-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ul_type 12 (UPN and DNS info) to pac bindata #17603
Conversation
end | ||
|
||
context 'with non-extended upn dns info' do | ||
describe '#read' do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A #write
example would be good to add too, from a BinData object that doesn't have the offsets specified upfront 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We talked about this already but just to leave a paper trail I think this covers what you're asking for here:
https://github.com/rapid7/metasploit-framework/pull/17603/files#diff-4c294da130b0102eb5a73e30dc42d56ae8ac3bb3dc990dc7d41b230e2c956437R371-R381
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I'm more used to seeing this sort of pattern that uses described_class
instead, in conjunction with initialising the object values directly in the constructor instead of mutating subject
, and compares to the expected binary result
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok I think I've done what you're asking for, honestly didn;t even see that you'd left the comment on #read
totally my fault for not realising I'd done that too
Neat, thank you. |
85bce20
to
782e4c0
Compare
Tested with the data from #17468 (comment) Before:
After:
The |
Release NotesUpdates |
Adds supported for the UPN and DNS info pac structure documented here: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-pac/1c0d6e11-6443-4846-b744-f9f810a504eb
Bumped bindata version to include the fix from here: dmendel/bindata#149 (comment)
I tested around trying to make it so that when you didn't need to manually remember to call
set_offsets!
before writing out the UPN and DNS info element but I couldn't find a nice way of doing that which wouldn't also have the side effect of potentially altering the existing values at the time of reading the ticket, so I've just left it in a similar way to the Pac itselfValidation
Example of a kirbi file in base64 with the extended UPN and DNS info included
Alternatively you can generate your own using rubeus with a command like:
rubeus.exe silver /service:cifs/dc2019.windomain.local /rc4:64FBAE31CC352FC26AF97CBDEF151E03 /creduser:windomain.local\test /credpassword:vagrant /user:test /krbkey:4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326 /krbenctype:aes256 /domain:windomain.local /ptt /sid:S-1-5-21-3541430928-2051711210-1391384369 /extendedupndns