e7f8b07476
Merge pull request #20882 from karanabe/icpr_cert-rsa-keysize
...
Add RSAKeySize option to satisfy AD CS template minimums
2026-01-30 15:56:58 -06:00
2e1d688659
Use OptEnum for RSA key size options
2026-01-23 16:22:13 +09:00
c0e9288ac5
Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce
...
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
2026-01-22 14:26:38 -05:00
18a4cf8c00
Use the ssl setting for HttpServer#start_service
2026-01-22 13:49:28 -05:00
34cebd1453
Update CheckCode messaging
2026-01-22 15:03:32 +01:00
99e032f4af
SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691]
2026-01-22 15:03:30 +01:00
5ba95b5def
Merge pull request #20888 from jheysel-r7/fix/bad_successor_service_auth_fix_2
...
Fixes the base service authenticator for BadSuccessor
2026-01-21 11:37:28 +00:00
c47a74d0dd
Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985
...
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
2026-01-20 12:36:51 -08:00
e3e388d57d
Fixes the base service authenticator for BadSuccessor
2026-01-20 09:24:36 -08:00
9e320dd168
add suggestions from @jheysel-r7
2026-01-19 18:45:01 -08:00
eb49dade6f
Merge pull request #20755 from rudraditya21/feature/kerberos-clock-skew
...
Added: Option to adjust kerberos clock
2026-01-19 10:00:54 -08:00
61c1b8280f
Add configurable RSA key size for ICPR
2026-01-18 20:21:55 +09:00
4b610957ce
Fix Kerberos Base Service Authenticator
2026-01-16 12:31:34 -08:00
658c251b66
Merge pull request #20472 from jheysel-r7/feat/mod/badsuccessor
...
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 15:43:35 -05:00
c1023fd62a
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 12:34:45 -08:00
4fbc647903
fixed: merge conflict
2025-12-28 23:41:36 +05:30
8342493b3b
Merge branch 'rapid7:master' into feature/kerberos-clock-skew
2025-12-28 23:16:27 +05:30
34ceae4e2c
Add autocheck report_vuln logic
2025-12-22 13:09:32 +00:00
9fbf4e1d67
replace vprint_status with print_status in login.rb module
2025-12-18 08:59:55 -08:00
59dc9dd59c
fix error handling
2025-12-17 09:57:03 -08:00
6d059bd62e
improve csrf token parsing
2025-12-17 09:53:28 -08:00
1d4b8ce10e
add pagination support to get_apps function
2025-12-16 10:03:08 -08:00
c35537252f
Revert "Vulnerability Report Enhancement"
2025-12-15 12:40:02 +00:00
3dc70b751a
Report the ICertPassage protocol using the new API
2025-12-15 12:36:51 +01:00
35dd55159d
extracted get_apps url into uris.rb
2025-12-13 11:35:25 -08:00
ebd736272f
fix variables naming
2025-12-13 11:21:08 -08:00
b35c8b3926
remove unused function calls
2025-12-12 20:31:14 -08:00
ee404d9453
add splunk modules (cve-2022-43571 and cve-2024-36985)
2025-12-12 13:16:57 -08:00
c49a376280
added: Option to adjust kerberos clock (issue-> #20587 )
...
- Added KrbClockSkew advanced option and parser to offset Kerberos timestamps
- Propagate skew through Kerberos client/authenticators (LDAP/SMB/HTTP/WinRM/MSSQL) and scanners
- Updated docs for new option and extended kerberos client specs for clock skew handling
- Clean up kerberos client error handling/style per rubocop
2025-12-08 01:47:51 +05:30
d66e93afc0
Merge pull request #20658 from jheysel-r7/feat/mod/cert_details_update
...
Add Updates to LDAP ESC Vulnerable Cert Finder
2025-12-05 10:55:52 -05:00
0e2af23287
Add Updates to LDAP ESC Vulnerable Cert Finder
...
Add CertificateAuthorityRhost to avoid DNS failures
2025-12-04 17:03:36 -08:00
0f795d715e
Merge pull request #20741 from SaiSakthidar/remove-cain
...
Remove CAIN
2025-12-03 16:12:17 -05:00
98dd33a3cd
Remove CAIN
2025-12-03 15:42:57 -05:00
c425f1519c
Support relaying to MSSQL server that require TLS
2025-12-02 16:10:07 -05:00
47b742ba0c
Land #20482 , fixes bug in HTTP-based login scanners
...
Fix HTTP-based login scanners when using SSL with custom port
2025-11-25 16:23:39 +01:00
4a012dd06a
Merge pull request #20637 from zeroSteiner/feat/mod/smb-to-mssql
...
Add an SMB to MSSQL NTLM Relay module
2025-11-24 09:17:45 -08:00
6215da4754
Apply review suggestions: use case/when, improve error handling, simplify code
2025-11-20 22:41:08 +01:00
11c64b8f10
Update lib/msf/core/exploit/remote/http/flowise.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-11-20 21:55:10 +01:00
000d310914
MSSQL auto auth should look at the domain
...
If the domain is set, using NTLM where the domain is used, otherwise use
plaintext / sql authentiction.
2025-11-20 13:32:33 -05:00
6ab2452153
Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example
2025-11-19 22:58:27 +01:00
44cf2e309f
Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup
2025-11-19 22:12:49 +01:00
e99c1f648d
Expands fix for all HTTP-based login scanners
2025-11-18 16:42:59 +01:00
100ac4b973
Remove unneeded code
2025-10-23 13:05:36 -04:00
79b7b54e11
Finish the smb_to_mssql relay module
2025-10-21 11:28:23 -04:00
67f407275c
Initial non-functioning smb-to-mssql module
2025-10-21 11:21:00 -04:00
c2ccac414d
Remove the USE_WINDOWS_AUTHENT option
...
It's redundant with the Mssql::Auth option which is an enum and supports
all the authentication mechanisms. This eliminates the ambiguity between
the meaning and precedence of the options.
2025-10-21 11:20:51 -04:00
5252e92954
Merge pull request #20568 from bcoles/vbsobfuscate
...
Msf::Exploit::VBSObfuscate: Add VBS obfuscation library
2025-10-03 13:36:43 -07:00
1da518ec82
Responded to comments
2025-10-01 17:35:36 -07:00
66d59a7ddc
Update reg checks when DC and CA are separate
2025-10-01 17:35:36 -07:00
3d1d49b71a
Merge pull request #20517 from cgranleese-r7/adds-postgres-ssl-support
...
Adds SSL support to the postgres_login module
2025-09-26 08:53:47 -04:00
Brendan