Build AuthorizationData from the module

2014-12-19 18:58:06 -06:00 · 2014-12-19 18:58:06 -06:00 · e6781fcbea
parent 9bd454d288
commit e6781fcbea
3 changed files with 20 additions and 23 deletions
--- a/lib/msf/kerberos/client/pac.rb
+++ b/lib/msf/kerberos/client/pac.rb
@ -69,6 +69,20 @@ module Msf

          pac_type
        end
+
+        def build_authorization_data(opts)
+          pac = opts[:pac] || ''
+
+          pac_auth_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
+              elements: [{:type => Rex::Proto::Kerberos::Pac::AD_WIN2K_PAC, :data => pac}]
+          )
+          authorization_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
+              elements: [{:type => Rex::Proto::Kerberos::Model::AD_IF_RELEVANT, :data => pac_auth_data.encode}]
+          )
+
+          authorization_data
+        end
+
      end
    end
  end
--- a/lib/msf/kerberos/client/tgs_request.rb
+++ b/lib/msf/kerberos/client/tgs_request.rb
@ -16,14 +16,6 @@ module Msf
          realm = opts[:realm] || ''
          sname = opts[:sname] || build_server_name(opts)

-          #pac = build_pac(opts)
-
-          #opts.merge!({:pac => pac.encode})
-
-          auth_data = build_authorization_data(opts)
-
-          opts.merge!({:auth_data => auth_data})
-
          subkey = Rex::Proto::Kerberos::Model::EncryptionKey.new(
            type: 23,
            #value: Rex::Text.rand_text(16)
@ -32,7 +24,9 @@ module Msf

          opts.merge!({:subkey => subkey})

-          enc_auth_data = build_enc_auth_data(opts)
+          if opts[:auth_data]
+            enc_auth_data = build_enc_auth_data(opts)
+          end

          body = Rex::Proto::Kerberos::Model::KdcRequestBody.new(
            options: options,
@ -87,19 +81,6 @@ module Msf
          e_data
        end

-        def build_authorization_data(opts)
-          pac = opts[:pac] || ''
-
-          pac_auth_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
-              elements: [{:type => Rex::Proto::Kerberos::Pac::AD_WIN2K_PAC, :data => pac}]
-          )
-          authorization_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
-              elements: [{:type => Rex::Proto::Kerberos::Model::AD_IF_RELEVANT, :data => pac_auth_data.encode}]
-          )
-
-          authorization_data
-        end
-
        # Builds a kerberos pre authenticated information structure for an TGS request
        #
        # @param opts [Hash]
--- a/modules/auxiliary/admin/kerberos/kerberos_test.rb
+++ b/modules/auxiliary/admin/kerberos/kerberos_test.rb
@ -72,6 +72,8 @@ class Metasploit4 < Msf::Auxiliary
      logon_time: logon_time,
    )

+    auth_data = build_authorization_data(pac: pac.encode)
+
    res = send_request_tgs(
      client_name: 'juan',
      server_name: 'krbtgt/DEMO.LOCAL',
@ -82,7 +84,7 @@ class Metasploit4 < Msf::Auxiliary
      ticket: ticket,
      group_ids: [513, 512, 520, 518, 519],
      domain_id: 'S-1-5-21-1755879683-3641577184-3486455962',
-      pac: pac.encode
+      auth_data: auth_data
    )

    unless res.msg_type == 13