New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/msp 12244/postgres pass the hash #4871
Feature/msp 12244/postgres pass the hash #4871
Conversation
allow the raw md5 password hash to be passed in instead of a password for md5 authentication in postgres. Adds an extra exception class for when an md5 hash is given but the server expects a different form of authentication. MSP-12244
add postgres_md5 to the type validation on Metasploit::Framework::Credential to account for the new Private type MSP-12244
the cred collection can now identify a postgres_md5 hash string and set the type on the Metasploit::Framework::Credential object appropriately MSP-12244
instead of nonreplayabke hashes the postgres_hashdump aux module now saves them approriately as PostgresMD5s with the md5 tag intact at the front MSP-12244
update version of metasploit-credential in order to get the PostgresMD5 hash subtype MSP-12244
the JtR hash cracker for postgres hashes now uses the new PostgresMD5 class for finding it's hashes MSP-12244
Minor nitpick on the PTH format, any chance it could be changed to |
@hmoore-r7 that format is exactly how it is stored in the postgres database. that's why it's that way |
oops, bad Dave screwing up a regex |
Note, the Travis tests will fail out of the gate until the gem is actually updated. This is expected. |
update gemfile lock for new credential version MSP-12244
arg travis, wtf |
screwed it up somehow the first time
lol travis |
pulled re-released metasploit-credential to fix bug by a hidden change to factories MSP-1244
Dave and William did most of the work already over on PR rapid7#4871, this just points it out in the module.
Dave and William did most of the work already over on PR rapid7#4871, this just points it out in the module.
This PR adds Pass-the-Hash functionality for Postgres.
-The postgres_hashdump module also now stores postgres hashes into this model
VERIFICATION STEPS
bundle install
to get the latest version of the gemuse auxiliary/scanner/postgres/postgres_login
postgres
md53175bce1d3201d16594cebf9d7eb3f9d
run
creds
Postgres Md5
use auxiliary/analyze/jtr_postgres_fast
run
use auxiliary/scanner/postgres/postgres_hashdump
postgres
postgres
run
creds