adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,342 Commits 27 Branches 1,043 Tags
f2e5e77e2700a39bf447300e53bb52eeafdcbea3
Commit Graph

33843 Commits

Author SHA1 Message Date
Spencer McIntyre f2e5e77e27 Fix bypassuac_injection_winsxs for x64 
Tested on Windows 8.1, prior to these chagnes the bad railgun definition
would cause the session to crash.
 2023-02-03 13:02:53 -05:00
adfoster-r7 56728fc7c2 Land #17573, modules/exploits/linux/ssh Resolve Rubocop violations 2023-01-31 14:12:03 +00:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
bcoles 11cf391da8 modules/exploits/linux/ssh: Resolve Rubocop violations 2023-01-31 23:59:22 +11:00
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
Spencer McIntyre 647cf1d402 Return Time from #extract_logon_time 2023-01-27 10:05:02 -05:00
Spencer McIntyre f4976a0f9f Fix the logon_time in the MS14-068 exploit 2023-01-26 16:16:55 -05:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
adfoster-r7 2d30909a2f Change option name namespacing convention 2023-01-26 16:17:50 +00:00
Spencer McIntyre 2da5d8ea43 Catch exceptions in inspect_ticket 2023-01-26 09:21:55 -05:00
Grant Willcox 71aa4bdace Update ldap_query with find_schema_dn function to find the schema DN which may not be the same as the base DN so we can query security attributes of entries 2023-01-25 15:19:29 -06:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00
adfoster-r7 3d003ff14c Land #17540, Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:39:20 +00:00
Spencer McIntyre 427e354328 Land #17538, Fix smb login crash 
Fix smb login crash with kerberos options set
 2023-01-25 13:35:14 -05:00
Dean Welch 5b473e4ede Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:22:54 +00:00
Spencer McIntyre 21f33296b7 Consolidate PKINIT hash extraction code 2023-01-25 12:16:42 -05:00
Spencer McIntyre 44d8304beb Report the PKCS12 error message 2023-01-25 10:02:37 -05:00
adfoster-r7 24a8582a7b Fix smb login crash with kerberos options set 2023-01-25 13:58:29 +00:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00
Spencer McIntyre 785e2caa9f Refactor #send_request_tgt_pkinit, clarify docs 2023-01-25 08:36:26 -05:00
adfoster-r7 9babcf3564 Add conditions to forge ticket 2023-01-24 13:28:10 +00:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
space-r7 58cd5bb003 specify command stager flavors 2023-01-23 11:53:19 -06:00
cgranleese-r7 af740aea85 Land #17515, Use shared helper for creating kerberos options 2023-01-23 13:37:00 +00:00
adfoster-r7 9a6c298a43 Use shared helper for creating kerberos options 2023-01-23 11:04:01 +00:00
Spencer McIntyre 2621775053 Add the Python command adapter for Windows 2023-01-20 15:10:39 -05:00
Spencer McIntyre 6fe0933c1e Add exploit for CVE-2022-44877 2023-01-20 09:04:24 -05:00
dwelch-r7 ebaf51108c Land #17490, Update impacket get user spns 2023-01-20 13:21:19 +00:00
Christophe De La Fuente 22f45c9a2e Land #17513, Update get ticket module to use aes_key and username convention 2023-01-20 12:44:23 +01:00
adfoster-r7 aaad9436f2 Fix winrm offered etypes 2023-01-20 10:59:25 +00:00
adfoster-r7 4c17b93ca8 Update get ticket module to use aes_key and username convention 2023-01-20 10:47:35 +00:00
Christophe De La Fuente 1e94adc3ab Land #17479, Wordpress paid membership pro unauthenticated sqli (CVE-2023-23488) 2023-01-19 15:36:00 +01:00
h00die 642e6ee1cb review 2023-01-18 16:21:11 -05:00
Spencer McIntyre ebfcfd4cb9 Land #17066, Add module for Certifried 
Add exploit module for Certifried exploit
 2023-01-18 14:51:03 -05:00
Christophe De La Fuente 64ddc6bb4c Land #17484, Add additional kerberos documentation 2023-01-18 19:40:28 +01:00
Christophe De La Fuente 2072111713 Fix from code review & some improvments 
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
 2023-01-18 19:28:06 +01:00
adfoster-r7 c55fcb6ca6 Add additional kerberos documentation 2023-01-18 16:58:34 +00:00
adfoster-r7 a28666d3c5 Add additional datastore validation to forge ticket 2023-01-18 10:46:32 +00:00
Spencer McIntyre 365b71d60f Land #17471, Update get_ticket cache logic 
Update kerberos get_ticket cache logic
 2023-01-17 18:49:08 -05:00
bwatters 607dd9f081 Land #17348, New exploit for CVE-2022-46770 Mirage firewall DoS 
Merge branch 'land-17348' into upstream-master
 2023-01-17 16:52:38 -06:00
adfoster-r7 7f62fa33f3 Update impacket get user spns 2023-01-17 19:53:42 +00:00
Grant Willcox 7e23c34e6c Apply fixes per code review 2023-01-17 12:44:22 -06:00
h00die-gr3y 541dab9365 simplified messaging 2023-01-17 12:44:20 -06:00
h00die-gr3y 77687bff3f init module 2023-01-17 12:44:20 -06:00
Spencer McIntyre a10e313e26 Land #17343, unquoted service path tweaks 2023-01-17 08:59:37 -05:00
adfoster-r7 5ed2fe9ad2 Update kerberos get_ticket cache logic 2023-01-17 00:32:18 +00:00
Christophe De La Fuente 0c8e83c34e Land #17451, Crack netntlm* 2023-01-16 20:52:53 +01:00
cgranleese-r7 7a2f6fef86 Land #17477, Merge 6.2.36 master into kerberos feature branch 2023-01-16 11:53:21 +00:00
h00die 1888264d4d wordpress paid membership pro 2023-01-14 08:34:10 -05:00