exploit/sitecore/postauth-rce
...
Adds modules for Sitecore XP post-auth remote code executions (CVE-2025-34510, CVE-2025-34511)
2025-09-11 11:25:27 -07:00
e197f532db
Check the path is set before checking the file exists
2025-09-11 12:35:30 -04:00
afdaf4ff39
Merge pull request #20514 from dledda-r7/fix/remove-unhook-autoload
...
Removing unhook extension autoload
2025-09-11 10:45:39 -04:00
f494b9871a
Bump version of framework to 6.4.88
2025-09-11 03:32:35 -05:00
4104497498
Merge pull request #20502 from zeroSteiner/feat/refactor-pe-compiling
...
Update PE EXE Templates
2025-09-10 12:37:35 +02:00
1bd44fa485
Set the anonymous_login option
2025-09-09 13:52:47 -04:00
140232da2c
Merge pull request #20534 from h00die/persistence_lib_fixes
...
adjustments to the persistence lib and landed modules
2025-09-09 16:25:24 +02:00
c4936d1b0f
adjustments to the persistence lib and modules
2025-09-09 10:02:06 -04:00
4b97240eca
Fixes for the CredentialCollection
...
Fixes trivial bugs when combining additional_publics with user_as_pass
Fixes the fact that no nil credential is generated for additional_publics
Re-implement the each_unfiltered_password_first method (used in case of password spraying) to make all tests pass
First refactoring pass in order to dry the code that iterates on passwords and usernames
2025-09-08 13:08:02 -04:00
4ede319b0a
fix: review changes
2025-09-05 15:21:49 +02:00
55d8a3f33c
fix: adding issue reference
2025-09-04 14:36:55 +02:00
2ca14c900b
Merge pull request #20516 from adfoster-r7/fix-msfdb-init-failures-on-nixos
...
Fix msfdb init failures on NixOs
2025-09-04 12:25:18 +01:00
ce3dc123f9
Fix msfdb init failures on nixos
2025-09-04 11:41:30 +01:00
9beacd1980
Bump version of framework to 6.4.87
2025-09-04 03:32:48 -05:00
96c6a14e95
fix: removing unhook extension autoload
2025-09-03 11:22:02 -04:00
3d6993d4ba
Merge pull request #20500 from cgranleese-r7/fixes-docker-invalid-uri-error
...
Fixes database name stripping
2025-09-02 12:42:53 +01:00
fa64376c5c
Adds comments for login function
2025-09-01 15:50:21 +02:00
3af8bd97ad
Consistently use the same technique for exe-service
2025-08-28 17:39:57 -04:00
5a3195d9f6
Fixes database name stripping
2025-08-28 15:32:11 +01:00
c163cb3141
Land #20490 , adds the HTTP::Auth option to HTTP modules
...
This adds the `HTTP::Auth` Option to HTTP Modules
2025-08-28 16:13:38 +02:00
196e19808d
Add some error handling for kerberos options
2025-08-28 10:00:19 -04:00
2896b232d1
Bump version of framework to 6.4.86
2025-08-28 06:09:25 -05:00
f1dffd3ad6
Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw
...
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
2025-08-27 15:46:39 -05:00
2533ddf441
Rubocoping
2025-08-26 12:42:28 +02:00
b43b4c9f37
Updates library, addressing comments
2025-08-25 17:49:34 +02:00
c1074c138e
Move the options into the mixin
2025-08-22 16:05:12 -04:00
7fdb1e03fa
Tie in Kerberos authentication for HTTP modules
2025-08-22 15:58:18 -04:00
4e113b1768
Addresses comments, adds exception for Pretalx, modifies aux module
2025-08-22 13:59:50 +02:00
fb062075e3
Adds target, adds side effects
2025-08-21 15:21:16 +02:00
f6b9101249
Bump version of framework to 6.4.85
2025-08-21 06:36:19 -05:00
4b2ae82f87
Merge pull request #20485 from adfoster-r7/fix-ldap-schannel-supercall
...
Fix ldap schannel superclass method call
2025-08-21 11:52:53 +01:00
f3dd030574
Fix ldap schannel supercall
2025-08-21 11:28:26 +01:00
99dd2a0613
Bump version of framework to 6.4.84
2025-08-21 05:13:14 -05:00
01c09bcfed
Library fixes, refactoring exploit module
2025-08-21 09:22:21 +02:00
72dcc5a301
Library fix
2025-08-21 07:21:56 +02:00
f18b0ccf7d
Bump version of framework to 6.4.83
2025-08-20 05:44:43 -05:00
da5b20faa4
Creating lib file for shared functionality, adding more reliable check method for CVE-2025-34511, docs init
2025-08-20 10:59:22 +02:00
0557d63127
Add database ref opts for kerberos and pkcs12
2025-08-18 15:56:47 +01:00
13b3af325f
Apply the ACEs for Authenticated Users
2025-08-15 11:57:30 -04:00
c843e36402
Merge pull request #20469 from adfoster-r7/improve-kerberos-file-load-error-messages
...
Improve Kerberos file load error messages
2025-08-15 12:51:52 +01:00
bebb43f8f6
Improve kerberos file load error messages
2025-08-15 12:38:45 +01:00
487c204b52
Merge pull request #20381 from h00die/persistence_phase_1
...
Persistence libraries/Mixins
2025-08-15 12:40:55 +02:00
996b1d0632
Bump version of framework to 6.4.82
2025-08-14 16:20:34 -05:00
Spencer McIntyre