bbf17c167c
Land #17511 , add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel
2023-01-31 14:05:19 +00:00
433099e539
Land #17563 , modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations
2023-01-30 22:16:41 +00:00
902eaa2562
Add new queries and attributes for ldap_query
2023-01-30 16:24:23 -05:00
c68ab9b77f
Add Metasploit prompt color highlighting to docs
2023-01-28 22:43:33 +00:00
e11aaa8027
modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations
2023-01-28 15:02:24 +11:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
2d30909a2f
Change option name namespacing convention
2023-01-26 16:17:50 +00:00
f81195d0cc
Fix a typo
2023-01-25 13:45:18 -05:00
4f574d141a
Land #17533 , Combine pkinit_login with get_ticket
2023-01-25 15:43:12 +00:00
c7ba117fed
Land #17534 , Update kerberos cipher negotiattion
...
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 10:19:40 -05:00
dbe9ee3a77
Update documentation
2023-01-25 08:39:52 -05:00
a5e2c5b3b7
Unify pkinit_login with get_ticket
2023-01-25 08:36:26 -05:00
4c50456b6a
Update docs to support links with anchors
2023-01-25 12:16:15 +00:00
d18beb486d
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 00:27:00 +00:00
153af9fb68
Land #17407 , add Cacti unauth command injection
2023-01-23 13:06:46 -06:00
6fe0933c1e
Add exploit for CVE-2022-44877
2023-01-20 09:04:24 -05:00
4c17b93ca8
Update get ticket module to use aes_key and username convention
2023-01-20 10:47:35 +00:00
1e94adc3ab
Land #17479 , Wordpress paid membership pro unauthenticated sqli (CVE-2023-23488)
2023-01-19 15:36:00 +01:00
82fe7120d4
Update ADCS to be AD CS so we have appropriate spelling
2023-01-18 17:07:48 -06:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
2072111713
Fix from code review & some improvments
...
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
2023-01-18 19:28:06 +01:00
c55fcb6ca6
Add additional kerberos documentation
2023-01-18 16:58:34 +00:00
607dd9f081
Land #17348 , New exploit for CVE-2022-46770 Mirage firewall DoS
...
Merge branch 'land-17348' into upstream-master
2023-01-17 16:52:38 -06:00
7e23c34e6c
Apply fixes per code review
2023-01-17 12:44:22 -06:00
da3ae22135
added documentation
2023-01-17 12:44:20 -06:00
1888264d4d
wordpress paid membership pro
2023-01-14 08:34:10 -05:00
0ac4d3d2e6
doc how to set permissions on service
2023-01-13 17:07:17 -05:00
3ddcf73c2b
Remove the QUICK option altogether
...
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.
Also all files are registered for cleanup.
2023-01-13 17:06:42 -05:00
90a12cf3b0
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
c52eb09cbb
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
eddac9321c
Merge 6.2.36 master into kerberos feature branch
2023-01-13 17:31:02 +00:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
29968fb76e
Land #17337 , Gather Dbeaver Password
2023-01-12 16:06:00 +01:00
f9b1c17c39
Fix exception handler logic and small improvements
2023-01-11 20:00:09 +01:00
ada6e73af6
Land #17341 , MinIO_Client Post Exploitation Credential Gatherer
2023-01-11 15:36:23 +01:00
6738ca2c43
Support multiple platforms
2023-01-11 18:04:29 +08:00
6f7d7bcd1c
Land #17394 , Add ticket converter docs
2023-01-11 02:11:59 +00:00
6ef38e305f
Support multiple platforms
2023-01-10 15:01:55 +08:00
a14af52146
Update documentation/modules/post/windows/gather/credentials/minio_client.md
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-01-10 09:19:58 +08:00
b72bfec033
Update documentation/modules/post/windows/gather/credentials/minio_client.md
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-01-10 09:17:40 +08:00
ca0a57124b
Add qubes_mirage_firewall_dos module documentation
2023-01-09 13:27:35 -06:00
9dce44f195
Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module
...
Move debug ticket to new module
2023-01-06 11:35:18 -06:00
d69564f3df
Minor update to merge output and example together.
2023-01-06 10:15:16 -06:00
2de3477eb0
Add msfconsole examples
2023-01-05 17:02:23 +00:00
a18efb7882
Improve description and error messages
2023-01-05 14:24:08 +00:00
5eae5068cc
update
2023-01-05 20:56:06 +08:00
f39973de86
Fix up missing option in documentation and also add some additional validation on server response.
2023-01-04 17:02:05 -06:00
c7b59b4815
updates based on gwillcox-r7 review comments
2023-01-04 17:02:04 -06:00
6801cbd21e
updated Limitation section
2023-01-04 17:02:03 -06:00
fc6acdab6a
added documentation
2023-01-04 17:01:59 -06:00
adfoster-r7