From 0b610e42557e4072e8b4a20246f263dedaf013a0 Mon Sep 17 00:00:00 2001 From: Metasploit Date: Tue, 9 Apr 2024 09:30:32 -0500 Subject: [PATCH] automatic module_metadata_base.json update --- db/modules_metadata_base.json | 69 ++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index d498d0b658aa..2f74d945694b 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -6129,7 +6129,7 @@ ], "targets": null, - "mod_time": "2023-03-09 02:09:29 +0000", + "mod_time": "2024-04-02 15:29:47 +0000", "path": "/modules/auxiliary/admin/kerberos/get_ticket.rb", "is_install_path": true, "ref_name": "admin/kerberos/get_ticket", @@ -6528,6 +6528,73 @@ } ] }, + "auxiliary_admin/ldap/shadow_credentials": { + "name": "Shadow Credentials", + "fullname": "auxiliary/admin/ldap/shadow_credentials", + "aliases": [ + + ], + "rank": 300, + "disclosure_date": null, + "type": "auxiliary", + "author": [ + "Elad Shamir", + "smashery" + ], + "description": "This module can read and write the necessary LDAP attributes to configure a particular account with a\n Key Credential Link. This allows weaponising write access to a user account by adding a certificate\n that can subsequently be used to authenticate. In order for this to succeed, the authenticated user\n must have write access to the target object (the object specified in TARGET_USER).", + "references": [ + "URL-https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab", + "URL-https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/shadow-credentials" + ], + "platform": "", + "arch": "", + "rport": 389, + "autofilter_ports": [ + + ], + "autofilter_services": [ + + ], + "targets": null, + "mod_time": "2024-04-09 07:53:26 +0000", + "path": "/modules/auxiliary/admin/ldap/shadow_credentials.rb", + "is_install_path": true, + "ref_name": "admin/ldap/shadow_credentials", + "check": false, + "post_auth": true, + "default_credential": false, + "notes": { + "Stability": [ + + ], + "SideEffects": [ + "config-changes" + ], + "Reliability": [ + + ] + }, + "session_types": false, + "needs_cleanup": false, + "actions": [ + { + "name": "ADD", + "description": "Add a credential to the account" + }, + { + "name": "FLUSH", + "description": "Delete all certificate entries" + }, + { + "name": "LIST", + "description": "Read all credentials associated with the account" + }, + { + "name": "REMOVE", + "description": "Remove matching certificate entries from the account object" + } + ] + }, "auxiliary_admin/ldap/vmware_vcenter_vmdir_auth_bypass": { "name": "VMware vCenter Server vmdir Authentication Bypass", "fullname": "auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass",