2014-12-20 00:41:27 +00:00
|
|
|
# -*- coding: binary -*-
|
|
|
|
require 'rex/proto/kerberos'
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
module Kerberos
|
|
|
|
module Client
|
|
|
|
module Pac
|
2014-12-21 00:57:49 +00:00
|
|
|
|
2014-12-20 00:41:27 +00:00
|
|
|
# Builds a kerberos PA-PAC-REQUEST pre authenticated structure
|
|
|
|
#
|
|
|
|
# @param opts [Hash{Symbol => Boolean}]
|
|
|
|
# @option opts [Boolean] :pac_request_value
|
|
|
|
# @return [Rex::Proto::Kerberos::Model::Field::PreAuthData]
|
2014-12-22 03:03:58 +00:00
|
|
|
# @see Rex::Proto::Kerberos::Model::PreAuthPacRequest
|
|
|
|
# @see Rex::Proto::Kerberos::Model::PreAuthData
|
2014-12-20 00:41:27 +00:00
|
|
|
def build_pa_pac_request(opts = {})
|
|
|
|
value = opts[:pac_request_value] || false
|
|
|
|
pac_request = Rex::Proto::Kerberos::Model::PreAuthPacRequest.new(value: value)
|
|
|
|
pa_pac_request = Rex::Proto::Kerberos::Model::PreAuthData.new(
|
2014-12-21 23:49:36 +00:00
|
|
|
type: Rex::Proto::Kerberos::Model::PA_PAC_REQUEST,
|
|
|
|
value: pac_request.encode
|
2014-12-20 00:41:27 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
pa_pac_request
|
|
|
|
end
|
|
|
|
|
2014-12-20 07:36:54 +00:00
|
|
|
# Builds a kerberos PACTYPE structure
|
|
|
|
#
|
|
|
|
# @param opts [Hash{Symbol => <String, Fixnum, Array, Time>}]
|
|
|
|
# @option opts [String] :client_name
|
|
|
|
# @option opts [Fixnum] :user_id the user SID Ex: 1000
|
|
|
|
# @option opts [Fixnum] :group_id Ex: 513 for 'Domain Users'
|
|
|
|
# @option opts [Array<Fixnum>] :group_ids
|
|
|
|
# @option opts [String] :realm
|
|
|
|
# @option opts [String] :domain_id the domain SID Ex: S-1-5-21-1755879683-3641577184-3486455962
|
|
|
|
# @option opts [Time] :logon_time
|
|
|
|
# @return [Rex::Proto::Kerberos::Pac::Type]
|
2014-12-22 03:03:58 +00:00
|
|
|
# @see Rex::Proto::Kerberos::Pac::LogonInfo
|
|
|
|
# @see Rex::Proto::Kerberos::Pac::ClientInfo
|
|
|
|
# @see Rex::Proto::Kerberos::Pac::ServerChecksum
|
|
|
|
# @see Rex::Proto::Kerberos::Pac::PrivSvrChecksum
|
|
|
|
# @see Rex::Proto::Kerberos::Pac::Type
|
2014-12-21 23:49:36 +00:00
|
|
|
def build_pac(opts = {})
|
2014-12-20 00:41:27 +00:00
|
|
|
user_name = opts[:client_name] || ''
|
|
|
|
user_id = opts[:user_id] || 1000
|
|
|
|
primary_group_id = opts[:group_id] || 513
|
|
|
|
group_ids = opts[:group_ids] || [513]
|
|
|
|
domain_name = opts[:realm] || ''
|
2014-12-21 23:49:36 +00:00
|
|
|
domain_id = opts[:domain_id] || 'S-1-1'
|
2014-12-20 07:36:54 +00:00
|
|
|
logon_time = opts[:logon_time] || Time.now
|
2014-12-22 17:57:35 +00:00
|
|
|
checksum_type = opts[:checksum_type] || Rex::Proto::Kerberos::Crypto::RSA_MD5
|
2014-12-20 00:41:27 +00:00
|
|
|
|
|
|
|
logon_info = Rex::Proto::Kerberos::Pac::LogonInfo.new(
|
2014-12-20 07:36:54 +00:00
|
|
|
logon_time: logon_time,
|
|
|
|
effective_name: user_name,
|
|
|
|
user_id: user_id,
|
|
|
|
primary_group_id: primary_group_id,
|
|
|
|
group_ids: group_ids,
|
|
|
|
logon_domain_name: domain_name,
|
|
|
|
logon_domain_id: domain_id,
|
2014-12-20 00:41:27 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
client_info = Rex::Proto::Kerberos::Pac::ClientInfo.new(
|
2014-12-20 07:36:54 +00:00
|
|
|
client_id: logon_time,
|
|
|
|
name: user_name
|
2014-12-20 00:41:27 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
server_checksum = Rex::Proto::Kerberos::Pac::ServerChecksum.new(
|
2014-12-20 07:36:54 +00:00
|
|
|
checksum: checksum_type
|
2014-12-20 00:41:27 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
priv_srv_checksum = Rex::Proto::Kerberos::Pac::PrivSvrChecksum.new(
|
2014-12-20 07:36:54 +00:00
|
|
|
checksum: checksum_type
|
2014-12-20 00:41:27 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
pac_type = Rex::Proto::Kerberos::Pac::Type.new(
|
2014-12-20 07:36:54 +00:00
|
|
|
buffers: [
|
|
|
|
logon_info,
|
|
|
|
client_info,
|
|
|
|
server_checksum,
|
|
|
|
priv_srv_checksum
|
|
|
|
],
|
|
|
|
checksum: checksum_type
|
2014-12-20 00:41:27 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
pac_type
|
|
|
|
end
|
2014-12-20 00:58:06 +00:00
|
|
|
|
2014-12-20 07:36:54 +00:00
|
|
|
# Builds an kerberos AuthorizationData structure containing a PACTYPE
|
|
|
|
#
|
2014-12-21 23:49:36 +00:00
|
|
|
# @param opts [Hash{Symbol => Rex::Proto::Kerberos::Pac::Type}]
|
|
|
|
# @option opts [Rex::Proto::Kerberos::Pac::Type] :pac
|
2014-12-20 07:36:54 +00:00
|
|
|
# @return [Rex::Proto::Kerberos::Model::AuthorizationData]
|
2014-12-22 03:03:58 +00:00
|
|
|
# @see Rex::Proto::Kerberos::Model::AuthorizationData
|
2014-12-21 23:49:36 +00:00
|
|
|
def build_pac_authorization_data(opts = {})
|
|
|
|
pac = opts[:pac] || build_pac(opts)
|
2014-12-20 00:58:06 +00:00
|
|
|
|
|
|
|
pac_auth_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
|
2014-12-21 23:49:36 +00:00
|
|
|
elements: [{:type => Rex::Proto::Kerberos::Pac::AD_WIN2K_PAC, :data => pac.encode}]
|
2014-12-20 00:58:06 +00:00
|
|
|
)
|
|
|
|
authorization_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
|
2014-12-20 07:36:54 +00:00
|
|
|
elements: [{:type => Rex::Proto::Kerberos::Model::AD_IF_RELEVANT, :data => pac_auth_data.encode}]
|
2014-12-20 00:58:06 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
authorization_data
|
|
|
|
end
|
|
|
|
|
2014-12-20 00:41:27 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|