Feature request - update metasploit::credential::core to support target service metadata #166
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Request:
Update metasploit::credential::core to contain references to services where the credential can be used against.
I think this metadata is different to metasploit::credential::login - which verifies whether the creds works or not, versus this feature request of allowing cores to differentiate between where creds came from and where they could be used against (verified or not)
Context:
The requirement originally came when adding support for Kerberos tickets #165 - which allows you to authenticate with kerberos, and receive a ticket that can be used against a different target system.
This scenario also comes up when running post modules against targets, i.e.:
.envfile containing database credentials that exist on a different service to the origin that the creds were foundsshcreds on a compromised host that should work against known targets, but they haven't been verifiedThe text was updated successfully, but these errors were encountered: