MetasploitJan 30, 2023

#Metasploit Framework 6.3 is out now 🎉​

New features include native #Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.

https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/

Metasploit Framework 6.3 Released | Rapid7 Blog

Rapid7
Show threadMetasploitJan 30, 2023

MSF 6.3 supports Kerberos authentication over HTTP, LDAP, MSSQL, SMB, and WinRM. Request TGTs and TGS with a password, NT hash, or encryption key— or request tickets via PKINIT with certs issued from AD CS.

New authentication methods here: https://gist.github.com/adfoster-r7/2b52461d3103ff2cd748c00f3a9e4ad2

graph.md

GitHub Gist: instantly share code, notes, and snippets.

Gist
Show threadMetasploitJan 30, 2023
MSF 6.3 also adds Kerberos ticket inspection and debugging, plus support for generating Keytab files to decrypt Kerberos network traffic in Wireshark.
Show threadMetasploitJan 30, 2023
Fully automated privilege escalation in MSF 6.3 with the new Certifried (CVE-2022–26923) module
Show threadMetasploitJan 30, 2023
We’ve added key attack primitives for AD DS and AD CS. Users can create computer accounts, abuse RBCD, and enumerate 28 key data points via LDAP. AD CS modules support issuing certs, hunting for ESC1/2/3 vulnerable certificates, and more https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/
Metasploit Framework 6.3 Released | Rapid7 Blog

Rapid7
Show threadMetasploit
Also new in MSF 6.3: A sixth getsystem technique (EfsPotato), Mimipenguin support for better Linux credential extraction, #Metasploit datastore overhaul, customizable option specification for module authors, and #Meterpreter support for running Cobalt Strike Beacon Object Files
Jan 30, 2023 at 2:12pmWeb
Show threadMetasploitJan 30, 2023
Many thanks to our dedicated hacker team and our brilliant open-source community, including (but not limited to) @SlyFawkes @zeroSteiner @k0pak4 @smashery @tychos_moose @tekwizz123 @oj and (many) more folks not on social media!