adfoster-r7
fd10f4d295
Land #19156 , Fixes password_spray not using additional_privates and default username
2024-05-02 16:20:10 +01:00
cgranleese-r7
d105ae10ff
Fixes some password_spray issues
2024-05-02 15:43:07 +01:00
Metasploit
4c7f1e6520
Bump version of framework to 6.4.8
2024-05-02 03:37:55 -05:00
Metasploit
bd767a9279
automatic module_metadata_base.json update
2024-05-01 16:26:41 -05:00
Spencer McIntyre
1bf721b9d5
Land #19152 , Fix apache_normalize_path_rce check
...
Fix apache_normalize_path_rce check method
2024-05-01 17:10:23 -04:00
adfoster-r7
5e1dc05f09
Fix apache_normalize_path_rce check method
2024-05-01 20:01:38 +01:00
Metasploit
2dce73833f
automatic module_metadata_base.json update
2024-05-01 08:45:48 -05:00
adfoster-r7
59a3839be8
Land #19137 , nameservers from resolv.conf must be IP addresses
2024-05-01 14:28:38 +01:00
Spencer McIntyre
a98554a1f4
Land #19048 , Enable inline credentials dump
...
Windows Secrets Dump: Enable inline credentials dump
2024-05-01 09:05:40 -04:00
adfoster-r7
fef9024c5a
Land #19148 , Update pcaprub dependency
2024-04-30 21:18:34 +01:00
adfoster-r7
27dd14bb64
Update pcaprub dependency
2024-04-30 20:48:24 +01:00
Christophe De La Fuente
52001bf7d4
Bump `ruby_smb` to version 3.3.7
...
- This will bring in the GetKeySecurity and SetKeySecurity MS-RRP structures
2024-04-30 20:54:15 +02:00
Christophe De La Fuente
9079ce331b
Remove call to `each_key` on `users` array, since it is not a Hash
2024-04-30 20:52:23 +02:00
Metasploit
d6b45658e0
automatic module_metadata_base.json update
2024-04-29 17:55:45 -05:00
Spencer McIntyre
434186200a
Land #19141 , Apache RocketMQ & ActiveMQ fixes
2024-04-29 18:33:47 -04:00
jheysel-r7
6055d8a005
Apply suggestions from code review
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
2024-04-29 17:37:49 -04:00
bwatters
8a08f6a083
Land #19075 , Modularise the Softing login code
...
Merge branch 'land-19075' into upstream-master
2024-04-29 14:47:44 -05:00
Jack Heysel
6c74d14bb7
Tested attempt to fix rspec
2024-04-29 08:54:57 -07:00
Metasploit
518aafb1f1
automatic module_metadata_base.json update
2024-04-26 18:37:25 -05:00
bwatters
364d491af7
Land #18972 , Progress LoadMaster unauthenticated command injection module CVE-2024-1212
...
Merge branch 'land-18972' into upstream-master
2024-04-26 18:18:40 -05:00
bwatters
02c31159ab
Add vulnerable versions and fix indention
2024-04-26 17:36:50 -05:00
Jack Heysel
f5f1deaf5b
Untested attempt to fix spec
2024-04-26 14:55:45 -07:00
Jack Heysel
3b57fbf052
ActiveMQ fixes
2024-04-26 14:25:16 -07:00
Jack Heysel
429eaff5ca
RocketMQ fixes
2024-04-26 14:24:08 -07:00
Christophe De La Fuente
4f6e2bcd22
Code review
2024-04-26 18:47:42 +02:00
Christophe De La Fuente
4794844b67
Update the documentation
2024-04-26 18:44:05 +02:00
Christophe De La Fuente
1294ed0bbb
Add inline technique to dump SAM hashes, LSA secrets and cached hashes
2024-04-26 18:44:05 +02:00
Metasploit
a6cf1cd414
automatic module_metadata_base.json update
2024-04-26 07:52:01 -05:00
adfoster-r7
7e2e3eeab3
Land #19138,fix recursive call to `ldap_open`
2024-04-26 13:35:30 +01:00
Dean Welch
1c8a4706d7
Fix recursive call to `ldap_open`
2024-04-26 12:33:43 +01:00
Spencer McIntyre
cf6d324832
Nameservers from resolv.conf must be IP addresses
...
Fixes an infinite recursion error where Metasploit would attempt to
resolve a nameserver specified as a hostname in /etc/resolv.conf while
initializing.
Values for the namserver key in the resolv.conf file must be IP
addresses per the man page while the Resolver class in theory allows
them to be added by hostname however an existing one must be defined by
which it will be resolved.
This notably prevents IPv6 addresses with a scope ID from being allowed
in Ruby versions < 3.1.
2024-04-25 16:21:04 -04:00
Metasploit
aef3cc546b
automatic module_metadata_base.json update
2024-04-25 10:10:09 -05:00
Simon Janusz
76d7fe8dbd
Land #19095 , Refactor smb_enumusers
2024-04-25 15:45:23 +01:00
dwelch-r7
cd40f95f05
Land #19134 , Downgrade unf ext
2024-04-25 15:25:05 +01:00
adfoster-r7
c1e5c7a8bf
Downgrade unf_ext
2024-04-25 15:08:31 +01:00
Spencer McIntyre
d6317923f6
Bump ruby_smb to 3.3.6
...
This pulls in the changes from rapid7/ruby_smb#266 which adds
SamrQueryInformationDomain support.
2024-04-25 09:41:48 -04:00
Metasploit
b607c70611
Bump version of framework to 6.4.7
2024-04-25 03:35:58 -05:00
Spencer McIntyre
1c8d62abc1
Land #19129 , Add missing '-S' to cmd_notes
2024-04-24 15:57:33 -04:00
Metasploit
1e4e62dc43
automatic module_metadata_base.json update
2024-04-24 14:29:51 -05:00
Jack Heysel
aea95c052e
Land #18723 , Improve Gitlab fingerprinting
...
A webpage exists that can be reached without authentication that
contains a hash that can be used to determine the approximate version of
gitlab running on the endpoint. This PR adds enhances our current GitLab
fingerprinting capabilities to include the aforementioned technique.
2024-04-24 12:13:15 -07:00
Jack Heysel
bc4a532cd7
Changed format of GITLAB_CSS_MAP
2024-04-24 11:38:22 -07:00
Noam Rathaus
cadda6f1a3
Fix rspec for cmd_notes
2024-04-24 20:46:32 +03:00
Jack Heysel
8b48d3d056
Print RPORT as well as IP when printing version
2024-04-24 10:20:59 -07:00
Metasploit
e6fb1789f4
automatic module_metadata_base.json update
2024-04-24 12:15:44 -05:00
Jack Heysel
bd2b1e5f00
Removed redundant use of Object#to_s in interpolation
2024-04-24 10:09:20 -07:00
Jack Heysel
f018295509
Ensure range of Rex::Version objects are always returned
2024-04-24 10:00:16 -07:00
adfoster-r7
e5cf357f9e
Land #19078 , ldap acceptance tests
2024-04-24 17:59:24 +01:00
Dean Welch
33ffc14e6b
Use samba ad container for ldap
2024-04-24 11:38:41 +01:00
Noam Rathaus
99c56c5410
Add missing '-S'
2024-04-24 12:24:01 +03:00
jvoisin
5ff05b7cec
Add more fingerprints
2024-04-24 00:12:01 +02:00