fix(kerberos): only use kcache if asked to via cml parameters; add additional debug and error handling

nxc/protocols/ldap/kerberos.py

@@ -104,23 +104,26 @@ class KerberosAttacks:
         return entry
 
     def get_tgt_kerberoasting(self):
-        if getenv("KRB5CCNAME"):
+        if self.args.use_kcache:
-            nxc_logger.debug("KRB5CCNAME environment variable exists, attempting to use that...")
+            if getenv("KRB5CCNAME"):
-            try:
+                nxc_logger.debug("KRB5CCNAME environment variable exists, attempting to use that...")
-                ccache = CCache.loadFile(getenv("KRB5CCNAME"))
+                try:
-                # retrieve user and domain information from CCache file if needed
+                    ccache = CCache.loadFile(getenv("KRB5CCNAME"))
-                domain = ccache.principal.realm["data"] if self.domain == "" else self.domain
+                    # retrieve user and domain information from CCache file if needed
-                nxc_logger.debug(f"Using Kerberos Cache: {getenv('KRB5CCNAME')}")
+                    domain = ccache.principal.realm["data"] if self.domain == "" else self.domain
-                principal = f"krbtgt/{domain.upper()}@{domain.upper()}"
+                    nxc_logger.debug(f"Using Kerberos Cache: {getenv('KRB5CCNAME')}")
-                creds = ccache.getCredential(principal)
+                    principal = f"krbtgt/{domain.upper()}@{domain.upper()}"
-                if creds is not None:
+                    creds = ccache.getCredential(principal)
-                    tgt = creds.toTGT()
+                    if creds is not None:
-                    nxc_logger.debug("Using TGT from cache")
+                        tgt = creds.toTGT()
-                    return tgt
+                        nxc_logger.debug("Using TGT from cache")
-                else:
+                        return tgt
-                    nxc_logger.debug("No valid credentials found in cache")
+                    else:
-            except Exception:
+                        nxc_logger.debug("No valid credentials found in cache")
-                pass
+                except Exception:
+                    pass
+            else:
+                nxc_logger.fail("KRB5CCNAME environment variable not found, unable to use Kerberos Cache")
 
         # No TGT in cache, request it
         user_name = Principal(self.username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
@@ -140,6 +143,12 @@ class KerberosAttacks:
                     self.aesKey,
                     kdcHost=self.kdcHost,
                 )
+            except OSError as e:
+                if e.errno == 113:
+                    nxc_logger.fail(f"Unable to resolve KDC hostname: {e!s}")
+                else:
+                    nxc_logger.fail(f"Some other OSError occured: {e!s}")
+                return None
             except Exception as e:
                 nxc_logger.debug(f"TGT: {e!s}")
                 tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(
@@ -151,7 +160,6 @@ class KerberosAttacks:
                     self.aesKey,
                     kdcHost=self.kdcHost,
                 )
-
         else:
             tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(
                 user_name,
@@ -166,7 +174,7 @@ class KerberosAttacks:
         tgt["KDC_REP"] = tgt
         tgt["cipher"] = cipher
         tgt["session_key"] = sessionKey
-
+        nxc_logger.debug(f"Final TGT: {tgt}")
         return tgt
 
     def get_tgt_asroast(self, userName, requestPAC=True):