Skip to content

Commit

Permalink
Land #17468, Fix error when printing ticket contents from a kirbi fil…
Browse files Browse the repository at this point in the history 
…e format
  • Loading branch information
@adfoster-r7
adfoster-r7 committed Jan 16, 2023
2 parents 25550a4 + 1470396 commit f637885
Show file tree
Hide file tree
Showing 3 changed files with 791 additions and 10 deletions.
2 changes: 1 addition & 1 deletion lib/msf/core/exploit/remote/kerberos/ticket.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ def print_contents(path, key: nil)
elsif kirbi?(header)
print_status "Kirbi File:#{path}"
krb_cred = Rex::Proto::Kerberos::Model::KrbCred.decode(File.binread(path))
ccache = kirbi_to_ccache(krb_cred)
ccache = Msf::Exploit::Remote::Kerberos::TicketConverter.kirbi_to_ccache(krb_cred)
print_ccache_contents(ccache, key: key)
else
fail_with(Msf::Module::Failure::BadConfig, 'Unknown file format')
Expand Down
40 changes: 31 additions & 9 deletions modules/auxiliary/admin/kerberos/inspect_ticket.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,22 +57,44 @@ def get_enc_key
end

def validate_key
if datastore['NTHASH'].blank? && datastore['AES_KEY'].blank?
return nil
elsif datastore['NTHASH'].present? && datastore['AES_KEY'].present?
if datastore['NTHASH'].present? && datastore['AES_KEY'].present?
fail_with(Msf::Exploit::Failure::BadConfig, 'NTHASH and AES_KEY may not both be set for inspecting a ticket')
end

if datastore['NTHASH'].present? && datastore['NTHASH'].size != 32
fail_with(Msf::Exploit::Failure::BadConfig, "NTHASH length was #{datastore['NTHASH'].size}. It should be 32")
if datastore['NTHASH'].present?
key_type = :nthash
elsif datastore['AES_KEY'].present?
key_type = :aes_key
else
return datastore['NTHASH']
key_type = nil
end

if datastore['AES_KEY'].present? && (datastore['AES_KEY'].size != 32 && datastore['AES_KEY'].size != 64)
fail_with(Msf::Exploit::Failure::BadConfig, "AES key length was #{datastore['AES_KEY'].size}. It should be 32 or 64")
case key_type
when :nthash
key = validate_nthash(datastore['NTHASH'])
when :aes_key
key = validate_aes_key(datastore['AES_KEY'])
else
return datastore['AES_KEY']
print_status('No decryption key provided proceeding without decryption.')
key = nil
end

key
end

def validate_nthash(nthash)
if nthash.size != 32
fail_with(Msf::Exploit::Failure::BadConfig, "NTHASH length was #{nthash.size}. It should be 32")
else
nthash
end
end

def validate_aes_key(aes_key)
if aes_key.size != 32 && aes_key.size != 64
fail_with(Msf::Exploit::Failure::BadConfig, "AES key length was #{aes_key.size}. It should be 32 or 64")
else
aes_key
end
end
end
Loading

0 comments on commit f637885

Please sign in to comment.