Moved the fix for Pennyw0rth#592 to kerberoast class because otherwise user without password crashes without DNS

Author: NeffIsBack

nxc/protocols/ldap.py

@@ -806,10 +806,6 @@ def asreproast(self):
         if self.password == "" and self.nthash == "" and self.kerberos is False:
             return False
 
-        # If kdcHost isn't set, use the target IP for DNS resolution
-        if not self.kdcHost:
-            self.kdcHost = self.host
-
         # Building the search filter
         search_filter = "(&(UserAccountControl:1.2.840.113556.1.4.803:=%d)(!(UserAccountControl:1.2.840.113556.1.4.803:=%d))(!(objectCategory=computer)))" % (UF_DONT_REQUIRE_PREAUTH, UF_ACCOUNTDISABLE)
         attributes = [

nxc/protocols/ldap/kerberos.py

@@ -28,6 +28,7 @@ def __init__(self, connection):
         self.username = connection.username
         self.password = connection.password
         self.domain = connection.domain
+        self.host = connection.host
         self.targetDomain = connection.targetDomain
         self.hash = connection.hash
         self.lmhash = ""
@@ -223,6 +224,10 @@ def get_tgt_asroast(self, userName, requestPAC=True):
 
         message = encoder.encode(as_req)
 
+        # If kdcHost isn't set, use the target IP for DNS resolution
+        if not self.kdcHost:
+            self.kdcHost = self.host
+
         try:
             r = sendReceive(message, domain, self.kdcHost)
         except KerberosError as e: