Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the ruby_smb and rex-socket gems #19674

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

zeroSteiner
Copy link
Contributor

This bumps the ruby_smb and rex-socket gems to pull in fixes for two bugs.

RubySMB

This pulls in a fix that adjusts two fields to be optional. This fixes the parsing error in windows_secrets_dump that was originally identified in #19665. The original steps to reproduce the bug can be used to confirm the fix.

This fixes an issue in the windows_secrets_dump module, wherein it fails after certain password change APIs.

To reproduce this issue (and verify the fix):

Force a password reset with impacket to force Kerberos keys to be removed:
changepasswd.py -reset -newpass Pass123123$ domain/user@192.168.1.1 -altuser administrator -altpass Password1!

Run the windows_secrets_dump module with appropriate credentials:

Rex-Socket

This fixed where .rex_getaddrinfo was handing IP addresses inconsistently when a custom DNS resolver was in use. To reproduce the original issue:

  1. Enable the DNS feature in Metasploit
  2. Obtain a Meterpreter session somehow
  3. From msfconsole, run the route command using the following syntax to route all traffic through the new session: route add 0 0 -1.
  4. See that the command did not fail because 0 was converted to 0.0.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant