Merge branch 'rapid7:master' into master

Snakpax7 · Dec 1, 2024 · 90d7843 · 90d7843
2 parents 818301c + 1c326d6
commit 90d7843
Show file tree

Hide file tree

Showing 65 changed files with 6,230 additions and 405 deletions.
diff --git a/.mailmap b/.mailmap
@@ -121,6 +121,7 @@ m-1-k-3 <m-1-k-3@github>               Michael Messner <[email protected]>
 Meatballs1 <Meatballs1@github>         <[email protected]>
 Meatballs1 <Meatballs1@github>         <[email protected]>
 mubix <mubix@github>                   Rob Fuller <[email protected]>
+mwalas-r7 <mwalas-r7@github>           <[email protected]>
 net-ninja <[email protected]>       Steven Seeley <[email protected]>
 nevdull77 <nevdull77@github>           Patrik Karlsson <[email protected]>
 nmonkee <nmonkee@github>               nmonkee <[email protected]>

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (6.4.37)
+    metasploit-framework (6.4.39)
       aarch64
       abbrev
       actionpack (~> 7.0.0)
@@ -439,7 +439,7 @@ GEM
       rex-random_identifier
       rex-text
       ruby-rc4
-    rex-random_identifier (0.1.12)
+    rex-random_identifier (0.1.13)
       rex-text
     rex-registry (0.1.5)
     rex-rop_builder (0.1.5)
@@ -499,11 +499,11 @@ GEM
     ruby-progressbar (1.13.0)
     ruby-rc4 (0.1.5)
     ruby2_keywords (0.0.5)
-    ruby_smb (3.3.10)
+    ruby_smb (3.3.11)
       bindata (= 2.4.15)
       openssl-ccm
       openssl-cmac
-      rubyntlm
+      rubyntlm (>= 0.6.5)
       windows_error (>= 0.1.4)
     rubyntlm (0.6.5)
       base64

diff --git a/LICENSE_GEMS b/LICENSE_GEMS
@@ -88,7 +88,7 @@ memory_profiler, 1.1.0, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 5.0.3, "New BSD"
 metasploit-credential, 6.0.11, "New BSD"
-metasploit-framework, 6.4.37, "New BSD"
+metasploit-framework, 6.4.39, "New BSD"
 metasploit-model, 5.0.2, "New BSD"
 metasploit-payloads, 2.0.187, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 6.0.5, "New BSD"
@@ -156,7 +156,7 @@ rex-mime, 0.1.8, "New BSD"
 rex-nop, 0.1.3, "New BSD"
 rex-ole, 0.1.8, "New BSD"
 rex-powershell, 0.1.100, "New BSD"
-rex-random_identifier, 0.1.12, "New BSD"
+rex-random_identifier, 0.1.13, "New BSD"
 rex-registry, 0.1.5, "New BSD"
 rex-rop_builder, 0.1.5, "New BSD"
 rex-socket, 0.1.57, "New BSD"
@@ -181,7 +181,7 @@ ruby-prof, 1.4.2, "Simplified BSD"
 ruby-progressbar, 1.13.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.3.10, "New BSD"
+ruby_smb, 3.3.11, "New BSD"
 rubyntlm, 0.6.5, MIT
 rubyzip, 2.3.2, "Simplified BSD"
 sawyer, 0.9.2, MIT

diff --git a/data/auxiliary/gather/ldap_query/ldap_queries_default.yaml b/data/auxiliary/gather/ldap_query/ldap_queries_default.yaml
@@ -373,3 +373,17 @@ queries:
       - https://malicious.link/post/2022/ldapsearch-reference/
       - https://burmat.gitbook.io/security/hacking/domain-exploitation
       - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
+  - action: ENUM_PRE_WINDOWS_2000_COMPUTERS
+    description: 'Dump info about all computer objects likely created as a "pre-Windows 2000 computer", for which the password might be predictable.'
+    filter: '(&(userAccountControl=4128))'
+    attributes:
+      - cn
+      - displayName
+      - description
+      - sAMAccountName
+      - userPrincipalName
+      - logonCount
+      - userAccountControl
+    references:
+      - https://www.thehacker.recipes/ad/movement/builtins/pre-windows-2000-computers
+      - https://trustedsec.com/blog/diving-into-pre-created-computer-accounts
diff --git a/data/wordlists/wp-exploitable-plugins.txt b/data/wordlists/wp-exploitable-plugins.txt
@@ -65,3 +65,4 @@ hash-form
 give
 ultimate-member
 wp-fastest-cache
+post-smtp