f2e5e77e27
Fix bypassuac_injection_winsxs for x64
...
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
2023-02-03 13:02:53 -05:00
020e221c42
Present unsupported ul_types in a clearer way to the user
2023-01-27 13:40:33 +00:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
fc0324f28b
Consistently print keys without \x
2023-01-26 10:49:05 -05:00
e434b65d9d
Land #17535 , Add NTLM Hash Extraction via PKINIT to get_ticket
2023-01-25 18:34:18 +00:00
eb59d08516
Add additional kerberos error codes
2023-01-25 18:08:07 +00:00
21f33296b7
Consolidate PKINIT hash extraction code
2023-01-25 12:16:42 -05:00
dba1198a09
Fix a definition in krb5_pac.rb
2023-01-25 11:18:54 -05:00
81295e40fa
Report the host that's returned from Meterpreter
...
Report the host that's returned from Meterpreter because that's the most
accurate source of the information.
2023-01-20 14:15:14 -06:00
729de2478c
Warn that the remote host is ignored
2023-01-20 14:15:13 -06:00
17d8db43a9
Print IPv6 addresses correctly
2023-01-20 14:15:13 -06:00
7678e7c8ea
Pass bind address for reverse port forwards
2023-01-20 14:15:13 -06:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
c55fcb6ca6
Add additional kerberos documentation
2023-01-18 16:58:34 +00:00
eddac9321c
Merge 6.2.36 master into kerberos feature branch
2023-01-13 17:31:02 +00:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
29968fb76e
Land #17337 , Gather Dbeaver Password
2023-01-12 16:06:00 +01:00
f9b1c17c39
Fix exception handler logic and small improvements
2023-01-11 20:00:09 +01:00
6738ca2c43
Support multiple platforms
2023-01-11 18:04:29 +08:00
87b1f3b602
Land #17386 , Ignore Content-Length header for the purpose of HEAD requests
2023-01-10 11:00:59 -06:00
8b102afd71
Rubocop fixes and some documentation additions
2023-01-10 10:07:51 -06:00
f8b253dae1
Fix state machine for HEAD requests
2023-01-10 10:57:13 +11:00
2494c367e7
Handle chunked Kerberos responses
...
Chunked responses from partial reads are possible when pivoting.
2023-01-09 11:24:53 -05:00
e03fd42a29
Update to fix some warnings in YARD, fix review comments, and also replace @see with proper links for easier navigation
2023-01-05 17:44:24 -06:00
5eae5068cc
update
2023-01-05 20:56:06 +08:00
b05db8b82d
Keep signature of the read_response function as it was before, and add the original request as an opt
2023-01-03 09:46:43 +11:00
86d4129edb
Add in missing YARD documentation for lib/rex/proto/ldap.rb
2022-12-30 13:41:33 -06:00
95d361754f
Merge branch 'upstream-master' into merge-6.2.33-master-into-kerberos-feature-branch
2022-12-28 13:59:42 +00:00
8678bb9db6
Land #17380 , Update User Agent strings December 2022
2022-12-27 18:18:24 -06:00
6e09236c97
Land #17381 , Update rasn1 dependency for pkinit
2022-12-15 17:38:49 +01:00
d1f5fa06cf
Don't use File in cmd_upload / cmd_download
...
It does not look like shell sessions define their own File class,
meaning that the local-platform specific one is always used. Instead
we'll define the separator ourselves since it's all we need to perform
the basic operations necessary to analyze the path string.
2022-12-15 10:05:02 -05:00
891ab225cc
Ignore Content-Length header for the purpose of HEAD requests
2022-12-15 11:22:48 +11:00
2783e92203
Update windows_secrets_dump and Keytab module to export kerberos keys
2022-12-14 13:40:39 +00:00
28bd37b0a7
Update rasn1 dependency for pkinit
2022-12-14 00:32:26 +00:00
2f6c94b872
Update User Agent strings December 2022
2022-12-14 11:03:25 +11:00
a9ccfe31b7
Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch
2022-12-13 19:40:39 +00:00
7625d4b08b
Add ticket flags when outputting krb5 ccache
2022-12-13 12:19:16 +00:00
34451940c7
Fix uploading from shell sessions
2022-12-12 12:02:33 -05:00
a9cdb77a72
Use consistent casing and fix typos
2022-12-12 10:30:50 -05:00
a80db73bab
Land #17325 , add impersonation for get_ticket
...
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
2022-12-12 09:10:37 -05:00
86ec66c43d
Add decoding support
...
- for Rex::Proto::Kerberos::Model::Checksum
- for Rex::Proto::Kerberos::Model::PreAuthForUser
- add specs
2022-12-12 12:56:30 +01:00
2fc8b0a7a6
Add GitHub refereces to the patch details
2022-12-08 10:47:44 -05:00
fc3bb585be
Move TypeSerialization1 to it's own file
2022-12-08 13:20:41 +00:00
1e1580e346
Move TypeSerialization1 to it's own file
2022-12-08 13:11:47 +00:00
e7b20ad155
Add in monkey patch to the search method of Net::LDAP::Connection to allow us to use controls when search whilst we await an upstream patch in Net::LDAP
2022-12-07 15:17:52 -06:00
1e2ada3cce
Add options validation depending on action in forge_ticket.rb
2022-12-06 12:55:42 +00:00
405271a52f
Add pac BinData Model
2022-12-05 14:03:21 +00:00
907612b41d
Dbeaver
2022-12-05 14:54:19 +08:00
431804ef15
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
c6f8bae1ab
Fix from code review and updates the KrbUseCachedCredentials logic
2022-12-02 15:28:08 +01:00
Spencer McIntyre