Module: Msf::Exploit::Remote::Kerberos::Ticket::Storage::ReadMixin

Included in:

ReadOnly, ReadWrite

Defined in:

lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb

Overview

A mixin providing the ability to read previously stored tickets.

Instance Method Summary

• #load_credential(options = {}) ⇒ Rex::Proto::Kerberos::CredentialCache::Krb5CcacheCredential^?

  Load a stored credential object that is suitable for authentication.

• #tickets(options = {}, &block) ⇒ Array<StoredTicket>

  Get stored tickets matching the options query.

Instance Method Details

#load_credential(options = {}) ⇒ Rex::Proto::Kerberos::CredentialCache::Krb5CcacheCredential^?

Load a stored credential object that is suitable for authentication.

Parameters:

• options (Hash) (defaults to: {}) —

  See the options description in #tickets.

Returns:

• (Rex::Proto::Kerberos::CredentialCache::Krb5CcacheCredential, nil) —

  credential The credential if one was found.

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb', line 5

def load_credential(options = {})
  return nil unless active_db?

  now = Time.now.utc
  available_tickets = tickets(options).select do |ticket|
    !ticket.expired?(now)
  end
  if options[:offered_etypes].present?
    # Prefer etypes mentioned first
    options[:offered_etypes].each do |etype|
      available_tickets.each do |t|
        if t.enctype == etype
          return t.ccache.credentials.first
        end
      end
    end
  else
    return available_tickets.first.ccache.credentials.first
  end

  nil
end

#tickets(options = {}, &block) ⇒ Array<StoredTicket>

Get stored tickets matching the options query.

Parameters:

• options (Hash) (defaults to: {}) —

  The options for matching tickets. The :realm, :server, :client and :status options are all processed as a group. If any one or more of them are specified, they are all used for filtering. It can not for example specify client and fetch all tickets for a particular client where the server is different.

Options Hash (options):

• :id (Integer, Array<Integer>) —

  The identifier of the ticket (optional)

• :host (String) —

  The host for the ticket (optional)

• :realm (String) —

  The realm of the ticket (optional)

• :server (String) —

  The service name of the ticket (optional)

• :client (String) —

  The client username of the ticket (optional)

• :status (Symbol) —

  The ticket status, defaults to valid (optional)

Returns:

• (Array<StoredTicket>)

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb', line 29

def tickets(options = {}, &block)
  mapped = objects(options).map do |stored_loot|
    stored_ticket = StoredTicket.new(stored_loot)
  end

  mapped.select do |stored_ticket|
    # If we were provided a set of etypes to look for, restrict to that
    if options[:offered_etypes].nil? || options[:offered_etypes].include?(stored_ticket.enctype)
      block.call(stored_ticket) if block_given?
      true
    else
      false
    end
  end
end