Create PAC mixin component

2014-12-19 18:36:02 -06:00 · 2014-12-19 18:36:02 -06:00 · b78765e584
parent def1695e80
commit b78765e584
4 changed files with 84 additions and 70 deletions
--- a/lib/msf/kerberos/microsoft/client.rb
+++ b/lib/msf/kerberos/microsoft/client.rb
@ -10,6 +10,7 @@ module Msf
        require 'msf/kerberos/microsoft/client/as_response'
        require 'msf/kerberos/microsoft/client/tgs_request'
        require 'msf/kerberos/microsoft/client/tgs_response'
+        require 'msf/kerberos/microsoft/client/pac'
        require 'msf/kerberos/microsoft/client/cache_credential'

        include Msf::Kerberos::Microsoft::Client::Base
@ -17,6 +18,7 @@ module Msf
        include Msf::Kerberos::Microsoft::Client::AsResponse
        include Msf::Kerberos::Microsoft::Client::TgsRequest
        include Msf::Kerberos::Microsoft::Client::TgsResponse
+        include Msf::Kerberos::Microsoft::Client::Pac
        include Msf::Kerberos::Microsoft::Client::CacheCredential

        # @!attribute client
--- a/lib/msf/kerberos/microsoft/client/base.rb
+++ b/lib/msf/kerberos/microsoft/client/base.rb
@ -5,6 +5,7 @@ module Msf
    module Microsoft
      module Client
        module Base
+
          # Builds a kerberos Client Name Principal
          #
          # @param opts [Hash{Symbol => <String, Fixnum>}]
@ -16,8 +17,8 @@ module Msf
            name_type = opts[:client_type] || Rex::Proto::Kerberos::Model::NT_PRINCIPAL

            Rex::Proto::Kerberos::Model::PrincipalName.new(
-                name_type: name_type,
-                name_string: name.split('/')
+              name_type: name_type,
+              name_string: name.split('/')
            )
          end

@ -32,26 +33,10 @@ module Msf
            name_type = opts[:server_type] || Rex::Proto::Kerberos::Model::NT_PRINCIPAL

            Rex::Proto::Kerberos::Model::PrincipalName.new(
-                name_type: name_type,
-                name_string: name.split('/')
+              name_type: name_type,
+              name_string: name.split('/')
            )
          end
-
-          # Builds a kerberos PA-PAC-REQUEST pre authenticated structure
-          #
-          # @param opts [Hash{Symbol => Boolean}]
-          # @option opts [Boolean] :pac_request_value
-          # @return [Rex::Proto::Kerberos::Model::Field::PreAuthData]
-          def build_pa_pac_request(opts = {})
-            value = opts[:pac_request_value] || false
-            pac_request = Rex::Proto::Kerberos::Model::PreAuthPacRequest.new(value: value)
-            pa_pac_request = Rex::Proto::Kerberos::Model::PreAuthData.new(
-                type: Rex::Proto::Kerberos::Model::PA_PAC_REQUEST,
-                value: pac_request.encode
-            )
-
-            pa_pac_request
-          end
        end
      end
    end
--- a/lib/msf/kerberos/microsoft/client/pac.rb
+++ b/lib/msf/kerberos/microsoft/client/pac.rb
@ -0,0 +1,77 @@
+# -*- coding: binary -*-
+require 'rex/proto/kerberos'
+
+module Msf
+  module Kerberos
+    module Microsoft
+      module Client
+        module Pac
+          # Builds a kerberos PA-PAC-REQUEST pre authenticated structure
+          #
+          # @param opts [Hash{Symbol => Boolean}]
+          # @option opts [Boolean] :pac_request_value
+          # @return [Rex::Proto::Kerberos::Model::Field::PreAuthData]
+          def build_pa_pac_request(opts = {})
+            value = opts[:pac_request_value] || false
+            pac_request = Rex::Proto::Kerberos::Model::PreAuthPacRequest.new(value: value)
+            pa_pac_request = Rex::Proto::Kerberos::Model::PreAuthData.new(
+                type: Rex::Proto::Kerberos::Model::PA_PAC_REQUEST,
+                value: pac_request.encode
+            )
+
+            pa_pac_request
+          end
+
+          def build_pac(opts)
+            user_name = opts[:client_name] || ''
+            user_id = opts[:user_id] || 1000
+            primary_group_id = opts[:group_id] || 513
+            group_ids = opts[:group_ids] || [513]
+            domain_name = opts[:realm] || ''
+            domain_id = opts[:domain_id] || ''
+            logon_time = opts[:logon_time]
+            if logon_time.nil?
+              raise ::RuntimeError, 'logon_time not set on build pac'
+            end
+            checksum_type = opts[:checksum_type] || Rex::Proto::Kerberos::Crypto::RsaMd5::RSA_MD5
+
+            logon_info = Rex::Proto::Kerberos::Pac::LogonInfo.new(
+                logon_time: logon_time,
+                effective_name: user_name,
+                user_id: user_id,
+                primary_group_id: primary_group_id,
+                group_ids: group_ids,
+                logon_domain_name: domain_name,
+                logon_domain_id: domain_id,
+            )
+
+            client_info = Rex::Proto::Kerberos::Pac::ClientInfo.new(
+                client_id: logon_time,
+                name: user_name
+            )
+
+            server_checksum = Rex::Proto::Kerberos::Pac::ServerChecksum.new(
+                checksum: checksum_type
+            )
+
+            priv_srv_checksum = Rex::Proto::Kerberos::Pac::PrivSvrChecksum.new(
+                checksum: checksum_type
+            )
+
+            pac_type = Rex::Proto::Kerberos::Pac::Type.new(
+                buffers: [
+                             logon_info,
+                             client_info,
+                             server_checksum,
+                             priv_srv_checksum
+                         ],
+                checksum: checksum_type
+            )
+
+            pac_type
+          end
+        end
+      end
+    end
+  end
+end
--- a/lib/msf/kerberos/microsoft/client/tgs_request.rb
+++ b/lib/msf/kerberos/microsoft/client/tgs_request.rb
@ -101,56 +101,6 @@ module Msf
            authorization_data
          end

-
-          def build_pac(opts)
-            user_name = opts[:client_name] || ''
-            user_id = opts[:user_id] || 1000
-            primary_group_id = opts[:group_id] || 513
-            group_ids = opts[:group_ids] || [513]
-            domain_name = opts[:realm] || ''
-            domain_id = opts[:domain_id] || ''
-            logon_time = opts[:logon_time]
-            if logon_time.nil?
-              raise ::RuntimeError, 'logon_time not set on build pac'
-            end
-            checksum_type = opts[:checksum_type] || Rex::Proto::Kerberos::Crypto::RsaMd5::RSA_MD5
-
-            logon_info = Rex::Proto::Kerberos::Pac::LogonInfo.new(
-              logon_time: logon_time,
-              effective_name: user_name,
-              user_id: user_id,
-              primary_group_id: primary_group_id,
-              group_ids: group_ids,
-              logon_domain_name: domain_name,
-              logon_domain_id: domain_id,
-            )
-
-            client_info = Rex::Proto::Kerberos::Pac::ClientInfo.new(
-              client_id: logon_time,
-              name: user_name
-            )
-
-            server_checksum = Rex::Proto::Kerberos::Pac::ServerChecksum.new(
-              checksum: checksum_type
-            )
-
-            priv_srv_checksum = Rex::Proto::Kerberos::Pac::PrivSvrChecksum.new(
-              checksum: checksum_type
-            )
-
-            pac_type = Rex::Proto::Kerberos::Pac::Type.new(
-              buffers: [
-                logon_info,
-                client_info,
-                server_checksum,
-                priv_srv_checksum
-              ],
-              checksum: checksum_type
-            )
-
-            pac_type
-          end
-
          # Builds a kerberos pre authenticated information structure for an TGS request
          #
          # @param opts [Hash]