Add specs for Msf::Kerberos::Client::Pac

2014-12-21 17:49:36 -06:00 · 2014-12-21 17:49:36 -06:00 · 60d4525632
parent e4455800e1
commit 60d4525632
4 changed files with 128 additions and 14 deletions
--- a/lib/msf/kerberos/client/pac.rb
+++ b/lib/msf/kerberos/client/pac.rb
@ -15,8 +15,8 @@ module Msf
          value = opts[:pac_request_value] || false
          pac_request = Rex::Proto::Kerberos::Model::PreAuthPacRequest.new(value: value)
          pa_pac_request = Rex::Proto::Kerberos::Model::PreAuthData.new(
-              type: Rex::Proto::Kerberos::Model::PA_PAC_REQUEST,
-              value: pac_request.encode
+            type: Rex::Proto::Kerberos::Model::PA_PAC_REQUEST,
+            value: pac_request.encode
          )

          pa_pac_request
@ -33,15 +33,14 @@ module Msf
        # @option opts [String] :domain_id the domain SID Ex: S-1-5-21-1755879683-3641577184-3486455962
        # @option opts [Time] :logon_time
        # @return [Rex::Proto::Kerberos::Pac::Type]
-        def build_pac(opts)
+        def build_pac(opts = {})
          user_name = opts[:client_name] || ''
          user_id = opts[:user_id] || 1000
          primary_group_id = opts[:group_id] || 513
          group_ids = opts[:group_ids] || [513]
          domain_name = opts[:realm] || ''
-          domain_id = opts[:domain_id] || ''
+          domain_id = opts[:domain_id] || 'S-1-1'
          logon_time = opts[:logon_time] || Time.now
-
          checksum_type = opts[:checksum_type] || Rex::Proto::Kerberos::Crypto::RsaMd5::RSA_MD5

          logon_info = Rex::Proto::Kerberos::Pac::LogonInfo.new(
@ -82,14 +81,14 @@ module Msf

        # Builds an kerberos AuthorizationData structure containing a PACTYPE
        #
-        # @param opts [Hash{Symbol => String}]
-        # @option opts [String] :pac
+        # @param opts [Hash{Symbol => Rex::Proto::Kerberos::Pac::Type}]
+        # @option opts [Rex::Proto::Kerberos::Pac::Type] :pac
        # @return [Rex::Proto::Kerberos::Model::AuthorizationData]
-        def build_pac_authorization_data(opts)
-          pac = opts[:pac] || ''
+        def build_pac_authorization_data(opts = {})
+          pac = opts[:pac] || build_pac(opts)

          pac_auth_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
-            elements: [{:type => Rex::Proto::Kerberos::Pac::AD_WIN2K_PAC, :data => pac}]
+            elements: [{:type => Rex::Proto::Kerberos::Pac::AD_WIN2K_PAC, :data => pac.encode}]
          )
          authorization_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
            elements: [{:type => Rex::Proto::Kerberos::Model::AD_IF_RELEVANT, :data => pac_auth_data.encode}]
--- a/modules/auxiliary/admin/kerberos/kerberos_test.rb
+++ b/modules/auxiliary/admin/kerberos/kerberos_test.rb
@ -75,7 +75,7 @@ class Metasploit4 < Msf::Auxiliary
      logon_time: logon_time,
    )

-    auth_data = build_pac_authorization_data(pac: pac.encode)
+    auth_data = build_pac_authorization_data(pac: pac)

    res = send_request_tgs(
      client_name: 'juan',
--- a/spec/lib/msf/kerberos/client/cache_credential_spec.rb
+++ b/spec/lib/msf/kerberos/client/cache_credential_spec.rb
@ -12,9 +12,6 @@ describe Msf::Kerberos::Client::CacheCredential do
    mod
  end

-  let(:valid_subkey) { 'AAAABBBBCCCCDDDD' }
-  let(:invalid_subkey) { '1234567890123456' }
-
  describe "#create_cache_credential" do
    context "when no opts" do
      it "create a default Rex::Proto::Kerberos::CredentialCache::Credential" do
--- a/spec/lib/msf/kerberos/client/pac_spec.rb
+++ b/spec/lib/msf/kerberos/client/pac_spec.rb
@ -0,0 +1,118 @@
+# -*- coding:binary -*-
+require 'spec_helper'
+
+require 'rex/proto/kerberos'
+require 'msf/kerberos/client'
+
+describe Msf::Kerberos::Client::Pac do
+  subject do
+    mod = ::Msf::Exploit.new
+    mod.extend ::Msf::Kerberos::Client
+    mod.send(:initialize)
+    mod
+  end
+
+  let(:pac_opts) do
+    {
+      :client_name => 'test',
+      :user_id => 1001,
+      :group_id => 513,
+      :group_ids => [513, 508],
+      :realm => 'DOMAIN',
+      :domain_id => 'S-1-5-21-1755879683-3641577184-3486455962',
+      :logon_time => Time.utc(2014),
+      :checksum_type => Rex::Proto::Kerberos::Crypto::RsaMd5::RSA_MD5
+    }
+  end
+
+  describe "#build_pac" do
+    context "when no opts" do
+      it "creates a Rex::Proto::Kerberos::Pac::Type" do
+        expect(subject.build_pac).to be_a(Rex::Proto::Kerberos::Pac::Type)
+      end
+
+      it "creates a PAC-TYPE with default checksum type" do
+        pac = subject.build_pac
+        expect(pac.checksum).to eq(Rex::Proto::Kerberos::Crypto::RsaMd5::RSA_MD5)
+      end
+
+      it "creates a PAC-TYPE with default data in buffers" do
+        pac = subject.build_pac
+        expect(pac.buffers[0].effective_name).to eq('')
+      end
+    end
+
+    context "when opts" do
+      it "creates a Rex::Proto::Kerberos::Pac::Type" do
+        expect(subject.build_pac(pac_opts)).to be_a(Rex::Proto::Kerberos::Pac::Type)
+      end
+
+      it "creates a PAC-TYPE with provided checksum type" do
+        pac = subject.build_pac(pac_opts)
+        expect(pac.checksum).to eq(Rex::Proto::Kerberos::Crypto::RsaMd5::RSA_MD5)
+      end
+
+      it "creates a PAC-TYPE with provided data in buffers" do
+        pac = subject.build_pac(pac_opts)
+        expect(pac.buffers[0].effective_name).to eq('test')
+      end
+    end
+  end
+
+  describe "#build_pac_authorization_data" do
+    context "when no opts" do
+      it "creates a Rex::Proto::Kerberos::Model::AuthorizationData" do
+        expect(subject.build_pac_authorization_data).to be_a(Rex::Proto::Kerberos::Model::AuthorizationData)
+      end
+    end
+
+    context "when opts" do
+      it "creates a Rex::Proto::Kerberos::Model::AuthorizationData" do
+        pac = subject.build_pac(pac_opts)
+        expect(subject.build_pac_authorization_data(pac: pac)).to be_a(Rex::Proto::Kerberos::Model::AuthorizationData)
+      end
+    end
+
+    it "creates an AD_IF_RELEVANT element" do
+      pac = subject.build_pac(pac_opts)
+      pac_ad = subject.build_pac_authorization_data(pac: pac)
+
+      expect(pac_ad.elements[0][:type]).to eq(Rex::Proto::Kerberos::Model::AD_IF_RELEVANT)
+    end
+  end
+
+  describe "#build_pa_pac_request" do
+    context "when no opts" do
+      it "creates Rex::Proto::Kerberos::Model::PreAuthData" do
+        expect(subject.build_pa_pac_request).to be_a(Rex::Proto::Kerberos::Model::PreAuthData)
+      end
+
+      it "creates a PA_PAC_REQUEST" do
+        req = subject.build_pa_pac_request
+        expect(req.type).to eq(Rex::Proto::Kerberos::Model::PA_PAC_REQUEST)
+      end
+
+      it "creates a false PA_PAC_REQUEST" do
+        req = subject.build_pa_pac_request
+        expect(req.value).to eq("\x30\x05\xA0\x03\x01\x01\x00")
+      end
+    end
+
+    context "when opts" do
+      it "creates a Rex::Proto::Kerberos::Model::PreAuthData" do
+        expect(subject.build_pa_pac_request(pac_request_value: true)).to be_a(Rex::Proto::Kerberos::Model::PreAuthData)
+      end
+
+      it "creates a PA_PAC_REQUEST" do
+        req = subject.build_pa_pac_request(pac_request_value: true)
+        expect(req.type).to eq(Rex::Proto::Kerberos::Model::PA_PAC_REQUEST)
+      end
+
+      it "creates PA_PAC_REQUEST with opts value" do
+        req = subject.build_pa_pac_request(pac_request_value: true)
+        expect(req.value).to eq("\x30\x05\xA0\x03\x01\x01\xff")
+      end
+    end
+  end
+end
+