fa7d677d45
Consolidate and improve LDAP error handling
2022-10-31 10:56:17 -04:00
1e50ba3415
Move to Hashes module, address requested changes
...
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-10-17 17:28:31 -04:00
06aefb630a
string true to bool true
2022-10-03 19:50:04 -04:00
3a281234df
Add feature flagged datastore rewrite, with support for option fallback lookups
2022-09-16 12:59:02 +01:00
c45262cd46
Land #16800 , Add support for OpenSSL 3
2022-08-05 14:20:51 -05:00
9c6a198453
Land #16796 , Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module
2022-08-04 19:44:57 +02:00
a314423e81
Some changes requested by @cdelafuente-r7
2022-08-03 14:51:51 -07:00
f65119b353
Support OpenSSL3 and run Ubuntu 22.04 in test matrix
2022-08-03 15:49:53 +01:00
c66f98bae6
Make lint happy
2022-08-01 10:03:35 -07:00
e7edafbcfb
Throw errors in the rar-generator library rather than returning nil
2022-08-01 09:54:31 -07:00
d36bee8755
A few simple feedback changes
2022-07-29 10:48:07 -07:00
f279e8d6ca
Split the CVE-2022-30333 unrar module into two different modules with a shared mixin to generate the file
2022-07-27 12:45:47 -07:00
f9a951d034
Land #16737 , Remove initial code duplication between mssql clients
2022-07-20 19:44:25 +02:00
1dcfc3406a
Add Rex::Exploitation::CmdStagerFtpHttp to Msf::Exploit::CmdStager
2022-07-16 18:10:28 +10:00
39f288bfe3
Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters
2022-07-11 01:37:41 +10:00
5bc618e642
Remove initial code duplication between mssql clients
2022-07-01 14:26:04 +01:00
66009ca5e5
Exploit::CmdStager: Expose CMDSTAGER::URIPATH option for HTTP stagers
2022-06-25 23:49:47 +10:00
b10386ba08
Land #16650 , Add #read_from_file for MSSQL and PostgreSQL, fix the MySQL implementation
2022-06-17 14:58:22 -05:00
d47d1bc259
Remove newlines from base64 output on MySQL also
2022-06-17 00:51:52 +02:00
63822f6e37
Land #16651 , [SQLi library] Ensure the encoder is always used in the #test_vulnerable methods
2022-06-08 17:15:22 -05:00
88036a7f1f
Check for nil before using the decoder in test_vulnerable
2022-06-08 22:00:03 +02:00
67ea2bc23c
Land #16630 Fix duplicate ntlm hash storage
...
Net-NTLM (v1 and v2) hashes were being duplicated when
stored in the database due to the unique data in the challenge
dispite being the same. This fixes that issue
2022-06-08 14:07:34 -04:00
1a7cbe5b4f
Update lib/msf/core/exploit/remote/smb/server/hash_capture.rb
2022-06-08 13:45:57 -04:00
a983bbd8ba
Land #16615 , Solicited multicast-address creation bugfix
2022-06-07 14:41:52 -05:00
2b99967d0c
Merge branch 'master' into fix/duplicate-netntlm
2022-06-07 11:42:51 -04:00
5331c343a0
Use the encoder in all the #test_vulnerable methods from the common class
2022-06-06 23:13:26 +02:00
6d9c789f4d
Add method #read_from_file for MSSQL and PostgreSQL, and update the MySQL #read_from_file method
2022-06-06 23:07:25 +02:00
8ccc1ebf91
Land PR #16628 , Log ntlm_session hashes
...
This PR fixes the logging and storing of
NTLM session hashes
2022-06-02 11:20:37 -04:00
6d3ccab1be
Land #16435 , add Microsoft SQL Server sqli support
2022-06-01 10:27:48 -05:00
a47b3fe694
Don't report duplicate Net-NTLM hashes
2022-05-27 14:13:06 -04:00
1e5f86703f
Report the correct JtR type
2022-05-27 10:16:02 -04:00
862c6a94a2
Log ntlm_session hashes too
...
Despite being called ntlm_session, these hashes are capable of being
cracked as the John 'netntlm' format. Additionally the format is
reported as NTLMv1-SSP in similar tools.
2022-05-27 10:07:39 -04:00
c33f284786
change from lambda to line by line logic
2022-05-24 16:24:15 +03:00
7f9ead454e
bugfix of improper solicited address creation
2022-05-23 15:25:53 +03:00
19a9ff1198
Update a couple of modules for the new SMB server
2022-05-16 14:39:45 -04:00
e0b9002238
Fix an SMB relay bug
2022-05-16 14:39:45 -04:00
f14f8da1df
Use the new thread_factory
2022-05-16 14:39:45 -04:00
b79b550d6c
Centralize the log adapter
...
This should eventually be updated to map the levels to the framework
logger and appropriate module-print_* function.
2022-05-16 14:39:45 -04:00
7c15b144c4
Update the SMB capture server
2022-05-16 14:39:44 -04:00
22993e910e
Move server code into the server mixin
2022-05-16 14:39:44 -04:00
c39fd87073
Finish removing unneeded server code
2022-05-16 14:39:44 -04:00
475f6eee8c
Capture hash when serving files over SMB
2022-05-16 14:39:44 -04:00
d740786211
Add the on_client_connect callback
...
Also update the group_policy_startup module.
2022-05-16 14:39:44 -04:00
317516d90f
Enable guest access
2022-05-16 14:39:44 -04:00
882bcf08f7
Fix bugs when stopping the service
2022-05-16 14:39:44 -04:00
09dc65eb6a
Remove the FILE_CONTENTS datastore option
...
None of the 14 modules use this option, they all deregister it.
2022-05-16 14:39:44 -04:00
63af7cdef7
Initial update to the RubySMB share server
2022-05-16 14:39:44 -04:00
013a819cff
Out with the old
2022-05-16 14:39:44 -04:00
879591f686
Land #16499 , Specify peer hostname for SNI
2022-05-16 14:21:57 -04:00
0196b6fa75
Land #16555 , move duplicated retry_until_truthy code into centralized location
2022-05-16 18:31:57 +01:00
Spencer McIntyre