jvazquez-r7
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
jvazquez-r7
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
jvazquez-r7
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
jvazquez-r7
04ef087434
Delete Microsoft namespace from the mixin
2014-12-19 18:41:27 -06:00
jvazquez-r7
b78765e584
Create PAC mixin component
2014-12-19 18:36:02 -06:00
jvazquez-r7
def1695e80
Use options by call
2014-12-19 18:23:11 -06:00
jvazquez-r7
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
jvazquez-r7
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
Jon Hart
7f2247f86d
Add description and URL
2014-12-19 15:50:16 -08:00
Jon Hart
9b815ea0df
Some style cleanup
2014-12-19 15:35:09 -08:00
Jon Hart
4d0b5d1a50
Add some vprints and use a sane URIPATH
2014-12-19 15:33:26 -08:00
Tod Beardsley
1213aa1875
Missed one in CONTRIBUTING.md
2014-12-19 17:32:28 -06:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
48444a27af
Remove debugging pp
2014-12-19 15:27:06 -08:00
Jon Hart
1c7fb7cc7d
Mostly working exploit for CVE-2014-9390
2014-12-19 15:24:27 -08:00
jvazquez-r7
9cfc52b5af
Extract build_as_request_body
2014-12-19 17:00:39 -06:00
jvazquez-r7
fcb801c729
Add Timeout datastore option
2014-12-19 16:53:12 -06:00
sinn3r
fb35a4574f
Well, should be -1
2014-12-19 16:36:05 -06:00
sinn3r
cd444ed2db
No point to save if there's no payload
2014-12-19 16:35:17 -06:00
sinn3r
3c03f3697a
Land #4433 - Update mailmap
2014-12-19 16:29:14 -06:00
sinn3r
c2bc182db5
Fix #4430 - Add support for -o to save the payload to disk
...
Fix #4430
2014-12-19 16:14:43 -06:00
jvazquez-r7
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
Fernando Arias
337b2d784f
Land #4416 , define rails version dep in one place
...
* Bump rails to 3.2.21
2014-12-19 15:17:54 -06:00
Jon Hart
4888ebe68d
Initial commit of POC module for CVE-2013-9390 ( #4435 )
2014-12-19 12:58:02 -08:00
David Maloney
82e7cd99b5
pull latest mdm
2014-12-19 14:58:01 -06:00
HD Moore
fffa8cfdd1
Lands #4426 by cleaning up the module description
2014-12-19 14:54:17 -06:00
HD Moore
9ede2c2ca5
Lands #4429 by fixing windows/messagebox with EXITFUNC=none
2014-12-19 14:51:57 -06:00
Brent Cook
85ec71bd1e
Land #4434 , fix for metasm invalid opcode
2014-12-19 14:43:55 -06:00
David Maloney
24527d7a55
Land #4427 , Misfortune Cookie Scanner
...
lands Jhart's scanner module for the RomPager
Misofrtune Cookie vuln.
2014-12-19 14:03:00 -06:00
Matt Buck
db0aeb2a05
Make the version constraint a range
2014-12-19 13:54:13 -06:00
Tod Beardsley
38a4776b39
Add and sort other contributors in mailmap
2014-12-19 13:41:06 -06:00
Tod Beardsley
df4f86047d
Add new/updated r7 employees to mailmap
2014-12-19 13:39:42 -06:00
sinn3r
650a68c994
Fix jcxz to jecxz for x86_64 in metasm
...
This fixes "invalid opcode near 'jecxz'" for x64 metasm encoding.
2014-12-19 13:34:56 -06:00
jvazquez-r7
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
Joe Vennix
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00
Matt Buck
c493ccfc06
Define the Rails version constraint in a library constant
2014-12-19 11:46:39 -06:00
jvazquez-r7
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
sinn3r
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
Joe Vennix
25313b1712
Use the hash to pass the script.
2014-12-19 02:30:37 -06:00
jvazquez-r7
dfa92da287
Add TODO
2014-12-19 01:13:56 -06:00
jvazquez-r7
77e2d4d90d
Add documentation for the Kerberos PAC support classes
2014-12-19 01:12:14 -06:00
jvazquez-r7
fda4cd3440
Fix some Rex Kerberos model documentation
2014-12-18 19:30:12 -06:00
Jon Hart
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
jvazquez-r7
b740ba4738
Add specs for Rex::Proto::Kerberos::CredentialCache::Cache
2014-12-18 18:35:20 -06:00
jvazquez-r7
8f119e0731
Add specs for Rex::Proto::Kerberos::CredentialCache::Credential
2014-12-18 18:07:44 -06:00
jvazquez-r7
0d464a7ff8
Add specs for Rex::Proto::Kerberos::CredentialCache::Time
2014-12-18 17:53:42 -06:00
jvazquez-r7
d53f5668a2
Add specs for Rex::Proto::Kerberos::CredentialCache::KeyBlock
2014-12-18 17:50:00 -06:00
jvazquez-r7
c426cf32d0
Add specs for Rex::Proto::Kerberos::CredentialCache::Principal
2014-12-18 17:40:06 -06:00
jvazquez-r7
16d5ee1aae
Add documentation for the rex credential cache support
2014-12-18 17:12:58 -06:00
jvazquez-r7
e25665853c
Merge support for Kerberos credential cache encoding
2014-12-18 16:33:33 -06:00