adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/DCERPC/KerberosAuthentication.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

913 lines
47 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::DCERPC::KerberosAuthentication
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::DCERPC::KerberosAuthentication";
relpath = '../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../_index.html">Index (K)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../DCERPC.html" title="Msf::Exploit::Remote::DCERPC (module)">DCERPC</a></span></span>
&raquo;
<span class="title">KerberosAuthentication</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::DCERPC::KerberosAuthentication
</h1>
<div class="box_info">
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This class implements an override for RubySMBs default authentication method to instead use a kerberos authenticator</p>
</div>
</div>
<div class="tags">
</div>
<h2>Instance Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#krb_encryptor-instance_method" title="#krb_encryptor (instance method)">#<strong>krb_encryptor</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute krb_encryptor.</p>
</div></span>
</li>
</ul>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#auth_provider_complete_handshake-instance_method" title="#auth_provider_complete_handshake (instance method)">#<strong>auth_provider_complete_handshake</strong>(response, options) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#auth_provider_decrypt_and_verify-instance_method" title="#auth_provider_decrypt_and_verify (instance method)">#<strong>auth_provider_decrypt_and_verify</strong>(dcerpc_response) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Decrypt the value in dcerpc_response, and validate its signature.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#auth_provider_encrypt_and_sign-instance_method" title="#auth_provider_encrypt_and_sign (instance method)">#<strong>auth_provider_encrypt_and_sign</strong>(dcerpc_req) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Encrypt the value in dcerpc_req, and add a valid signature to the request.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#auth_provider_init-instance_method" title="#auth_provider_init (instance method)">#<strong>auth_provider_init</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Initialize the auth provider using Kerberos.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#build_ap_rep-instance_method" title="#build_ap_rep (instance method)">#<strong>build_ap_rep</strong>(session_key, sequence_number) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_auth_padding_length-instance_method" title="#get_auth_padding_length (instance method)">#<strong>get_auth_padding_length</strong>(plaintext_len) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#kerberos_authenticator=-instance_method" title="#kerberos_authenticator= (instance method)">#<strong>kerberos_authenticator=</strong>(kerberos_authenticator) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id="krb_encryptor=-instance_method"></span>
<div class="method_details first">
<h3 class="signature first" id="krb_encryptor-instance_method">
#<strong>krb_encryptor</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute krb_encryptor.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
134
135
136</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 134</span>
<span class='kw'>def</span> <span class='id identifier rubyid_krb_encryptor'>krb_encryptor</span>
<span class='ivar'>@krb_encryptor</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="auth_provider_complete_handshake-instance_method">
#<strong>auth_provider_complete_handshake</strong>(response, options) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 84</span>
<span class='kw'>def</span> <span class='id identifier rubyid_auth_provider_complete_handshake'>auth_provider_complete_handshake</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='comma'>,</span> <span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='ivar'>@kerberos_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_validate_response!'>validate_response!</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_auth_value'>auth_value</span><span class='comma'>,</span> <span class='label'>accept_incomplete:</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='id identifier rubyid_gss_api'>gss_api</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='period'>.</span><span class='id identifier rubyid_decode'>decode</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_auth_value'>auth_value</span><span class='rparen'>)</span>
<span class='id identifier rubyid_security_blob'>security_blob</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Gss</span><span class='period'>.</span><span class='id identifier rubyid_asn1dig'>asn1dig</span><span class='lparen'>(</span><span class='id identifier rubyid_gss_api'>gss_api</span><span class='comma'>,</span> <span class='int'>0</span><span class='comma'>,</span> <span class='int'>2</span><span class='comma'>,</span> <span class='int'>0</span><span class='rparen'>)</span><span class='op'>&amp;.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_ap_rep'>ap_rep</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/ApRep.html" title="Rex::Proto::Kerberos::Model::ApRep (class)">ApRep</a></span></span><span class='period'>.</span><span class='id identifier rubyid_decode'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/ApRep.html#decode-instance_method" title="Rex::Proto::Kerberos::Model::ApRep#decode (method)">decode</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ap_rep_enc_part'>ap_rep_enc_part</span> <span class='op'>=</span> <span class='id identifier rubyid_ap_rep'>ap_rep</span><span class='period'>.</span><span class='id identifier rubyid_decrypt_enc_part'>decrypt_enc_part</span><span class='lparen'>(</span><span class='ivar'>@session_key</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Error.html" title="Rex::Proto::Kerberos::Model::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Error/KerberosDecodingError.html" title="Rex::Proto::Kerberos::Model::Error::KerberosDecodingError (class)">KerberosDecodingError</a></span></span><span class='comma'>,</span>
<span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Error.html" title="Rex::Proto::Kerberos::Model::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Error/KerberosError.html" title="Rex::Proto::Kerberos::Model::Error::KerberosError (class)">KerberosError</a></span></span><span class='comma'>,</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ASN1Error</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>BindError</span><span class='comma'>,</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span> <span class='comment'># raise the more context-specific BindError
</span> <span class='kw'>end</span>
<span class='id identifier rubyid_server_sequence_number'>server_sequence_number</span> <span class='op'>=</span> <span class='id identifier rubyid_ap_rep_enc_part'>ap_rep_enc_part</span><span class='period'>.</span><span class='id identifier rubyid_sequence_number'>sequence_number</span>
<span class='comment'># Now complete the handshake - see [MS-KILE] 3.4.5.1 - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/190ab8de-dc42-49cf-bf1b-ea5705b7a087
</span> <span class='id identifier rubyid_response_ap_rep'>response_ap_rep</span> <span class='op'>=</span> <span class='id identifier rubyid_build_ap_rep'>build_ap_rep</span><span class='lparen'>(</span><span class='ivar'>@session_key</span><span class='comma'>,</span> <span class='id identifier rubyid_server_sequence_number'>server_sequence_number</span><span class='rparen'>)</span>
<span class='id identifier rubyid_wrapped_ap_rep'>wrapped_ap_rep</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ASN1Data</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='lbracket'>[</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>Sequence</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='lbracket'>[</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ASN1Data</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='lbracket'>[</span>
<span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>OctetString</span><span class='lparen'>(</span><span class='id identifier rubyid_response_ap_rep'>response_ap_rep</span><span class='period'>.</span><span class='id identifier rubyid_encode'>encode</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='int'>2</span><span class='comma'>,</span> <span class='symbol'>:CONTEXT_SPECIFIC</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='int'>1</span><span class='comma'>,</span> <span class='symbol'>:CONTEXT_SPECIFIC</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
<span class='id identifier rubyid_alter_ctx'>alter_ctx</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>AlterContext</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
<span class='id identifier rubyid_alter_ctx'>alter_ctx</span><span class='period'>.</span><span class='id identifier rubyid_pdu_header'>pdu_header</span><span class='period'>.</span><span class='id identifier rubyid_call_id'>call_id</span> <span class='op'>=</span> <span class='ivar'>@call_id</span>
<span class='id identifier rubyid_add_auth_verifier'>add_auth_verifier</span><span class='lparen'>(</span><span class='id identifier rubyid_alter_ctx'>alter_ctx</span><span class='comma'>,</span> <span class='id identifier rubyid_wrapped_ap_rep'>wrapped_ap_rep</span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_packet'>send_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_alter_ctx'>alter_ctx</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_dcerpc_response'>dcerpc_response</span> <span class='op'>=</span> <span class='id identifier rubyid_recv_struct'>recv_struct</span><span class='lparen'>(</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>AlterContextResp</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>InvalidPacket</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>BindError</span><span class='comma'>,</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span> <span class='comment'># raise the more context-specific BindError
</span> <span class='kw'>end</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_krb_encryptor'>krb_encryptor</span> <span class='op'>=</span> <span class='ivar'>@kerberos_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_get_message_encryptor'>get_message_encryptor</span><span class='lparen'>(</span><span class='id identifier rubyid_ap_rep_enc_part'>ap_rep_enc_part</span><span class='period'>.</span><span class='id identifier rubyid_subkey'>subkey</span><span class='comma'>,</span>
<span class='ivar'>@client_sequence_number</span><span class='comma'>,</span>
<span class='id identifier rubyid_server_sequence_number'>server_sequence_number</span><span class='comma'>,</span>
<span class='label'>rc4_pad_style:</span> <span class='symbol'>:eight_byte_aligned</span><span class='rparen'>)</span>
<span class='comment'># Set the session key value on the parent class - needed for decrypting attribute values in e.g. DRSR
</span> <span class='ivar'>@session_key</span> <span class='op'>=</span> <span class='id identifier rubyid_ap_rep_enc_part'>ap_rep_enc_part</span><span class='period'>.</span><span class='id identifier rubyid_subkey'>subkey</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="auth_provider_decrypt_and_verify-instance_method">
#<strong>auth_provider_decrypt_and_verify</strong>(dcerpc_response) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Decrypt the value in dcerpc_response, and validate its signature. This function modifies the request object in-place, and returns whether the signature was valid.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>dcerpc_response</span>
<span class='type'>(<tt>Response</tt>)</span>
&mdash;
<div class='inline'>
<p>The Response packet to decrypt and verify in-place</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>Is the packet's signature valid?</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'></span>
<div class='inline'>
<p>ArgumentError If the auth type is not SPNEGO (which ultimately wraps Kerberos)</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 41</span>
<span class='kw'>def</span> <span class='id identifier rubyid_auth_provider_decrypt_and_verify'>auth_provider_decrypt_and_verify</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_response'>dcerpc_response</span><span class='rparen'>)</span>
<span class='id identifier rubyid_auth_type'>auth_type</span> <span class='op'>=</span> <span class='id identifier rubyid_dcerpc_response'>dcerpc_response</span><span class='period'>.</span><span class='id identifier rubyid_sec_trailer'>sec_trailer</span><span class='period'>.</span><span class='id identifier rubyid_auth_type'>auth_type</span>
<span class='kw'>unless</span> <span class='lbracket'>[</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dcerpc</span><span class='op'>::</span><span class='const'>RPC_C_AUTHN_GSS_NEGOTIATE</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_auth_type'>auth_type</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unsupported Auth Type: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_dcerpc_response'>dcerpc_response</span><span class='period'>.</span><span class='id identifier rubyid_sec_trailer'>sec_trailer</span><span class='period'>.</span><span class='id identifier rubyid_auth_type'>auth_type</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_encrypted_stub'>encrypted_stub</span> <span class='op'>=</span> <span class='id identifier rubyid_get_response_full_stub'>get_response_full_stub</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_response'>dcerpc_response</span><span class='rparen'>)</span>
<span class='id identifier rubyid_signature'>signature</span> <span class='op'>=</span> <span class='id identifier rubyid_dcerpc_response'>dcerpc_response</span><span class='period'>.</span><span class='id identifier rubyid_auth_value'>auth_value</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_signature'>signature</span> <span class='op'>+</span> <span class='id identifier rubyid_encrypted_stub'>encrypted_stub</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_krb_encryptor'>krb_encryptor</span><span class='period'>.</span><span class='id identifier rubyid_decrypt_and_verify'>decrypt_and_verify</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Error.html" title="Rex::Proto::Kerberos::Model::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Error/KerberosError.html" title="Rex::Proto::Kerberos::Model::Error::KerberosError (class)">KerberosError</a></span></span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_set_decrypted_packet'>set_decrypted_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_response'>dcerpc_response</span><span class='comma'>,</span> <span class='id identifier rubyid_result'>result</span><span class='rparen'>)</span>
<span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="auth_provider_encrypt_and_sign-instance_method">
#<strong>auth_provider_encrypt_and_sign</strong>(dcerpc_req) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Encrypt the value in dcerpc_req, and add a valid signature to the request. This function modifies the request object in-place, and does not return anything.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>dcerpc_req</span>
<span class='type'>(<tt>Request</tt>)</span>
&mdash;
<div class='inline'>
<p>The Request object to be encrypted and signed in-place</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
25
26
27
28
29
30
31
32
33
34</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 25</span>
<span class='kw'>def</span> <span class='id identifier rubyid_auth_provider_encrypt_and_sign'>auth_provider_encrypt_and_sign</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_req'>dcerpc_req</span><span class='rparen'>)</span>
<span class='id identifier rubyid_auth_pad_length'>auth_pad_length</span> <span class='op'>=</span> <span class='id identifier rubyid_get_auth_padding_length'>get_auth_padding_length</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_req'>dcerpc_req</span><span class='period'>.</span><span class='id identifier rubyid_stub'>stub</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rparen'>)</span>
<span class='id identifier rubyid_plain_stub'>plain_stub</span> <span class='op'>=</span> <span class='id identifier rubyid_dcerpc_req'>dcerpc_req</span><span class='period'>.</span><span class='id identifier rubyid_stub'>stub</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x00</span><span class='tstring_end'>&quot;</span></span> <span class='op'>*</span> <span class='id identifier rubyid_auth_pad_length'>auth_pad_length</span>
<span class='id identifier rubyid_emessage'>emessage</span><span class='comma'>,</span> <span class='id identifier rubyid_header_length'>header_length</span><span class='comma'>,</span> <span class='id identifier rubyid_krb_pad_length'>krb_pad_length</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_krb_encryptor'>krb_encryptor</span><span class='period'>.</span><span class='id identifier rubyid_encrypt_and_increment'>encrypt_and_increment</span><span class='lparen'>(</span><span class='id identifier rubyid_plain_stub'>plain_stub</span><span class='rparen'>)</span>
<span class='id identifier rubyid_encrypted_stub'>encrypted_stub</span> <span class='op'>=</span> <span class='id identifier rubyid_emessage'>emessage</span><span class='lbracket'>[</span><span class='id identifier rubyid_header_length'>header_length</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_signature'>signature</span> <span class='op'>=</span> <span class='id identifier rubyid_emessage'>emessage</span><span class='lbracket'>[</span><span class='int'>0</span><span class='comma'>,</span><span class='id identifier rubyid_header_length'>header_length</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_set_encrypted_packet'>set_encrypted_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_req'>dcerpc_req</span><span class='comma'>,</span> <span class='id identifier rubyid_encrypted_stub'>encrypted_stub</span><span class='comma'>,</span> <span class='id identifier rubyid_auth_pad_length'>auth_pad_length</span><span class='rparen'>)</span>
<span class='id identifier rubyid_set_signature_on_packet'>set_signature_on_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_dcerpc_req'>dcerpc_req</span><span class='comma'>,</span> <span class='id identifier rubyid_signature'>signature</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="auth_provider_init-instance_method">
#<strong>auth_provider_init</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Initialize the auth provider using Kerberos</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'></span>
<div class='inline'>
<p>Serialized message for initializing the auth provider</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
15
16
17
18
19
20</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 15</span>
<span class='kw'>def</span> <span class='id identifier rubyid_auth_provider_init'>auth_provider_init</span>
<span class='id identifier rubyid_kerberos_result'>kerberos_result</span> <span class='op'>=</span> <span class='ivar'>@kerberos_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_authenticate'>authenticate</span>
<span class='ivar'>@application_key</span> <span class='op'>=</span> <span class='ivar'>@session_key</span> <span class='op'>=</span> <span class='id identifier rubyid_kerberos_result'>kerberos_result</span><span class='lbracket'>[</span><span class='symbol'>:session_key</span><span class='rbracket'>]</span>
<span class='ivar'>@client_sequence_number</span> <span class='op'>=</span> <span class='id identifier rubyid_kerberos_result'>kerberos_result</span><span class='lbracket'>[</span><span class='symbol'>:client_sequence_number</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_kerberos_result'>kerberos_result</span><span class='lbracket'>[</span><span class='symbol'>:security_blob</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="build_ap_rep-instance_method">
#<strong>build_ap_rep</strong>(session_key, sequence_number) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 60</span>
<span class='kw'>def</span> <span class='id identifier rubyid_build_ap_rep'>build_ap_rep</span><span class='lparen'>(</span><span class='id identifier rubyid_session_key'>session_key</span><span class='comma'>,</span> <span class='id identifier rubyid_sequence_number'>sequence_number</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pvno'>pvno</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html#VERSION-constant" title="Rex::Proto::Kerberos::Model::VERSION (constant)">VERSION</a></span></span>
<span class='id identifier rubyid_msg_type'>msg_type</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html#AP_REP-constant" title="Rex::Proto::Kerberos::Model::AP_REP (constant)">AP_REP</a></span></span>
<span class='id identifier rubyid_ctime'>ctime</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='period'>.</span><span class='id identifier rubyid_utc'>utc</span>
<span class='id identifier rubyid_cusec'>cusec</span> <span class='op'>=</span> <span class='id identifier rubyid_ctime'>ctime</span><span class='op'>&amp;.</span><span class='id identifier rubyid_usec'>usec</span>
<span class='id identifier rubyid_encrypted_part'>encrypted_part</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/EncApRepPart.html" title="Rex::Proto::Kerberos::Model::EncApRepPart (class)">EncApRepPart</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Element.html#initialize-instance_method" title="Rex::Proto::Kerberos::Model::Element#initialize (method)">new</a></span></span><span class='lparen'>(</span>
<span class='label'>ctime:</span> <span class='id identifier rubyid_ctime'>ctime</span><span class='comma'>,</span>
<span class='label'>cusec:</span> <span class='id identifier rubyid_cusec'>cusec</span><span class='comma'>,</span>
<span class='label'>sequence_number:</span> <span class='id identifier rubyid_sequence_number'>sequence_number</span><span class='comma'>,</span>
<span class='label'>enc_key_usage:</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Crypto.html" title="Rex::Proto::Kerberos::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Crypto/KeyUsage.html" title="Rex::Proto::Kerberos::Crypto::KeyUsage (module)">KeyUsage</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Crypto/KeyUsage.html#AP_REP_ENCPART-constant" title="Rex::Proto::Kerberos::Crypto::KeyUsage::AP_REP_ENCPART (constant)">AP_REP_ENCPART</a></span></span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_enc_aprep'>enc_aprep</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/EncryptedData.html" title="Rex::Proto::Kerberos::Model::EncryptedData (class)">EncryptedData</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Element.html#initialize-instance_method" title="Rex::Proto::Kerberos::Model::Element#initialize (method)">new</a></span></span><span class='lparen'>(</span>
<span class='label'>etype:</span> <span class='id identifier rubyid_session_key'>session_key</span><span class='period'>.</span><span class='id identifier rubyid_type'>type</span><span class='comma'>,</span>
<span class='label'>cipher:</span> <span class='id identifier rubyid_encrypted_part'>encrypted_part</span><span class='period'>.</span><span class='id identifier rubyid_encrypt'>encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_session_key'>session_key</span><span class='period'>.</span><span class='id identifier rubyid_type'>type</span><span class='comma'>,</span> <span class='id identifier rubyid_session_key'>session_key</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/ApRep.html" title="Rex::Proto::Kerberos::Model::ApRep (class)">ApRep</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../Rex/Proto/Kerberos/Model/Element.html#initialize-instance_method" title="Rex::Proto::Kerberos::Model::Element#initialize (method)">new</a></span></span><span class='lparen'>(</span>
<span class='label'>pvno:</span> <span class='id identifier rubyid_pvno'>pvno</span><span class='comma'>,</span>
<span class='label'>msg_type:</span> <span class='id identifier rubyid_msg_type'>msg_type</span><span class='comma'>,</span>
<span class='label'>enc_part:</span> <span class='id identifier rubyid_enc_aprep'>enc_aprep</span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_auth_padding_length-instance_method">
#<strong>get_auth_padding_length</strong>(plaintext_len) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
130
131
132</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 130</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_auth_padding_length'>get_auth_padding_length</span><span class='lparen'>(</span><span class='id identifier rubyid_plaintext_len'>plaintext_len</span><span class='rparen'>)</span>
<span class='lparen'>(</span><span class='int'>16</span> <span class='op'>-</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_krb_encryptor'>krb_encryptor</span><span class='period'>.</span><span class='id identifier rubyid_calculate_encrypted_length'>calculate_encrypted_length</span><span class='lparen'>(</span><span class='id identifier rubyid_plaintext_len'>plaintext_len</span><span class='rparen'>)</span> <span class='op'>%</span> <span class='int'>16</span><span class='rparen'>)</span><span class='rparen'>)</span> <span class='op'>%</span> <span class='int'>16</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="kerberos_authenticator=-instance_method">
#<strong>kerberos_authenticator=</strong>(kerberos_authenticator) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>kerberos_authenticator</span>
<span class='type'>(<tt><span class='object_link'><a href="../Kerberos/ServiceAuthenticator/SMB.html" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::SMB (class)">Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::SMB</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The authenticator to make the required Kerberos requests</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
9
10
11</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/dcerpc/kerberos_authentication.rb', line 9</span>
<span class='kw'>def</span> <span class='id identifier rubyid_kerberos_authenticator='>kerberos_authenticator=</span><span class='lparen'>(</span><span class='id identifier rubyid_kerberos_authenticator'>kerberos_authenticator</span><span class='rparen'>)</span>
<span class='ivar'>@kerberos_authenticator</span> <span class='op'>=</span> <span class='id identifier rubyid_kerberos_authenticator'>kerberos_authenticator</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:47 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink