138 lines
3.7 KiB
Ruby
138 lines
3.7 KiB
Ruby
# -*- coding: binary -*-
|
|
require 'rex/proto/kerberos'
|
|
|
|
module Msf
|
|
module Kerberos
|
|
module Microsoft
|
|
module Client
|
|
require 'msf/kerberos/client/base'
|
|
require 'msf/kerberos/client/as_request'
|
|
require 'msf/kerberos/client/as_response'
|
|
require 'msf/kerberos/client/tgs_request'
|
|
require 'msf/kerberos/client/tgs_response'
|
|
require 'msf/kerberos/client/pac'
|
|
require 'msf/kerberos/client/cache_credential'
|
|
|
|
include Msf::Kerberos::Client::Base
|
|
include Msf::Kerberos::Client::AsRequest
|
|
include Msf::Kerberos::Client::AsResponse
|
|
include Msf::Kerberos::Client::TgsRequest
|
|
include Msf::Kerberos::Client::TgsResponse
|
|
include Msf::Kerberos::Client::Pac
|
|
include Msf::Kerberos::Client::CacheCredential
|
|
|
|
# @!attribute client
|
|
# @return [Rex::Proto::Kerberos::Client] The kerberos client
|
|
attr_accessor :client
|
|
|
|
def initialize(info = {})
|
|
super
|
|
|
|
register_options(
|
|
[
|
|
Opt::RHOST,
|
|
Opt::RPORT(88),
|
|
OptInt.new('Timeout', [true, 'The TCP timeout to establish connection and read data', 10])
|
|
], self.class
|
|
)
|
|
end
|
|
|
|
# Returns the target host
|
|
#
|
|
# @return [String]
|
|
def rhost
|
|
datastore['RHOST']
|
|
end
|
|
|
|
# Returns the remote port
|
|
#
|
|
# @return [Fixnum]
|
|
def rport
|
|
datastore['RPORT']
|
|
end
|
|
|
|
# Returns the TCP timeout
|
|
#
|
|
# @return [Fixnum]
|
|
def timeout
|
|
datastore['Timeout']
|
|
end
|
|
|
|
# Returns the kdc peer
|
|
#
|
|
# @return [String]
|
|
def peer
|
|
"#{rhost}:#{rport}"
|
|
end
|
|
|
|
# Creates a kerberos connection
|
|
#
|
|
# @param opts [Hash{Symbol => <String, Fixnum>}]
|
|
# @option opts [String] :rhost
|
|
# @option opts [<String, Fixnum>] :rport
|
|
# @return [Rex::Proto::Kerberos::Client]
|
|
def connect(opts={})
|
|
kerb_client = Rex::Proto::Kerberos::Client.new(
|
|
host: opts[:rhost] || rhost,
|
|
port: (opts[:rport] || rport).to_i,
|
|
timeout: (opts[:timeout] || timeout).to_i,
|
|
context:
|
|
{
|
|
'Msf' => framework,
|
|
'MsfExploit' => self,
|
|
},
|
|
protocol: 'tcp'
|
|
)
|
|
|
|
disconnect if client
|
|
self.client = kerb_client
|
|
|
|
kerb_client
|
|
end
|
|
|
|
# Disconnects the Kerberos client
|
|
#
|
|
# @param kerb_client [Rex::Proto::Kerberos::Client] the client to disconnect
|
|
def disconnect(kerb_client = client)
|
|
kerb_client.close if kerb_client
|
|
|
|
if kerb_client == client
|
|
self.client = nil
|
|
end
|
|
end
|
|
|
|
# Performs cleanup as necessary, disconnecting the Kerberos client
|
|
# if it's still established.
|
|
def cleanup
|
|
super
|
|
disconnect
|
|
end
|
|
|
|
# Sends a kerberos AS request and reads the response
|
|
#
|
|
# @param opts [Hash]
|
|
# @return [Rex::Proto::Kerberos::Model::KdcResponse]
|
|
def send_request_as(opts = {})
|
|
connect(opts)
|
|
req = build_as_request(opts)
|
|
res = client.send_recv(req)
|
|
disconnect
|
|
res
|
|
end
|
|
|
|
# Sends a kerberos AS request and reads the response
|
|
#
|
|
# @param opts [Hash]
|
|
# @return [Rex::Proto::Kerberos::Model::KdcResponse]
|
|
def send_request_tgs(opts = {})
|
|
connect(opts)
|
|
req = build_tgs_request(opts)
|
|
res = client.send_recv(req)
|
|
disconnect
|
|
res
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|