Build pre auth array out of the mixin

2014-12-19 18:10:14 -06:00 · 2014-12-19 18:10:14 -06:00 · bd85723a9d
parent 9cfc52b5af
commit bd85723a9d
2 changed files with 11 additions and 19 deletions
--- a/lib/msf/kerberos/microsoft/client/as_request.rb
+++ b/lib/msf/kerberos/microsoft/client/as_request.rb
@ -21,9 +21,8 @@ module Msf
          # @option opts [Rex::Proto::Kerberos::Model::PrincipalName] :sname
          # @return [Rex::Proto::Kerberos::Model::KdcRequest]
          def build_as_request(opts = {})
-            body = build_as_request_body(opts)
-
-            pa_data = opts[:pa_data] || build_as_pa_data(opts)
+            pa_data = opts[:pa_data]
+            body = opts[:body] || build_as_request_body(opts)

            request = Rex::Proto::Kerberos::Model::KdcRequest.new(
              pvno: 5,
@ -35,19 +34,6 @@ module Msf
            request
          end

-          # Builds a kerberos pre authenticated information structure for an AS Request
-          #
-          # @param opts [Hash]
-          # @return [Array<Rex::Proto::Kerberos::Model::PreAuthData>]
-          def build_as_pa_data(opts = {})
-            pa_data = []
-
-            pa_data << build_as_pa_time_stamp(opts)
-            pa_data << build_pa_pac_request(opts)
-
-            pa_data
-          end
-
          # Builds a kerberos PA-ENC-TIMESTAMP pre authenticated structure
          #
          # @param opts [Hash{Symbol => <Time, Fixnum, String>}]
--- a/modules/auxiliary/admin/kerberos/kerberos_test.rb
+++ b/modules/auxiliary/admin/kerberos/kerberos_test.rb
@ -40,7 +40,14 @@ class Metasploit4 < Msf::Auxiliary

 		connect(:rhost => datastore['RHOST'])
    print_status("Sending AS-REQ...")
-		res = send_request_as(opts)
+
+    pre_auth = []
+    pre_auth << build_as_pa_time_stamp(opts)
+    pre_auth << build_pa_pac_request(opts)
+    pre_auth
+    opts.merge!({:pa_data => pa_data})
+
+    res = send_request_as(opts)

    unless res.msg_type == 11
      print_error("invalid response :(")
@ -48,13 +55,12 @@ class Metasploit4 < Msf::Auxiliary
    end

    print_good("good answer!")
+    opts.delete(:pa_data)
    print_status("Parsing AS-REP...")

    session_key = extract_session_key(res, opts[:key])
-    pp session_key
    logon_time = extract_logon_time(res, opts[:key])

-    print_status("logon time: #{logon_time}")
    ticket = res.ticket

    opts.merge!(