2eec5e0914
Remove spurious print; resolves #18562
2023-11-27 07:37:02 +11:00
ff70cc7e42
Clearer RHOST error message
2023-11-24 11:34:18 +11:00
0d591a3136
Land #18526 , Add a command to customise DNS resolution
2023-11-23 17:46:16 +01:00
4321aafe77
Land #18547 , Update ssh login pubkey module
...
Update ssh login pubkey module to correctly identify windows ssh platform
2023-11-22 17:09:06 -05:00
ef9a165d22
Changes from code review
2023-11-22 16:43:02 +11:00
1b12dc3940
Update ssh login pubkey module to correctly identify windows ssh platform
2023-11-17 12:51:01 +00:00
fb9bd2cae1
Use empty string for missing values rather than nil
2023-11-17 15:09:30 +11:00
9d873cb7ac
Fix bug in writing UpnDnsInfo structure, and include in sapphire PAC
2023-11-17 13:49:55 +11:00
e011fbeb32
Land #18516 , extract common dispatcher commands into a single resuable mixin
...
Extract reusable core session commands
2023-11-15 11:25:52 +00:00
f351d7b5e1
Don't create DNS cached resolver on every test, because it'll exhaust the OS's resources
2023-11-10 12:07:37 +11:00
d0585e0df5
Added unit tests
2023-11-09 14:45:06 +11:00
ea41ec7a5d
Fix tests leaving behind threads
2023-11-07 17:43:43 +00:00
82057178ca
log threads with no uuid
2023-11-07 15:31:46 +00:00
67a343230d
Fix thread count
2023-11-07 14:10:47 +00:00
c7e0e094fa
Add core session commands and test suite
2023-11-06 16:34:37 +00:00
3f3531d119
Add test for command shell sessions
2023-10-31 16:35:58 +00:00
6e9facbefb
Merge pull request #18419 from smashery/dcsync_kerberos
...
DCSync using Kerberos Pass-the-Ticket
2023-10-30 09:41:22 -04:00
2a699b89fa
Changes from code review
2023-10-30 12:51:55 +11:00
a97cc128f7
Fix flakey test failure
2023-10-25 14:09:34 +01:00
8331f4d2ad
Adds wiki guide for session searching
...
Also tweaks an error message
add readme to directory
2023-10-23 15:33:53 -05:00
7baabd08db
Land #18364 , Add support for filtering sessions
2023-10-19 16:40:42 +01:00
b4b73529d3
add -e flag for stale sessions
...
remove single flag
pivot to search flag
added support for search session type
adds search session id support
remove stale references
reshuffle code
fix time parsing, add command support
fix search list, reduce duplicated code
testing added
killall with search lists table of killed sessions
sessions are no longer represented by ids
addresses feedback on code structure and search behavior
some test reshuffling, switch raised errors to printed ones
add checkin validation, rest of cmd_sessions tests
add time parsing test
refactoring
test reformatting and adjusted error validation
make error handling more explicit, add test context
fixes
sub quotes, make constant
rubocopping
switch before and after to greater than and less than
mbetter incorporate constants
update example
2023-10-19 09:41:18 -05:00
bb19151891
Land #17689 , adding a new column cracked password in creds command to show cracked passwords
2023-10-13 12:25:51 +01:00
05dd2e1473
Land #18351 , Apache Superset RCE (CVE-2023-37941)
2023-10-12 17:10:10 -04:00
6aeffa5a17
Land #18363 , Add support to msfvenom for "-f octal
...
Merge branch 'land-18363' into upstream-master
2023-10-03 16:21:57 -05:00
50e4269c05
Land #18338 , Get crackable ASREP hashes
...
This PR fixes the ASREP roasting workflow and resolves
issue #17988 .
2023-10-02 13:26:43 -04:00
5087e0ffe3
Land #18197 , Ldap login scanner module
...
Adds a new login scanner module for LDAP
2023-10-02 10:56:56 -04:00
76a25c6937
Don't store creds for successful schannel ldap auth
2023-10-02 13:42:25 +01:00
35609d07e9
Fix lotus_domino_hashes_spec to comply with report_cred method
2023-09-25 01:19:43 +05:30
b4dee448bc
Update deprecated report_auth_info method call in lotus_domino_hashes
2023-09-24 22:32:52 +05:30
9c02331184
Land #18392 , Remove raised exception in acceptance tests
2023-09-22 10:41:57 +01:00
1b25ae5e14
Add comment explaining UNSUPPORTED_LANGS in spec.
2023-09-21 08:53:26 -06:00
75e9a0a834
Add support for base32/64 comments.
...
* Explicitly documents lack of support for VB style comments.
2023-09-21 08:50:58 -06:00
14ded7aa67
Remove raised exception in acceptance tests
2023-09-21 14:47:06 +01:00
a7f2165029
Send default etypes first, and fall back to RC4 if it doesn't require pre-auth
2023-09-21 21:22:25 +10:00
1d2dde9f81
Add comment support for "octal" format.
...
* Adds failing test that discovers several additional violations.
2023-09-20 17:24:00 -06:00
91ce4c3d9d
Add new spec for Msf::Simple::Payload.
2023-09-20 14:29:47 -06:00
1609836ea2
Don't store passwords to creds if the password wasn't needed for the auth type
2023-09-20 14:30:06 +01:00
1ef030df76
Land #18380 , Fix broken test suite when running in small console window
2023-09-20 11:03:57 +01:00
525c957af2
Land #18333 , Lexmark Device Embedded Web Server RCE (CVE-2023-26068)
2023-09-19 10:32:59 +02:00
d71883f55a
Fix broken test suite when running in small console window
2023-09-18 16:40:47 +01:00
c1a44c8b7f
Land #18359 , Forge ticket fix
2023-09-18 13:05:25 +01:00
1d51514730
Add spec for format without comment support.
2023-09-15 12:35:45 -06:00
1378bfbfc7
Land #18294 , pick up netifaces updates, improve error catching
2023-09-15 13:04:26 +01:00
ba9f879f64
Land #18369 , Fix opt address local crash when ipaddr is nil
2023-09-15 11:09:43 +01:00
46832abd49
Land #18358 , Add a Thrift RPC client
...
This PR adds a Thrift RPC client and updates
two modules to make use of the new addition.
2023-09-14 19:01:13 -04:00
871e1f401b
Fix OptAddressLocal crash when IPAddr is nil
2023-09-14 23:10:20 +01:00
0368b23af9
Add some basic specs for the client too
2023-09-14 17:45:09 -04:00
bf9ef45c45
Add some specs for thrift data types
2023-09-14 17:16:32 -04:00
c558dae400
Land #18361 , Adds new search keywords to msfconsole
2023-09-14 19:48:41 +01:00
619a46d450
working hashes for apache superset rce
2023-09-14 13:21:01 -04:00
4bff7ddea1
Adds new search keywords to msfconsole
2023-09-13 16:41:05 +01:00
814484cd29
Land #18357 , Add additional error reporting to integration tests
2023-09-13 15:02:57 +01:00
483e8175ca
Update unit tests
2023-09-13 14:11:18 +10:00
28c4902f4a
Land #18180 , Flask unsign library, related modules
...
Apache Supserset Priv Esc (CVE-2023-27524) and Flask unsign Library
2023-09-12 19:02:30 -04:00
e070ba28da
Add additional error reporting to integration tests
2023-09-12 17:32:18 +01:00
a13d45ec2d
add unit test
2023-09-11 12:14:26 -05:00
586f27f44a
Fix issue with username generation always adding domain
2023-09-11 16:35:31 +01:00
1af852b240
Add remote ldap specs
2023-09-11 16:33:01 +01:00
7a06ad8d5d
Add ldap login scanner specs
2023-09-11 16:33:01 +01:00
235c142274
Merge remote-tracking branch 'origin/flask_unsign' into flask_unsign
2023-09-11 10:27:00 -04:00
041bd3edc3
Land #18349 , Add Meterpreter compatibility matrix generation
2023-09-11 12:24:58 +01:00
901938c0f1
Add Meterpreter compatibility matrix generation
2023-09-11 12:04:18 +01:00
fdae4953eb
Land #18290 , Prometheus API & Prometheus Node Exporter Interrogator
...
Merge branch 'land-18290' into upstream-master
2023-09-08 12:55:30 -05:00
143e1c82b5
Add validation functionality to FlaskUnsign
2023-09-07 16:19:58 -04:00
213b9f9589
Merge remote-tracking branch 'upstream/master' into flask_unsign
2023-09-06 15:39:37 -04:00
f27439760d
Update mock for unit tests
2023-09-04 10:47:06 +10:00
e5f2ebff19
Fix copy pasta error
2023-08-31 12:14:24 -04:00
3e58183291
updated payloads_spec
2023-08-31 02:43:12 -04:00
8217745a85
Land #18257 , Apache nifi h2 rce (CVE-2023-34468)
2023-08-30 13:37:37 +02:00
091c07258b
Land #18298 , Sort addresses
...
Ensure datastore network adapter names are consistently resolved
2023-08-23 09:08:03 -04:00
da3ef0a6f9
Ensure datastore network adapter names are consistently resolved
2023-08-21 00:21:37 +01:00
1878c08293
Land #18276 , Add sasl scram 256 auth support to postgres modules
2023-08-18 14:34:51 +01:00
d84c15cf21
lib and spec updates
2023-08-17 15:29:20 -04:00
703f535850
Land #18275 , Update java reverse http and https to be dynamic
2023-08-17 16:15:16 +01:00
97a6fc9549
tables and screen width, ugh
2023-08-16 17:23:31 -04:00
d75c53fffe
prometheus api gather
2023-08-15 20:30:54 -04:00
7629c7d0f4
prometheus node exporter library
2023-08-15 20:30:54 -04:00
33193bdd41
Update java reverse http and https to be dynamic
2023-08-16 00:50:41 +01:00
9a50e66c50
Land #18278 , Use latest version of ruby-mysql from upstream
2023-08-15 14:29:36 +01:00
68ce65c6c9
Revert "Revert "Add Meterpreter sanity tests to CI""
2023-08-15 13:24:59 +01:00
e6d1a20a05
Use `ruby-mysql` for MySQL login scanner
2023-08-14 21:34:41 +02:00
cdbd591f07
Revert "Add Meterpreter sanity tests to CI"
2023-08-10 19:08:09 +01:00
98ac76d54f
Add sasl scram 256 auth support to postgres modules
2023-08-09 16:41:01 +01:00
9e7960fd9f
Land #18224 , First iteration of specs for SSH Login scanner
2023-08-04 16:22:37 +01:00
a3d129fe9f
Land #18244 , Update payload size warnings to errors on CI
2023-08-04 14:10:14 +01:00
dfe030cc99
Update payload size warnings to errors on CI
2023-08-04 13:56:31 +01:00
6f7ebb3824
Land #18210 , Add Meterpreter sanity tests to CI
2023-08-04 13:24:39 +01:00
b1d6983fad
Land #18228 , Adds Rubocop rule to detect invalid pack/unpack directives
2023-08-04 11:20:18 +01:00
61f70e09f6
detect invalid Pack/Unpack directives
2023-08-03 17:39:21 +01:00
d8dc189168
Add Meterpreter sanity tests to CI
2023-08-03 17:11:44 +01:00
5756241fb3
Land #18223 , Fix broken msfconsole histories when switching between shell sessions
2023-08-03 16:40:01 +01:00
9932aaaaaa
Add specs for resetting password list when username is specified
2023-07-31 16:22:08 +01:00
449af8daa7
Fix broken msfconsole histories when switching between shell sessions
2023-07-27 16:12:57 +01:00
0453877fee
First iteration of specs for SSH Login scanner
2023-07-27 15:29:02 +02:00
3d3e2a9e2d
apache supserset exploit
2023-07-11 15:19:33 -04:00
5974801e14
Tidy up plugin specs
2023-07-07 17:14:29 +02:00
2c2f855e20
working cookies for superset
2023-07-06 07:12:39 -04:00
88a539a82c
Land #18144 , update capture plugin to be more helpful, and add documentation
2023-07-06 11:17:14 +01:00
ae48236d07
Land #18122 , rocketmq version lib
2023-07-05 18:11:25 +02:00
Ashley Donaldson