infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add initial specs for Msf::Kerberos::Client::TgsResponse

bug/bundler_fix
jvazquez-r7 2014-12-20 20:29:00 -06:00
parent 5f0c3ebb2b
commit 9f1403a63e
4 changed files with 124 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

238
lib/msf/kerberos/client.rb
View File

@ -3,134 +3,132 @@ require 'rex/proto/kerberos'
module Msf module Msf
module Kerberos module Kerberos
module Microsoft module Client
module Client require 'msf/kerberos/client/base'
require 'msf/kerberos/client/base' require 'msf/kerberos/client/as_request'
require 'msf/kerberos/client/as_request' require 'msf/kerberos/client/as_response'
require 'msf/kerberos/client/as_response' require 'msf/kerberos/client/tgs_request'
require 'msf/kerberos/client/tgs_request' require 'msf/kerberos/client/tgs_response'
require 'msf/kerberos/client/tgs_response' require 'msf/kerberos/client/pac'
require 'msf/kerberos/client/pac' require 'msf/kerberos/client/cache_credential'
require 'msf/kerberos/client/cache_credential'
include Msf::Kerberos::Client::Base include Msf::Kerberos::Client::Base
include Msf::Kerberos::Client::AsRequest include Msf::Kerberos::Client::AsRequest
include Msf::Kerberos::Client::AsResponse include Msf::Kerberos::Client::AsResponse
include Msf::Kerberos::Client::TgsRequest include Msf::Kerberos::Client::TgsRequest
include Msf::Kerberos::Client::TgsResponse include Msf::Kerberos::Client::TgsResponse
include Msf::Kerberos::Client::Pac include Msf::Kerberos::Client::Pac
include Msf::Kerberos::Client::CacheCredential include Msf::Kerberos::Client::CacheCredential
# @!attribute client # @!attribute client
# @return [Rex::Proto::Kerberos::Client] The kerberos client # @return [Rex::Proto::Kerberos::Client] The kerberos client
attr_accessor :client attr_accessor :client
def initialize(info = {}) def initialize(info = {})
super super
register_options( register_options(
[ [
Opt::RHOST, Opt::RHOST,
Opt::RPORT(88), Opt::RPORT(88),
OptInt.new('Timeout', [true, 'The TCP timeout to establish connection and read data', 10]) OptInt.new('Timeout', [true, 'The TCP timeout to establish connection and read data', 10])
], self.class ], self.class
) )
end
# Returns the target host
#
# @return [String]
def rhost
datastore['RHOST']
end
# Returns the remote port
#
# @return [Fixnum]
def rport
datastore['RPORT']
end
# Returns the TCP timeout
#
# @return [Fixnum]
def timeout
datastore['Timeout']
end
# Returns the kdc peer
#
# @return [String]
def peer
"#{rhost}:#{rport}"
end
# Creates a kerberos connection
#
# @param opts [Hash{Symbol => <String, Fixnum>}]
# @option opts [String] :rhost
# @option opts [<String, Fixnum>] :rport
# @return [Rex::Proto::Kerberos::Client]
def connect(opts={})
kerb_client = Rex::Proto::Kerberos::Client.new(
host: opts[:rhost] || rhost,
port: (opts[:rport] || rport).to_i,
timeout: (opts[:timeout] || timeout).to_i,
context:
{
'Msf' => framework,
'MsfExploit' => self,
},
protocol: 'tcp'
)
disconnect if client
self.client = kerb_client
kerb_client
end
# Disconnects the Kerberos client
#
# @param kerb_client [Rex::Proto::Kerberos::Client] the client to disconnect
def disconnect(kerb_client = client)
kerb_client.close if kerb_client
if kerb_client == client
self.client = nil
end end
end
# Returns the target host # Performs cleanup as necessary, disconnecting the Kerberos client
# # if it's still established.
# @return [String] def cleanup
def rhost super
datastore['RHOST'] disconnect
end end
# Returns the remote port # Sends a kerberos AS request and reads the response
# #
# @return [Fixnum] # @param opts [Hash]
def rport # @return [Rex::Proto::Kerberos::Model::KdcResponse]
datastore['RPORT'] def send_request_as(opts = {})
end connect(opts)
req = build_as_request(opts)
res = client.send_recv(req)
disconnect
res
end
# Returns the TCP timeout # Sends a kerberos AS request and reads the response
# #
# @return [Fixnum] # @param opts [Hash]
def timeout # @return [Rex::Proto::Kerberos::Model::KdcResponse]
datastore['Timeout'] def send_request_tgs(opts = {})
end connect(opts)
req = build_tgs_request(opts)
# Returns the kdc peer res = client.send_recv(req)
# disconnect
# @return [String] res
def peer
"#{rhost}:#{rport}"
end
# Creates a kerberos connection
#
# @param opts [Hash{Symbol => <String, Fixnum>}]
# @option opts [String] :rhost
# @option opts [<String, Fixnum>] :rport
# @return [Rex::Proto::Kerberos::Client]
def connect(opts={})
kerb_client = Rex::Proto::Kerberos::Client.new(
host: opts[:rhost] || rhost,
port: (opts[:rport] || rport).to_i,
timeout: (opts[:timeout] || timeout).to_i,
context:
{
'Msf' => framework,
'MsfExploit' => self,
},
protocol: 'tcp'
)
disconnect if client
self.client = kerb_client
kerb_client
end
# Disconnects the Kerberos client
#
# @param kerb_client [Rex::Proto::Kerberos::Client] the client to disconnect
def disconnect(kerb_client = client)
kerb_client.close if kerb_client
if kerb_client == client
self.client = nil
end
end
# Performs cleanup as necessary, disconnecting the Kerberos client
# if it's still established.
def cleanup
super
disconnect
end
# Sends a kerberos AS request and reads the response
#
# @param opts [Hash]
# @return [Rex::Proto::Kerberos::Model::KdcResponse]
def send_request_as(opts = {})
connect(opts)
req = build_as_request(opts)
res = client.send_recv(req)
disconnect
res
end
# Sends a kerberos AS request and reads the response
#
# @param opts [Hash]
# @return [Rex::Proto::Kerberos::Model::KdcResponse]
def send_request_tgs(opts = {})
connect(opts)
req = build_tgs_request(opts)
res = client.send_recv(req)
disconnect
res
end
end end
end end
end end

4
lib/msf/kerberos/client/tgs_response.rb
View File

@ -12,6 +12,10 @@ module Msf
# @param res [Rex::Proto::Kerberos::Model::KdcResponse] # @param res [Rex::Proto::Kerberos::Model::KdcResponse]
# @param key [String] # @param key [String]
# @return [Rex::Proto::Kerberos::CredentialCache::Cache] # @return [Rex::Proto::Kerberos::CredentialCache::Cache]
# @see Rex::Proto::Kerberos::Model::EncKdcResponse
# @see Rex::Proto::Kerberos::Model::EncKdcResponse.decode
# @see Msf::Kerberos::Client::CacheCredential
# @see Rex::Proto::Kerberos::CredentialCache::Cache
def extract_kerb_creds(res, key) def extract_kerb_creds(res, key)
decrypt_res = res.enc_part.decrypt(key, 9) decrypt_res = res.enc_part.decrypt(key, 9)
enc_res = Rex::Proto::Kerberos::Model::EncKdcResponse.decode(decrypt_res) enc_res = Rex::Proto::Kerberos::Model::EncKdcResponse.decode(decrypt_res)

1
lib/rex/proto/kerberos/client.rb
View File

@ -168,6 +168,7 @@ module Rex
raise ::RuntimeError, 'Kerberos Client: failed to read response' raise ::RuntimeError, 'Kerberos Client: failed to read response'
end end
puts Rex::Text.to_hex(data)
res = decode_kerb_response(data) res = decode_kerb_response(data)
res res

2
modules/auxiliary/admin/kerberos/kerberos_test.rb
View File

@ -8,7 +8,7 @@ require 'rex'
class Metasploit4 < Msf::Auxiliary class Metasploit4 < Msf::Auxiliary
include Msf::Kerberos::Microsoft::Client include Msf::Kerberos::Client
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,