Skip to content

Commit

Permalink
automatic module_metadata_base.json update
Browse files Browse the repository at this point in the history
  • Loading branch information
msjenkins-r7 committed Apr 9, 2024
1 parent 8f5052f commit 0b610e4
Showing 1 changed file with 68 additions and 1 deletion.
69 changes: 68 additions & 1 deletion db/modules_metadata_base.json
Original file line number Diff line number Diff line change
Expand Up @@ -6129,7 +6129,7 @@

],
"targets": null,
"mod_time": "2023-03-09 02:09:29 +0000",
"mod_time": "2024-04-02 15:29:47 +0000",
"path": "/modules/auxiliary/admin/kerberos/get_ticket.rb",
"is_install_path": true,
"ref_name": "admin/kerberos/get_ticket",
Expand Down Expand Up @@ -6528,6 +6528,73 @@
}
]
},
"auxiliary_admin/ldap/shadow_credentials": {
"name": "Shadow Credentials",
"fullname": "auxiliary/admin/ldap/shadow_credentials",
"aliases": [

],
"rank": 300,
"disclosure_date": null,
"type": "auxiliary",
"author": [
"Elad Shamir",
"smashery"
],
"description": "This module can read and write the necessary LDAP attributes to configure a particular account with a\n Key Credential Link. This allows weaponising write access to a user account by adding a certificate\n that can subsequently be used to authenticate. In order for this to succeed, the authenticated user\n must have write access to the target object (the object specified in TARGET_USER).",
"references": [
"URL-https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab",
"URL-https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/shadow-credentials"
],
"platform": "",
"arch": "",
"rport": 389,
"autofilter_ports": [

],
"autofilter_services": [

],
"targets": null,
"mod_time": "2024-04-09 07:53:26 +0000",
"path": "/modules/auxiliary/admin/ldap/shadow_credentials.rb",
"is_install_path": true,
"ref_name": "admin/ldap/shadow_credentials",
"check": false,
"post_auth": true,
"default_credential": false,
"notes": {
"Stability": [

],
"SideEffects": [
"config-changes"
],
"Reliability": [

]
},
"session_types": false,
"needs_cleanup": false,
"actions": [
{
"name": "ADD",
"description": "Add a credential to the account"
},
{
"name": "FLUSH",
"description": "Delete all certificate entries"
},
{
"name": "LIST",
"description": "Read all credentials associated with the account"
},
{
"name": "REMOVE",
"description": "Remove matching certificate entries from the account object"
}
]
},
"auxiliary_admin/ldap/vmware_vcenter_vmdir_auth_bypass": {
"name": "VMware vCenter Server vmdir Authentication Bypass",
"fullname": "auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass",
Expand Down

0 comments on commit 0b610e4

Please sign in to comment.