eba2b6c1bf
Merge pull request #19760 from cdelafuente-r7/feat/pkcs12/certs_command/pkinit
...
Add certs command & use pkinit if kerberos tickets are not available in cache
2025-04-22 11:11:54 -07:00
226853f535
Fix EKU lookup in certificate
2025-04-22 19:08:45 +02:00
c79f7db38b
Adds enhanced support for network capture decryption
2025-04-11 13:34:40 +01:00
7e42746eb0
Code review and fixes
...
- Fix Pkcs12 filer to use case insensitive username and realm
- Handle nil values in `StoredPkcs12`
- Use `fallbacks` options in `ldap_login`
- Small fixes
2025-04-08 18:21:39 +02:00
630c2c03bc
Update certs command, pkcs12 matching and specs
...
- use the `status`, certificate's `not_before`/`not_after` and check if the TLS
OID is present to filter pkcs12 before using them with PKInit
- add the `activate`, `deactivate` and `export` capabilities to the
certs command
- add specs
2025-04-02 18:23:14 +02:00
e7535d8fae
Add certs command & use pkinit if kerberos tickets are not available in cache
2025-04-02 18:23:14 +02:00
7f8a762922
Update ms_icpr and creds to reflect the changes in the Pkcs12 data model
...
- a separate field is now used for metadata (`private_metadata`) when
creating a new Pkcs12
- the `creds` command now support adding an encrypted Pkcs12 with a password
2025-04-01 19:12:41 +02:00
865626fbd2
Update Pkcs12-related code to report CA and ADCS Template to the database
...
- Update the `creds` command to add Pkcs12 private credentials with
metadata.
- Update `ms_icpr` module to store metadata.
2025-04-01 19:07:48 +02:00
33e3a0bd09
Merge pull request #19984 from zeroSteiner/feat/lib/adcs-mm-updates/2
...
Feat/lib/adcs mm updates/2
2025-03-31 10:23:10 -07:00
08e227faca
Merge pull request #19934 from sfewer-r7/bugfix-cisco-iosxe-rce
...
Improve exploit/linux/misc/cisco_ios_xe_rce (CVE-2023-20198 + CVE-2023-20273)
2025-03-27 16:51:16 -07:00
d38dd96861
Renames LDAP datastore options
2025-03-25 17:07:25 +00:00
02e3a55570
Catch additional exceptions for failures
2025-03-21 12:02:23 -04:00
2e842179b7
Merge pull request #19757 from smashery/cms_refactor
...
Refactor Cms ASN.1 definitions
2025-03-19 13:38:34 -04:00
f8760a9e3b
Update from code review
2025-03-14 15:28:39 +01:00
d4fd890fed
Add the smb_to_ldap relay module and documentation
2025-03-14 15:28:39 +01:00
d47ec03ca7
Refactor CMS data structures used in pkinit functionality
2025-03-14 10:42:32 +11:00
c3ffdb12f5
Merge pull request #19946 from zeroSteiner/feat/mod/relay/ms08-068-warning
...
Add a warning for MS08-068 when applicable
2025-03-05 11:11:20 -08:00
0116d0c04b
Actually count the hosts
...
RangeWalker handles many more formats for specifying multiple hosts, so
simply checking for a space is insufficient.
2025-03-05 13:44:33 -05:00
b43dc8be08
Switch relay modules, add ESC8 check method
2025-03-05 13:44:33 -05:00
dbce82416c
Add a warning for MS08-068 when applicable
2025-03-05 13:31:26 -05:00
54465f30f2
Land #19917 , Add NIST SP 800 Crypto Primitives
...
Land #19917 , Add NIST SP 800 Crypto Primitives
2025-03-04 17:50:01 +01:00
60a496eec9
bugfix the URI to work as expected for both HTTP and HTTPS, also some appliences (C8000v) need the _http portion of this URI path to be cchanges from all lowercase for CVE-2023-20198 to work as expected.
2025-03-03 20:20:26 +00:00
11818c2812
Switch to using Rex's Crypto module
2025-02-27 10:52:09 -05:00
7e0b3af790
Land #19879 , Add MsDtypSecurityDescriptor to_sddl_text
...
Land #19879 , Add MsDtypSecurityDescriptor to_sddl_text
2025-02-27 15:28:27 +01:00
3487b485e9
Fix an API change from an old commit ( #19880 )
2025-02-25 10:15:33 +00:00
c9dc97c242
Update some modules to print the SDDL
2025-02-13 17:19:43 -05:00
dfb1ed6d30
Land #19842 , fixing jtr_format for NTLM hashes
2025-02-07 13:24:10 +01:00
6232463701
Merge pull request #19835 from cdelafuente-r7/fix/kerberos/ticket_lookup
...
Kerberos ticket lookup fix
2025-01-28 13:01:05 -08:00
8e68d1d5f2
Fixed spacing
2025-01-28 10:40:13 -08:00
9d50fb66bc
Fix jtr_format assignment in HashCapture module
2025-01-28 10:14:36 -08:00
4c0f407b39
favor SecureRandom.bytes over Rex::Text.rand_text_alphanumeric
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2025-01-24 16:15:16 +00:00
de6b14e506
change how a Sec-WebSocket-Key is computed to make connect_ws be spec compliant
2025-01-24 14:46:52 +00:00
25bd5d736c
Fix comparision case for service name hostname
2025-01-24 14:26:58 +01:00
f7554d2467
Update lib/msf/core/exploit/remote/ms_icpr.rb
2025-01-16 09:36:30 -08:00
b5a116f85e
Update lib/msf/core/exploit/remote/ms_icpr.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2025-01-16 09:25:33 -08:00
42abf6be5b
Fix icpr_cert to error when ESC15 is patched
2025-01-13 17:51:21 -08:00
31930f47dd
Merge pull request #19700 from jheysel-r7/fix_send_request_cgi_bang
...
Fix query param in reconfig_redirect_opts!
2024-12-11 23:30:51 +00:00
f36d786736
Merge pull request #19696 from smashery/add_user_module
...
Add user module
2024-12-10 11:26:49 -05:00
8b93f1a087
Merge branch 'master' into smb_change_pw
2024-12-09 09:37:45 -05:00
909476ee64
Merge pull request #19671 from smashery/ldap_change_pw
...
LDAP Change Password module
2024-12-06 17:13:50 -05:00
c7b96f89b0
Unset opts query if no location.query
2024-12-05 18:24:12 -08:00
a544805659
Fix query in reconfig_redirect_opts!
2024-12-05 18:18:06 -08:00
d22c6996be
Merge pull request #18877 from h00die/xspy
...
New module to replicate xspy tool (and X11 library)
2024-12-02 13:38:37 -05:00
a230a353e4
Land #19613 Asterisk authenticated rce via AMI (CVE-2024-42365)
2024-12-02 08:21:35 -08:00
c4b7954f15
Land #19596 , Wordpress Plugin Post SMTP Account Takeover
2024-11-29 09:05:03 -08:00
d13bccca05
peer review
2024-11-28 20:24:25 -05:00
cd4899da00
Refactor some X11 code around
...
Consistently refer to replys as responses
2024-11-27 15:19:26 -05:00
7de3d117b8
Land #19582 Acronis Cyber Backup/Protect Info Disclosure
2024-11-27 07:50:16 -08:00
18c4e9c2f6
moved get_machine_info to the acronis_cyber mixin
2024-11-26 16:10:14 +00:00
b6595eeaf0
added acronis cyber mixin
2024-11-26 15:49:57 +00:00
jheysel-r7