Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This makes three updates to the
auxiliary/admin/kerberos/inspect_ticket
module.KerberosError
when the encryption key is not the correct size instead of deferring to OpenSSL'sArgumentError
creds
command to:a. Increase the truncation size from 87 character to 88. 87 was the exact length to trim off the last byte of an AES256 key, and the resulting string would be appended with
(TRUNCATED)
making the displayed string longer than the untrucated one.b. When a private is truncated now, trim it at 76 characters instead of 88 so the resulting value is 88 characters once
(TRUNCATED)
is appended. This guarantees that if we truncate a string, the resulting value will not be larger than the original.Verification
creds -u krbtgt
command to show the full AES-256 key (no truncation)auxiliary/admin/kerberos/inspect_ticket
moduleDemo (AES Key Length Error)
Before:
After:
Demo (PAC Credential Information)
Before:
After:
Demo (AES Key Truncation)
Before:
After: