5076518fe4
Land #17559 , add support for Ruby 3.2
2023-01-31 13:45:51 +00:00
fb196cb378
Testing Ruby 3.2 against CI
2023-01-31 13:19:06 +00:00
647cf1d402
Return Time from #extract_logon_time
2023-01-27 10:05:02 -05:00
dc6c1e333b
Land #17553 , Framework 6.3.0
2023-01-26 13:30:27 -06:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
ab60df7cda
Land #17519 , improve SMTP delivery error handling
2023-01-26 17:02:02 +00:00
4254276c26
Land #17531 , Change kerberos option name namespacing convention to ::
2023-01-26 16:29:11 +00:00
1b34e5923f
Land #17551 , Fix issue on nil kerberos username
...
Fix force encoding issue on nil kerberos username
2023-01-26 11:23:05 -05:00
2d30909a2f
Change option name namespacing convention
2023-01-26 16:17:50 +00:00
a2aef99bb2
Fix force encoding issue on nil kerberos username
2023-01-26 15:25:49 +00:00
992883b1a6
Remove KRB5CCNAME env on bootup
2023-01-26 12:09:55 +00:00
d5781ed021
Land #17532 , Fix bad DN discovery code and fix bug with querying schema data
2023-01-26 10:43:13 +00:00
2a73ac01e0
Land #17544 , Fix ticket cache client metadata
2023-01-25 21:58:36 +00:00
71aa4bdace
Update ldap_query with find_schema_dn function to find the schema DN which may not be the same as the base DN so we can query security attributes of entries
2023-01-25 15:19:29 -06:00
086e2f1b05
FIx ticket cache client metadata
2023-01-25 20:17:51 +00:00
21f33296b7
Consolidate PKINIT hash extraction code
2023-01-25 12:16:42 -05:00
4f574d141a
Land #17533 , Combine pkinit_login with get_ticket
2023-01-25 15:43:12 +00:00
c7ba117fed
Land #17534 , Update kerberos cipher negotiattion
...
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 10:19:40 -05:00
a5e2c5b3b7
Unify pkinit_login with get_ticket
2023-01-25 08:36:26 -05:00
785e2caa9f
Refactor #send_request_tgt_pkinit, clarify docs
2023-01-25 08:36:26 -05:00
c143124344
Add feature to set the status of ticket/ccache via klist
2023-01-25 13:28:43 +00:00
8d4b1ce3c1
Use the credential etype instead of the encrypted ticket etype
2023-01-25 13:20:50 +00:00
d18beb486d
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 00:27:00 +00:00
e81bed0378
Land #17526 , groups the show options command by their conditions
2023-01-24 13:21:17 +00:00
854fc1400e
Improve show options to include options with conditions
2023-01-24 10:43:14 +00:00
d356b34422
Land #17499 , Show extended error information for ICPR
...
Merge branch 'land-17499' into upstream-kerberos
2023-01-23 12:19:13 -06:00
9a6c298a43
Use shared helper for creating kerberos options
2023-01-23 11:04:01 +00:00
1975c92e92
Remove extra info from verbose mode of LDAP output
2023-01-20 16:51:34 -06:00
a37cec40fc
Show extended error information for ICPR
2023-01-20 16:29:18 -05:00
9be26eb0ff
improve SMTP delivery error handling
2023-01-20 11:26:25 -06:00
aaad9436f2
Fix winrm offered etypes
2023-01-20 10:59:25 +00:00
9bf7617409
Return if there is no certificate to process
2023-01-18 15:05:54 -05:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
d810267f8d
Pull in Dean's changes from #17443 to fix LDAP failure references.
2023-01-17 16:31:08 -06:00
202eb85066
Land #17470 , Update kerberos login to support diacritics
2023-01-16 12:22:44 +00:00
5ef1f9f4f4
Update kerberos login to support diacritics
2023-01-16 12:08:54 +00:00
7a2f6fef86
Land #17477 , Merge 6.2.36 master into kerberos feature branch
2023-01-16 11:53:21 +00:00
eddac9321c
Merge 6.2.36 master into kerberos feature branch
2023-01-13 17:31:02 +00:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
75153aded3
Fix missing method error when printing ticket contents from a kirbi file format
2023-01-13 10:19:07 +00:00
2f145769da
Actually, offered_etypes needs to be an array
2023-01-11 17:08:27 -05:00
a4a5162b92
Remove the etype option in favor of offered_etypes
2023-01-11 10:17:52 -05:00
138f3bb4b2
Make the encryption type configurable
2023-01-09 17:20:57 -05:00
b7f6fe584a
Add initial lib changes for configurable etypes
2023-01-09 16:43:42 -05:00
8f302c8697
Complete requested PR changes
...
Clone the cc_principle
2023-01-06 14:48:53 -06:00
d64c4b6e7e
Store the binary format of the ccache
...
update key to be correct
2023-01-06 14:48:53 -06:00
ccfc253eb8
Updates to get ccache in golden ticket
...
Fix incorrect reference
Use proper encoding
2023-01-06 14:48:52 -06:00
8078616f5f
Use the correct constant names for ldap failures
2023-01-06 14:11:26 +00:00
75372dcdd3
Land #17374 , Add klist command
2023-01-06 12:57:20 +00:00
e03fd42a29
Update to fix some warnings in YARD, fix review comments, and also replace @see with proper links for easier navigation
2023-01-05 17:44:24 -06:00
adfoster-r7