adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84ffa524e592d83e59cd88956e4ccfb2ec7bf96c
metasploit-gs/lib/msf/core/exploit/remote
T
History
adeherdt-r7 a3a24418a8 MS-9517 Jenkins Login Scanner 
Jenkins does not implement Authentication challenges.

By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.

By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.

The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
2024-08-13 11:16:01 +02:00
..
dcerpc
Support encrypted LDAP (ldap signing) over Kerberos and NTLM
2024-04-24 12:56:06 +10:00
dns
Specify the record type for PTR lookups
2024-02-08 11:22:33 -05:00
http
MS-9517 Jenkins Login Scanner
2024-08-13 11:16:01 +02:00
http_server
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
java
Update Java::HTTP::ClassLoader and CmdStager::HTTP
2024-06-13 16:39:24 +02:00
kerberos
Kerberos asrep roasting improvements
2024-07-24 18:01:11 +01:00
ldap
Fix kerberos auth and missing method error when querying with -a
2024-05-15 16:11:40 +01:00
ms_samr
Refactor the MsSamr mixin to split it out
2024-04-22 13:45:20 -04:00
smb
Refactor smb_lookupsid module to use RubySMB
2024-05-17 10:59:37 +01:00
ssh
Fix merge conflict from #14202, in linear history
2020-12-09 17:24:29 -06:00
afp.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
arkeia.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
auth_option.rb
Add in SCHANNEL support, and update modules to fix a hang when using to_json instead of get_operation_result.
2023-02-24 13:50:04 -06:00
auto_check.rb
Enforce single module stance
2024-03-25 11:53:23 +00:00
browser_autopwn2.rb
shuffle platform parsing and code quality
2024-01-19 14:30:34 +00:00
browser_autopwn.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
browser_exploit_server.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
browser_profile_manager.rb
check_module.rb
Enforce single module stance
2024-03-25 11:53:23 +00:00
db2.rb
Fix db2 scanner module crashes
2023-11-13 21:41:28 +00:00
dcerpc_epm.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
dcerpc_lsa.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
dcerpc_mgmt.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
dcerpc.rb
Add smb session type
2023-12-04 17:55:11 +00:00
dialup.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
dns.rb
Zeitwerk rex folder
2021-02-08 12:24:12 +00:00
expect.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
firefox_addon_generator.rb
Zeitwerk rex folder
2021-02-08 12:24:12 +00:00
firefox_privilege_escalation.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
ftp_server.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
ftp.rb
Add feature flagged datastore rewrite, with support for option fallback lookups
2022-09-16 12:59:02 +01:00
gdb.rb
gdb_server_exec: Cleanup and add support for armle/aarch64 architectures
2022-04-25 19:25:06 +00:00
http_client.rb
Reimplement password_spray into login modules
2024-05-03 13:00:24 +01:00
http_server.rb
Display the HTTP port when necessary
2022-03-21 20:11:31 -04:00
imap.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
ip.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
ipv6.rb
change from lambda to line by line logic
2022-05-24 16:24:15 +03:00
jndi_injection.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
ldap.rb
Escape LDAP query strings
2024-06-18 17:47:56 -04:00
log4_shell.rb
Add and use a Log4Shell mixin
2022-02-03 16:09:49 -05:00
ms_icpr.rb
Add support for configurable RPORT, session & default rports to lookupsid
2024-05-17 10:59:37 +01:00
ms_lsad.rb
Fixed names that were missed while refactoring
2024-05-17 10:59:37 +01:00
ms_lsat.rb
Follow MS-LSAD and MS-LSAT spec for LSARPC & LookupSids
2024-05-17 10:59:37 +01:00
ms_samr.rb
Add support for configurable RPORT, session & default rports to lookupsid
2024-05-17 10:59:37 +01:00
mssql_commands.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
mssql_sqli.rb
Use default User agent string for generic auxiliary modules
2021-11-09 18:55:49 +11:00
mssql.rb
refactor packet parsing code
2024-04-24 15:06:36 -04:00
mysql.rb
Align SQL sessions peerhost and peerport
2024-03-04 13:11:32 +00:00
ndmp_socket.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
ndmp.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
nuuo.rb
Zeitwerk rex folder
2021-02-08 12:24:12 +00:00
pop2.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
postgres.rb
Align SQL sessions peerhost and peerport
2024-03-04 13:11:32 +00:00
rdp.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
real_port.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
sip.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
smtp_deliver.rb
improve SMTP delivery error handling
2023-01-20 11:26:25 -06:00
smtp.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
snmp_client.rb
Use opts['RHOST'] and opts['RPORT'] to creating the SNMP::Manager instance in connect_snmp
2020-12-16 15:15:27 +01:00
socket_server.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
ssh.rb
Added support to depecreted key exchange algorithms
2022-04-13 18:53:50 +02:00
sunrpc.rb
Zeitwerk rex folder
2021-02-08 12:24:12 +00:00
tcp_server.rb
Update the TCP server and HTTP server mixins
2022-03-21 11:47:56 -04:00
tcp.rb
Specify peer hostname for ssl connections
2022-05-13 13:55:43 +01:00
telnet.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
tincd_exploit_client.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
tns.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
udp.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
unirpc.rb
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
vim_soap.rb
Add ruby 3.1 support
2022-03-24 21:59:02 +00:00
wdbrpc_client.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
wdbrpc.rb
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
web.rb
trade URI.encode & URI.escape for Ruby 3
2021-11-22 14:11:03 -06:00
winrm.rb
Update to mark DomainControllerRhost as optional
2023-12-05 16:23:35 -05:00
zeromq.rb
Fix usage of Failure:: constant
2021-02-12 14:33:05 +00:00