infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adjust golden ticket creation to force params when SYSTEM

bug/bundler_fix
OJ 2016-12-23 20:29:00 +10:00
parent 894ed4957f
commit 99da91e278
No known key found for this signature in database
GPG Key ID: D5DC61FB93260597
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb
View File

@ -166,7 +166,6 @@ class Console::CommandDispatcher::Kiwi
# Invoke the golden kerberos ticket creation functionality on the target. # Invoke the golden kerberos ticket creation functionality on the target.
# #
def cmd_golden_ticket_create(*args) def cmd_golden_ticket_create(*args)
return unless check_is_domain_user
if args.include?("-h") if args.include?("-h")
golden_ticket_create_usage golden_ticket_create_usage
@ -210,6 +209,8 @@ class Console::CommandDispatcher::Kiwi
# is anything else missing? # is anything else missing?
unless opts[:domain_sid] && opts[:krbtgt_hash] unless opts[:domain_sid] && opts[:krbtgt_hash]
return unless check_is_domain_user('Unable to run module as SYSTEM unless krbtgt and domain sid are provided')
# let's go discover it # let's go discover it
krbtgt_username = opts[:user].split('\\')[0] + '\\krbtgt' krbtgt_username = opts[:user].split('\\')[0] + '\\krbtgt'
dcsync_result = client.kiwi.dcsync_ntlm(krbtgt_username) dcsync_result = client.kiwi.dcsync_ntlm(krbtgt_username)
@ -400,9 +401,9 @@ class Console::CommandDispatcher::Kiwi
protected protected
def check_is_domain_user def check_is_domain_user(msg='Running as SYSTEM, function will not work.')
if client.sys.config.is_system? if client.sys.config.is_system?
print_warning('Running as SYSTEM, function will not work.') print_warning(msg)
return false return false
end end