commit
81adc91e39
|
@ -45,10 +45,10 @@ public class AsnElt {
|
|||
public const int CHARACTER_STRING = 29;
|
||||
public const int BMPString = 30;
|
||||
|
||||
/*
|
||||
/*
|
||||
* Tag classes.
|
||||
*/
|
||||
public const int UNIVERSAL = 0;
|
||||
public const int UNIVERSAL = 0;
|
||||
public const int APPLICATION = 1;
|
||||
public const int CONTEXT = 2;
|
||||
public const int PRIVATE = 3;
|
||||
|
|
|
@ -92,6 +92,7 @@
|
|||
<Compile Include="lib\krb_structures\PA_DATA.cs" />
|
||||
<Compile Include="lib\krb_structures\PA_ENC_TS_ENC.cs" />
|
||||
<Compile Include="lib\krb_structures\PA_FOR_USER.cs" />
|
||||
<Compile Include="lib\krb_structures\PA_PAC_OPTIONS.cs" />
|
||||
<Compile Include="lib\krb_structures\PrincipalName.cs" />
|
||||
<Compile Include="lib\krb_structures\TGS_REP.cs" />
|
||||
<Compile Include="lib\krb_structures\TGS_REQ.cs" />
|
||||
|
|
|
@ -168,6 +168,7 @@ namespace Rubeus
|
|||
TD_REQ_SEQ = 108,
|
||||
PA_PAC_REQUEST = 128,
|
||||
S4U2SELF = 129,
|
||||
PA_PAC_OPTIONS = 167,
|
||||
PK_AS_09_BINDING = 132,
|
||||
CLIENT_CANONICALIZED = 133
|
||||
}
|
||||
|
|
|
@ -91,7 +91,9 @@ namespace Rubeus
|
|||
TGS_REQ s4u2proxyReq = new TGS_REQ();
|
||||
PA_DATA padata = new PA_DATA(domain, userName, ticket, clientKey, etype);
|
||||
s4u2proxyReq.padata.Add(padata);
|
||||
|
||||
PA_DATA pac_options = new PA_DATA(false, false, false, true);
|
||||
s4u2proxyReq.padata.Add(pac_options);
|
||||
|
||||
s4u2proxyReq.req_body.kdcOptions = s4u2proxyReq.req_body.kdcOptions | Interop.KdcOptions.CNAMEINADDLTKT;
|
||||
|
||||
s4u2proxyReq.req_body.realm = domain;
|
||||
|
@ -116,7 +118,7 @@ namespace Rubeus
|
|||
|
||||
Console.WriteLine("[*] Sending S4U2proxy request");
|
||||
byte[] response2 = Networking.SendBytes(dcIP, 88, s4ubytes);
|
||||
if (response == null)
|
||||
if (response2 == null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
@ -287,7 +289,7 @@ namespace Rubeus
|
|||
}
|
||||
}
|
||||
}
|
||||
else if (responseTag == 30)
|
||||
else if (responseTag2 == 30)
|
||||
{
|
||||
// parse the response to an KRB-ERROR
|
||||
KRB_ERROR error = new KRB_ERROR(responseAsn.Sub[0]);
|
||||
|
|
|
@ -20,6 +20,13 @@ namespace Rubeus
|
|||
value = new KERB_PA_PAC_REQUEST();
|
||||
}
|
||||
|
||||
public PA_DATA(bool claims, bool branch, bool fullDC, bool rbcd)
|
||||
{
|
||||
// defaults for creation
|
||||
type = Interop.PADATA_TYPE.PA_PAC_OPTIONS;
|
||||
value = new PA_PAC_OPTIONS(claims, branch, fullDC, rbcd);
|
||||
}
|
||||
|
||||
public PA_DATA(string keyString, Interop.KERB_ETYPE etype)
|
||||
{
|
||||
// include pac, supply enc timestamp
|
||||
|
@ -136,6 +143,17 @@ namespace Rubeus
|
|||
AsnElt seq = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { nameTypeSeq, paDataElt });
|
||||
return seq;
|
||||
}
|
||||
else if (type == Interop.PADATA_TYPE.PA_PAC_OPTIONS)
|
||||
{
|
||||
paDataElt = ((PA_PAC_OPTIONS)value).Encode();
|
||||
AsnElt blob = AsnElt.MakeBlob(((PA_PAC_OPTIONS)value).Encode().Encode());
|
||||
AsnElt blobSeq = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { blob });
|
||||
|
||||
paDataElt = AsnElt.MakeImplicit(AsnElt.CONTEXT, 2, blobSeq);
|
||||
|
||||
AsnElt seq = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { nameTypeSeq, paDataElt });
|
||||
return seq;
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using Asn1;
|
||||
|
||||
namespace Rubeus
|
||||
{
|
||||
/* PA-PAC-OPTIONS ::= SEQUENCE {
|
||||
KerberosFlags
|
||||
-- Claims(0)
|
||||
-- Branch Aware(1)
|
||||
-- Forward to Full DC(2)
|
||||
-- Resource-based Constrained Delegation (3)
|
||||
}
|
||||
*/
|
||||
|
||||
public class PA_PAC_OPTIONS
|
||||
{
|
||||
public byte[] kerberosFlags { get; set; }
|
||||
public PA_PAC_OPTIONS(bool claims, bool branch, bool fullDC, bool rbcd)
|
||||
{
|
||||
kerberosFlags = new byte[4] { 0, 0, 0, 0 };
|
||||
if (claims) kerberosFlags[0] = (byte)(kerberosFlags[0] | 8);
|
||||
if (branch) kerberosFlags[0] = (byte)(kerberosFlags[0] | 4);
|
||||
if (fullDC) kerberosFlags[0] = (byte)(kerberosFlags[0] | 2);
|
||||
if (rbcd) kerberosFlags[0] = (byte)(kerberosFlags[0] | 1);
|
||||
kerberosFlags[0] = (byte)(kerberosFlags[0] * 0x10);
|
||||
}
|
||||
|
||||
public AsnElt Encode()
|
||||
{
|
||||
List<AsnElt> allNodes = new List<AsnElt>();
|
||||
AsnElt kerberosFlagsAsn = AsnElt.MakeBitString(kerberosFlags);
|
||||
kerberosFlagsAsn = AsnElt.MakeImplicit(AsnElt.UNIVERSAL, AsnElt.BIT_STRING, kerberosFlagsAsn);
|
||||
AsnElt parent = AsnElt.MakeExplicit(0, kerberosFlagsAsn);
|
||||
allNodes.Add(parent);
|
||||
AsnElt seq = AsnElt.Make(AsnElt.SEQUENCE, allNodes.ToArray());
|
||||
return seq;
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue