Skip to content

Commit 393be37

Browse files
NeffIsBackNeffIsBack
committed
Refactor tgs output
1 parent e80654f commit 393be37

1 file changed

Lines changed: 17 additions & 37 deletions

File tree

nxc/protocols/ldap/kerberos.py

Lines changed: 17 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -63,44 +63,24 @@ def output_tgs(self, tgs, old_session_key, session_key, username, spn, fd=None):
6363
# Regarding AES encryption type (AES128 CTS HMAC-SHA1 96 and AES256 CTS HMAC-SHA1 96)
6464
# last 12 bytes of the encrypted ticket represent the checksum of the decrypted
6565
# ticket
66-
if decoded_tgs["ticket"]["enc-part"]["etype"] == constants.EncryptionTypes.rc4_hmac.value:
67-
entry = "$krb5tgs${}$*{}${}${}*${}${}".format(
68-
constants.EncryptionTypes.rc4_hmac.value,
69-
username,
70-
decoded_tgs["ticket"]["realm"],
71-
spn.replace(":", "~"),
72-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][:16].asOctets()).decode(),
73-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][16:].asOctets()).decode(),
74-
)
75-
elif decoded_tgs["ticket"]["enc-part"]["etype"] == constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value:
76-
entry = "$krb5tgs${}${}${}$*{}*${}${}".format(
77-
constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value,
78-
username,
79-
decoded_tgs["ticket"]["realm"],
80-
spn.replace(":", "~"),
81-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][-12:].asOctets()).decode(),
82-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][:-12:].asOctets()).decode,
83-
)
84-
elif decoded_tgs["ticket"]["enc-part"]["etype"] == constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value:
85-
entry = "$krb5tgs${}${}${}$*{}*${}${}".format(
86-
constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value,
87-
username,
88-
decoded_tgs["ticket"]["realm"],
89-
spn.replace(":", "~"),
90-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][-12:].asOctets()).decode(),
91-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][:-12:].asOctets()).decode(),
92-
)
93-
elif decoded_tgs["ticket"]["enc-part"]["etype"] == constants.EncryptionTypes.des_cbc_md5.value:
94-
entry = "$krb5tgs${}$*{}${}${}*${}${}".format(
95-
constants.EncryptionTypes.des_cbc_md5.value,
96-
username,
97-
decoded_tgs["ticket"]["realm"],
98-
spn.replace(":", "~"),
99-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][:16].asOctets()).decode(),
100-
hexlify(decoded_tgs["ticket"]["enc-part"]["cipher"][16:].asOctets()).decode(),
101-
)
66+
67+
# Define variables
68+
enc = decoded_tgs["ticket"]["enc-part"]
69+
etype = enc["etype"]
70+
cipher = enc["cipher"].asOctets()
71+
realm = decoded_tgs["ticket"]["realm"]
72+
73+
spn_fmt = spn.replace(":", "~")
74+
if etype in (constants.EncryptionTypes.rc4_hmac.value, constants.EncryptionTypes.des_cbc_md5.value):
75+
chk = hexlify(cipher[:16]).decode()
76+
data = hexlify(cipher[16:]).decode()
77+
entry = f"$krb5tgs${etype}$*{username}${realm}${spn_fmt}*${chk}${data}"
78+
elif etype in (constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value, constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value):
79+
chk = hexlify(cipher[-12:]).decode()
80+
data = hexlify(cipher[:-12]).decode()
81+
entry = f"$krb5tgs${etype}${username}${realm}$*{spn_fmt}*${chk}${data}"
10282
else:
103-
nxc_logger.error(f"Skipping {decoded_tgs['ticket']['sname']['name-string'][0]}/{decoded_tgs['ticket']['sname']['name-string'][1]} due to incompatible e-type {decoded_tgs['ticket']['enc-part']['etype']:d}")
83+
nxc_logger.fail(f"Skipping {decoded_tgs['ticket']['sname']['name-string'][0]}/{decoded_tgs['ticket']['sname']['name-string'][1]} due to incompatible e-type {decoded_tgs['ticket']['enc-part']['etype']:d}")
10484

10585
return entry
10686

0 commit comments

Comments
 (0)