dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

This commit is contained in:
Metasploit 2022-01-05 12:48:00 -06:00
parent d0417f60bd
commit 4d8e10e09a
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 66 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
db/modules_metadata_base.json
View File

@ -537,6 +537,70 @@
"session_types": false, "session_types": false,
"needs_cleanup": false "needs_cleanup": false
}, },
"auxiliary_admin/dcerpc/cve_2021_1675_printnightmare": {
"name": "Print Spooler Remote DLL Injection",
"fullname": "auxiliary/admin/dcerpc/cve_2021_1675_printnightmare",
"aliases": [
],
"rank": 300,
"disclosure_date": null,
"type": "auxiliary",
"author": [
"Zhiniang Peng",
"Xuefeng Li",
"Zhipeng Huo",
"Piotr Madej",
"Zhang Yunhai",
"cube0x0",
"Spencer McIntyre",
"Christophe De La Fuente"
],
"description": "The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted\n DCERPC request, resulting in remote code execution as NT AUTHORITY\\SYSTEM. This module uses the MS-RPRN\n vector which requires the Print Spooler service to be running.",
"references": [
"CVE-2021-1675",
"CVE-2021-34527",
"URL-https://github.com/cube0x0/CVE-2021-1675",
"URL-https://github.com/afwu/PrintNightmare",
"URL-https://github.com/calebstewart/CVE-2021-1675/blob/main/CVE-2021-1675.ps1",
"URL-https://github.com/byt3bl33d3r/ItWasAllADream"
],
"platform": "",
"arch": "",
"rport": 445,
"autofilter_ports": [
139,
445
],
"autofilter_services": [
"netbios-ssn",
"microsoft-ds"
],
"targets": null,
"mod_time": "2021-09-21 15:16:58 +0000",
"path": "/modules/auxiliary/admin/dcerpc/cve_2021_1675_printnightmare.rb",
"is_install_path": true,
"ref_name": "admin/dcerpc/cve_2021_1675_printnightmare",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
"AKA": [
"PrintNightmare"
],
"Stability": [
"crash-service-down"
],
"Reliability": [
"unreliable-session"
],
"SideEffects": [
"artifacts-on-disk"
]
},
"session_types": false,
"needs_cleanup": false
},
"auxiliary_admin/dns/dyn_dns_update": { "auxiliary_admin/dns/dyn_dns_update": {
"name": "DNS Server Dynamic Update Record Injection", "name": "DNS Server Dynamic Update Record Injection",
"fullname": "auxiliary/admin/dns/dyn_dns_update", "fullname": "auxiliary/admin/dns/dyn_dns_update",
@ -20751,7 +20815,7 @@
"Alberto Solino", "Alberto Solino",
"Christophe De La Fuente" "Christophe De La Fuente"
], ],
"description": "Dumps SAM hashes and LSA secrets (including cached creds) from the\n remote Windows target without executing any agent locally. First, it\n reads as much data as possible from the registry and then save the\n hives locally on the target (%SYSTEMROOT%\\random.tmp). Finally, it\n downloads the temporary hive files and reads the rest of the data\n from it. This temporary files are removed when it's done.\n\n This modules takes care of starting or enabling the Remote Registry\n service if needed. It will restore the service to its original state\n when it's done.\n\n This is a port of the great Impacket `secretsdump.py` code written by\n Alberto Solino. Note that the `NTDS.dit` technique has not been\n implement yet. It will be done in a next iteration.", "description": "Dumps SAM hashes and LSA secrets (including cached creds) from the\n remote Windows target without executing any agent locally. First, it\n reads as much data as possible from the registry and then save the\n hives locally on the target (%SYSTEMROOT%\\random.tmp). Finally, it\n downloads the temporary hive files and reads the rest of the data\n from it. This temporary files are removed when it's done.\n\n On domain controllers, secrets from Active Directory is extracted\n using [MS-DRDS] DRSGetNCChanges(), replicating the attributes we need\n to get SIDs, NTLM hashes, groups, password history, Kerberos keys and\n other interesting data. Note that the actual `NTDS.dit` file is not\n downloaded. Instead, the Directory Replication Service directly asks\n Active Directory through RPC requests.\n\n This modules takes care of starting or enabling the Remote Registry\n service if needed. It will restore the service to its original state\n when it's done.\n\n This is a port of the great Impacket `secretsdump.py` code written by\n Alberto Solino.",
"references": [ "references": [
"URL-https://github.com/SecureAuthCorp/impacket/blob/master/examples/secretsdump.py" "URL-https://github.com/SecureAuthCorp/impacket/blob/master/examples/secretsdump.py"
], ],
@ -20767,7 +20831,7 @@
"microsoft-ds" "microsoft-ds"
], ],
"targets": null, "targets": null,
"mod_time": "2021-09-01 10:30:54 +0000", "mod_time": "2022-01-03 19:13:32 +0000",
"path": "/modules/auxiliary/gather/windows_secrets_dump.rb", "path": "/modules/auxiliary/gather/windows_secrets_dump.rb",
"is_install_path": true, "is_install_path": true,
"ref_name": "gather/windows_secrets_dump", "ref_name": "gather/windows_secrets_dump",