Commit Graph

30056 Commits (fee49b0b85d0d9f676120bb2decfaa4a1c94ad3c)

Author SHA1 Message Date
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 04ef087434 Delete Microsoft namespace from the mixin 2014-12-19 18:41:27 -06:00
jvazquez-r7 b78765e584 Create PAC mixin component 2014-12-19 18:36:02 -06:00
jvazquez-r7 def1695e80 Use options by call 2014-12-19 18:23:11 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
Jon Hart 7f2247f86d
Add description and URL 2014-12-19 15:50:16 -08:00
Jon Hart 9b815ea0df
Some style cleanup 2014-12-19 15:35:09 -08:00
Jon Hart 4d0b5d1a50
Add some vprints and use a sane URIPATH 2014-12-19 15:33:26 -08:00
Tod Beardsley 1213aa1875
Missed one in CONTRIBUTING.md 2014-12-19 17:32:28 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart 48444a27af
Remove debugging pp 2014-12-19 15:27:06 -08:00
Jon Hart 1c7fb7cc7d
Mostly working exploit for CVE-2014-9390 2014-12-19 15:24:27 -08:00
jvazquez-r7 9cfc52b5af Extract build_as_request_body 2014-12-19 17:00:39 -06:00
jvazquez-r7 fcb801c729 Add Timeout datastore option 2014-12-19 16:53:12 -06:00
sinn3r fb35a4574f Well, should be -1 2014-12-19 16:36:05 -06:00
sinn3r cd444ed2db No point to save if there's no payload 2014-12-19 16:35:17 -06:00
sinn3r 3c03f3697a
Land #4433 - Update mailmap 2014-12-19 16:29:14 -06:00
sinn3r c2bc182db5 Fix #4430 - Add support for -o to save the payload to disk
Fix #4430
2014-12-19 16:14:43 -06:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
Fernando Arias 337b2d784f
Land #4416, define rails version dep in one place
* Bump rails to 3.2.21
2014-12-19 15:17:54 -06:00
Jon Hart 4888ebe68d
Initial commit of POC module for CVE-2013-9390 (#4435) 2014-12-19 12:58:02 -08:00
David Maloney 82e7cd99b5
pull latest mdm 2014-12-19 14:58:01 -06:00
HD Moore fffa8cfdd1
Lands #4426 by cleaning up the module description 2014-12-19 14:54:17 -06:00
HD Moore 9ede2c2ca5
Lands #4429 by fixing windows/messagebox with EXITFUNC=none 2014-12-19 14:51:57 -06:00
Brent Cook 85ec71bd1e
Land #4434, fix for metasm invalid opcode 2014-12-19 14:43:55 -06:00
David Maloney 24527d7a55
Land #4427, Misfortune Cookie Scanner
lands Jhart's scanner module for the RomPager
Misofrtune Cookie vuln.
2014-12-19 14:03:00 -06:00
Matt Buck db0aeb2a05
Make the version constraint a range 2014-12-19 13:54:13 -06:00
Tod Beardsley 38a4776b39
Add and sort other contributors in mailmap 2014-12-19 13:41:06 -06:00
Tod Beardsley df4f86047d
Add new/updated r7 employees to mailmap 2014-12-19 13:39:42 -06:00
sinn3r 650a68c994 Fix jcxz to jecxz for x86_64 in metasm
This fixes "invalid opcode near 'jecxz'" for x64 metasm encoding.
2014-12-19 13:34:56 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
Matt Buck c493ccfc06
Define the Rails version constraint in a library constant 2014-12-19 11:46:39 -06:00
jvazquez-r7 f4037b1003 Clean Kerberos Rex client code 2014-12-19 11:08:48 -06:00
sinn3r 2c0c732967 Fix #4414 & #4415 - exitfunc and proper null-terminated string
This patch fixes the following for messagebox.rb

Issue 1 (#4415)
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.

Issue 2: (#4414)
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.

Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
jvazquez-r7 dfa92da287 Add TODO 2014-12-19 01:13:56 -06:00
jvazquez-r7 77e2d4d90d Add documentation for the Kerberos PAC support classes 2014-12-19 01:12:14 -06:00
jvazquez-r7 fda4cd3440 Fix some Rex Kerberos model documentation 2014-12-18 19:30:12 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
jvazquez-r7 b740ba4738 Add specs for Rex::Proto::Kerberos::CredentialCache::Cache 2014-12-18 18:35:20 -06:00
jvazquez-r7 8f119e0731 Add specs for Rex::Proto::Kerberos::CredentialCache::Credential 2014-12-18 18:07:44 -06:00
jvazquez-r7 0d464a7ff8 Add specs for Rex::Proto::Kerberos::CredentialCache::Time 2014-12-18 17:53:42 -06:00
jvazquez-r7 d53f5668a2 Add specs for Rex::Proto::Kerberos::CredentialCache::KeyBlock 2014-12-18 17:50:00 -06:00
jvazquez-r7 c426cf32d0 Add specs for Rex::Proto::Kerberos::CredentialCache::Principal 2014-12-18 17:40:06 -06:00
jvazquez-r7 16d5ee1aae Add documentation for the rex credential cache support 2014-12-18 17:12:58 -06:00
jvazquez-r7 e25665853c
Merge support for Kerberos credential cache encoding 2014-12-18 16:33:33 -06:00