d51aa30fff
Rex Table command column width based on longest dispatcher command with sane default
2024-02-27 13:11:24 +00:00
f52543b4a6
Older version of TeamCity (circa 2018) do not support access tokens, so we can fall back on creating an admin user accoutn before we upload the plugin. Creating an access token is better as we can delete the token, unlike the user account.
2024-02-27 12:01:57 +00:00
8bca294966
use the Faker library
2024-02-27 12:00:38 +00:00
75c6dcdc15
Detect templates that are vulnerable to ESC13
2024-02-26 17:28:42 -05:00
3cbf46c5b7
Reuse the ldap connection once established
2024-02-26 17:28:42 -05:00
4a51e028d8
Print multiple attributes on individual rows
2024-02-26 17:28:41 -05:00
97f75c19e4
Show the objectSID of groups as well
2024-02-26 17:28:41 -05:00
fefc3cb73c
Show names for issuance policy OIDs
2024-02-26 17:28:31 -05:00
488d4c0387
Fresh SQL prompt when pressing enter if no input was provided
2024-02-26 16:49:15 +00:00
b91430c878
Land #18886 , Removes the 'run' command from SMB and SQL session types
2024-02-26 14:38:36 +00:00
76a1518eab
Removes the run command from SMB and SQL session type and improves smb session pwd commands error message
2024-02-26 10:55:11 +00:00
787a2cb19e
Land #18872 , add support for boolean datatypes on mssql
2024-02-26 10:51:58 +00:00
1eea790759
Update spec tests for Msf::Ui::Console::CommandDispatcher::Session.rb
...
- Fixes spec test for sessions command where session id should be
sent as a string and not as an integer
2024-02-25 17:35:53 +05:30
597807316e
Add -i option to Session mixin's sessions command
2024-02-25 15:32:46 +05:30
3759346f10
automatic module_metadata_base.json update
2024-02-23 13:43:57 -06:00
f2de6d6357
Land #18870 , Add ConnectWise ScreenConnect module.
...
This PR add an unauthenticatd RCE exploit for ConnectWise
ScreenConnect (CVE-2024-1709).
2024-02-23 11:25:33 -08:00
03e5b36008
Land #18833 , fix for issue #18561
...
This PR catches an exception when updating a non-existing session.
Prior to this PR trying to run sessions -k after running workspace -D
would result in a stacktrace being printed to the console.
2024-02-23 11:18:03 -08:00
39f518eebb
Conditionally validate only when session type is enabled
2024-02-23 18:08:09 +00:00
d7a0dee7d1
@rad10 noted the download link we gave no longer works, but has provided a second link, so adding that to the docs
2024-02-23 17:54:14 +00:00
ebe6e54259
use the Faker module to gen the plugins metadata.
2024-02-23 17:48:01 +00:00
fe8867356e
we can use Faker::Internet.uuid here instead of rolling our own uuid maker
2024-02-23 17:47:28 +00:00
f3af1836ce
allow a custom USERNAME and PASSWORD to be specified if needed. Will default to a random value. Also use Faker::Internet.email to gen an email address
2024-02-23 17:46:49 +00:00
355d5c2426
Enable new session types for tests
2024-02-23 17:45:19 +00:00
559ab0f10d
Add tests for optional session mixins
2024-02-23 17:12:25 +00:00
7c000bc101
Land #18880 , Fix typo in SASL supported mechanisms
2024-02-23 17:12:00 +00:00
dee2f2aa0d
Fix typo in SASL supported mechanisms
2024-02-23 10:29:47 -06:00
9ae9e06017
Land #18879 , update kerberos/inspect_ticket to include PAC credential information
2024-02-23 16:20:57 +00:00
0ade721bf1
Propagate precise encryption key length errors
2024-02-23 10:28:05 -05:00
94587433cd
Add a presenter for the PAC credential information
2024-02-23 09:48:09 -05:00
ca562a95d8
Truncate private data at 88 chars
...
Truncating at 87 was the exact length to trim the last byte of an AES256
kerberos key. Furthermore, adding the (TRUNCATED) string to the end
caused the resuting value to be larger than the original trucated value.
2024-02-23 09:46:44 -05:00
47596c6a0c
add in docs
2024-02-23 14:30:53 +00:00
30e761831e
we can also register this path for cleanup
2024-02-23 14:00:27 +00:00
244e20a3d5
Update expected error in tests
2024-02-23 12:47:48 +00:00
d5bcac1370
improve check routine to include target platform
2024-02-23 11:49:38 +00:00
257ec484c7
Show names for x509 OID constants
2024-02-22 17:36:30 -05:00
4b7f4e2b0d
Just show the DN, commas and all
...
This way the DN can just be copy-pasted into locations where a DN is
expected.
2024-02-22 17:36:30 -05:00
8fca7d188f
Update rspec libraries
2024-02-22 21:02:37 +00:00
003d5e7006
The check routine can now display the targets platform in addition to the version number (we can determine this with a single request, so there is no major change here). This is usefull so you know what platform to set the exploits target to (so you can select an appropriate payload). Thanks @iagox86 for the idea!
2024-02-22 19:23:48 +00:00
d65827367f
Land #18874 Fix undefined mssql_query method call on mssql client
2024-02-22 13:35:04 -05:00
97513d473f
Update manageengine_endpoint_central and servicedesk_plus default payloads
2024-02-23 00:00:18 +05:30
a183289945
automatic module_metadata_base.json update
2024-02-22 12:17:58 -06:00
8bc50c1d3a
Add conditional option validation depending on SESSION or RHOST connection
2024-02-22 17:57:20 +00:00
f3a637b4e9
Land #18873 , fix the create session datastore option from appearing for payloads
2024-02-22 17:50:52 +00:00
854dcc5776
add support for boolean datatypes on mssql
2024-02-22 11:08:49 -06:00
27a1233de8
Turns out only x64 is supported on Windows, so remove ARCH_X86, as if we try to inject an x86 payload in-memory we crash the target x64 service.
2024-02-22 16:41:18 +00:00
a07d1c88be
Fix undefined mssql_query on mssql client
2024-02-22 16:41:10 +00:00
79bfbe4310
now that Linux is a target we have to move this to the multi directory
2024-02-22 16:34:43 +00:00
2c09f385d6
Land #18849 , Improve visual indentation
...
Improve visual indentation logic for tables
2024-02-22 11:23:53 -05:00
d52220cccb
Fixes the create session datastore option from appearing for payloads
2024-02-22 14:58:41 +00:00
65cb30b0a4
update docs
2024-02-22 14:55:02 +00:00
sjanusz-r7