Bug fix for S4U2Proxy requesting a single-part sname

2018-11-25 06:17:20 +00:00 · 2018-11-25 06:17:20 +00:00 · 47f330f565
parent 2436cd15dd
commit 47f330f565
1 changed files with 14 additions and 3 deletions
--- a/Rubeus/lib/S4U.cs
+++ b/Rubeus/lib/S4U.cs
@ -83,12 +83,23 @@ namespace Rubeus
            s4u2proxyReq.req_body.realm = domain;

            string[] parts = targetSPN.Split('/');
-            string serverName = parts[1];
+            string serverName = "";
+            if (parts.Length > 1)
+            {
+                serverName = parts[1];
+            }
+            else
+            {
+                serverName = parts[0];
+            }
            s4u2proxyReq.req_body.sname.name_type = 2;
            // the sname
            s4u2proxyReq.req_body.sname.name_string.Add(parts[0]);
-            // the server
-            s4u2proxyReq.req_body.sname.name_string.Add(serverName);
+            if (parts.Length > 1)
+            {
+                // the server
+                s4u2proxyReq.req_body.sname.name_string.Add(serverName);
+            }

            // supported encryption types
            s4u2proxyReq.req_body.etypes.Add(Interop.KERB_ETYPE.aes128_cts_hmac_sha1);