rapid7 · adfoster-r7 · Jan 16, 2023 · Jan 13, 2023 · Jan 13, 2023
diff --git a/lib/msf/core/exploit/remote/kerberos/ticket.rb b/lib/msf/core/exploit/remote/kerberos/ticket.rb
@@ -167,7 +167,7 @@ def print_contents(path, key: nil)
             elsif kirbi?(header)
               print_status "Kirbi File:#{path}"
               krb_cred = Rex::Proto::Kerberos::Model::KrbCred.decode(File.binread(path))
-              ccache = kirbi_to_ccache(krb_cred)
+              ccache = Msf::Exploit::Remote::Kerberos::TicketConverter.kirbi_to_ccache(krb_cred)
               print_ccache_contents(ccache, key: key)
             else
               fail_with(Msf::Module::Failure::BadConfig, 'Unknown file format')

diff --git a/modules/auxiliary/admin/kerberos/inspect_ticket.rb b/modules/auxiliary/admin/kerberos/inspect_ticket.rb
@@ -57,22 +57,44 @@ def get_enc_key
   end
 
   def validate_key
-    if datastore['NTHASH'].blank? && datastore['AES_KEY'].blank?
-      return nil
-    elsif datastore['NTHASH'].present? && datastore['AES_KEY'].present?
+    if datastore['NTHASH'].present? && datastore['AES_KEY'].present?
       fail_with(Msf::Exploit::Failure::BadConfig, 'NTHASH and AES_KEY may not both be set for inspecting a ticket')
     end
 
-    if datastore['NTHASH'].present? && datastore['NTHASH'].size != 32
-      fail_with(Msf::Exploit::Failure::BadConfig, "NTHASH length was #{datastore['NTHASH'].size}. It should be 32")
+    if datastore['NTHASH'].present?
+      key_type = :nthash
+    elsif datastore['AES_KEY'].present?
+      key_type = :aes_key
     else
-      return datastore['NTHASH']
+      key_type = nil
     end
 
-    if datastore['AES_KEY'].present? && (datastore['AES_KEY'].size != 32 && datastore['AES_KEY'].size != 64)
-      fail_with(Msf::Exploit::Failure::BadConfig, "AES key length was #{datastore['AES_KEY'].size}. It should be 32 or 64")
+    case key_type
+    when :nthash
+      key = validate_nthash(datastore['NTHASH'])
+    when :aes_key
+      key = validate_aes_key(datastore['AES_KEY'])
     else
-      return datastore['AES_KEY']
+      print_status('No decryption key provided proceeding without decryption.')
+      key = nil
+    end
+
+    key
+  end
+
+  def validate_nthash(nthash)
+    if nthash.size != 32
+      fail_with(Msf::Exploit::Failure::BadConfig, "NTHASH length was #{nthash.size}. It should be 32")
+    else
+      nthash
+    end
+  end
+
+  def validate_aes_key(aes_key)
+    if aes_key.size != 32 && aes_key.size != 64
+      fail_with(Msf::Exploit::Failure::BadConfig, "AES key length was #{aes_key.size}. It should be 32 or 64")
+    else
+      aes_key
     end
   end
 end