Skip to content

Commit

Permalink
Fixing undefined tgt session key and wrong cname for impersonation
Browse files Browse the repository at this point in the history
  • Loading branch information
@ShutdownRepo
ShutdownRepo committed Sep 8, 2023
1 parent 1852668 commit 70d7726
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions examples/ticketer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,6 +337,7 @@ def createBasicTicket(self):
tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, self.__password, self.__domain,
unhexlify(lmhash), unhexlify(nthash), None,
self.__options.dc_ip)
self.__tgt, self.__tgt_cipher, self.__tgt_session_key = tgt, cipher, sessionKey
if self.__domain == self.__server:
kdcRep = decoder.decode(tgt, asn1Spec=AS_REP())[0]
else:
Expand Down Expand Up @@ -387,7 +388,7 @@ def createBasicTicket(self):
return None, None
kdcRep['cname']['name-type'] = PrincipalNameType.NT_PRINCIPAL.value
kdcRep['cname']['name-string'] = noValue
kdcRep['cname']['name-string'][0] = self.__target
kdcRep['cname']['name-string'][0] = self.__options.impersonate or self.__target

else:
logging.info('Creating basic skeleton ticket and PAC Infos')
Expand Down Expand Up @@ -654,8 +655,7 @@ def customizeTicket(self, kdcRep, pacInfos):
self.createAttributesInfoPac(pacInfos)
if self.__options.old_pac is False and not RequestorInfoPacInS4UU2UPAC:
if self.__options.user_id == "500":
logging.warning(
"User ID is 500, which is Impacket's default. If you specified -user-id, you can ignore this message. "
logging.warning("User ID is 500, which is Impacket's default. If you specified -user-id, you can ignore this message. "
"If you didn't, and you get a KDC_ERR_TGT_REVOKED error when using the ticket, you will need to specify the -user-id "
"with the RID of the target user to impersonate")
self.createRequestorInfoPac(pacInfos)
Expand Down

0 comments on commit 70d7726

Please sign in to comment.