902eaa2562
Add new queries and attributes for ldap_query
2023-01-30 16:24:23 -05:00
c68ab9b77f
Add Metasploit prompt color highlighting to docs
2023-01-28 22:43:33 +00:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
2d30909a2f
Change option name namespacing convention
2023-01-26 16:17:50 +00:00
4f574d141a
Land #17533 , Combine pkinit_login with get_ticket
2023-01-25 15:43:12 +00:00
c7ba117fed
Land #17534 , Update kerberos cipher negotiattion
...
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 10:19:40 -05:00
dbe9ee3a77
Update documentation
2023-01-25 08:39:52 -05:00
a5e2c5b3b7
Unify pkinit_login with get_ticket
2023-01-25 08:36:26 -05:00
4c50456b6a
Update docs to support links with anchors
2023-01-25 12:16:15 +00:00
d18beb486d
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 00:27:00 +00:00
4c17b93ca8
Update get ticket module to use aes_key and username convention
2023-01-20 10:47:35 +00:00
1e94adc3ab
Land #17479 , Wordpress paid membership pro unauthenticated sqli (CVE-2023-23488)
2023-01-19 15:36:00 +01:00
82fe7120d4
Update ADCS to be AD CS so we have appropriate spelling
2023-01-18 17:07:48 -06:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
2072111713
Fix from code review & some improvments
...
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
2023-01-18 19:28:06 +01:00
c55fcb6ca6
Add additional kerberos documentation
2023-01-18 16:58:34 +00:00
1888264d4d
wordpress paid membership pro
2023-01-14 08:34:10 -05:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
6f7d7bcd1c
Land #17394 , Add ticket converter docs
2023-01-11 02:11:59 +00:00
ca0a57124b
Add qubes_mirage_firewall_dos module documentation
2023-01-09 13:27:35 -06:00
9dce44f195
Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module
...
Move debug ticket to new module
2023-01-06 11:35:18 -06:00
d69564f3df
Minor update to merge output and example together.
2023-01-06 10:15:16 -06:00
2de3477eb0
Add msfconsole examples
2023-01-05 17:02:23 +00:00
a18efb7882
Improve description and error messages
2023-01-05 14:24:08 +00:00
e99c406355
Merge pull request #17434 from dwelch-r7/fix-typo-keytab-docs
...
Fix keytab docs typo
2023-01-04 11:13:44 -06:00
cb95d92201
Fix keytab docs typo
2023-01-04 15:39:59 +00:00
95d361754f
Merge branch 'upstream-master' into merge-6.2.33-master-into-kerberos-feature-branch
2022-12-28 13:59:42 +00:00
4e1e85f8ad
Add ticket converter docs
2022-12-16 13:53:05 +00:00
cf332a2b20
Move DEBUG_TICKET action from forge ticket to it's own module inspect_ticket
2022-12-15 13:42:30 +00:00
2783e92203
Update windows_secrets_dump and Keytab module to export kerberos keys
2022-12-14 13:40:39 +00:00
abcf4606a8
Land #17360 , document the kerberos forge_ticket DEBUG_TICKET action
2022-12-14 13:37:34 +00:00
a9ccfe31b7
Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch
2022-12-13 19:40:39 +00:00
4aaf540364
Add modules docs for TICKET_DEBUG
2022-12-12 13:39:09 +00:00
771b7c58f9
change brute-forcer
2022-12-09 12:33:13 +01:00
005d43f7d1
Merge branch 'rapid7:master' into syncovery_craftable_token
2022-12-09 09:34:42 +01:00
d48319a867
Land #17242 , Add Gather Module for WP BookingPress Plugin unauth SQLi (CVE-2022-0739)
2022-12-05 15:04:31 -06:00
cb68c255bb
Fix up issues from review
2022-12-05 14:17:43 -06:00
1fec75621c
Fix up documentation from review
2022-12-05 14:04:22 -06:00
f29b4fad75
Add Gather Module for WP BookingPress Plugin SQLi (CVE-2022-0739)
2022-12-05 14:04:03 -06:00
6e7d4edf02
Land #16990 , Syncovery for Linux - Login brute-force utility
2022-12-05 14:39:29 +01:00
c6f8bae1ab
Fix from code review and updates the KrbUseCachedCredentials logic
2022-12-02 15:28:08 +01:00
b32ec581d8
apply suggestions
2022-12-02 10:33:25 +01:00
69e08094cd
Update documentation
2022-12-01 21:23:25 +01:00
abe0549db6
Land #17226 , Module to request TGT/TGS tickets
...
Module to request TGT/TGS Kerberos tickets from the KDC
2022-11-28 11:59:17 -05:00
5280580c08
Fixes from code review
2022-11-18 11:02:32 +01:00
b2f6f0c792
Update the module docs for ESC2 and ESC3
2022-11-17 12:12:35 -05:00
f4a65a220a
Support ON_BEHALF_OF in icpr_cert
...
Add the code necessary to request certificates on behalf of other users.
This is necessary to exploit templates vulnerable to ESC2 and ESC3.
2022-11-17 12:12:35 -05:00
65f6aaca82
Land #17077 , Add support for AES keys for silver/golden ticket forging
2022-11-09 16:51:11 +00:00
23ff829e52
Add support for AES keys for silver/golden ticket forging
2022-11-09 13:01:13 +00:00
37fd441b0f
Land #17117 , Authenticate to Kerberos with PKINIT
2022-11-08 18:54:03 +01:00
Spencer McIntyre