fix(wmi): handle Kerberos auth failures and return proper error codes

Marshall-Hallenbeck · Marshall-Hallenbeck · commit 95ac1af00a05 · 2024-05-17T19:33:58.000-04:00
diff --git a/nxc/protocols/wmi.py b/nxc/protocols/wmi.py
@@ -155,8 +155,11 @@ def check_if_admin(self):
             if "dcom" in locals():
                 dcom.disconnect()
 
-            if "access_denied" not in str(e).lower():
+            if "KDC_ERR_PREAUTH_FAILED" in str(e):
+                self.logger.fail("KDC_ERR_PREAUTH_FAILED returned - check if Kerberos and DNS are working!")
+            elif "access_denied" not in str(e).lower():
                 self.logger.fail(str(e))
+            return False
         else:
             if not flag or not self.stringBinding:
                 dcom.disconnect()
@@ -175,6 +178,7 @@ def check_if_admin(self):
 
                     if "access_denied" not in str(e).lower():
                         self.logger.fail(str(e))
+                        return False
                 else:
                     dcom.disconnect()
                     self.logger.extra["protocol"] = "WMI"
@@ -253,11 +257,12 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
                 return False
             else:
                 self.doKerberos = True
-                self.check_if_admin()
+                if self.check_if_admin():
+                    out = f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
+                    self.logger.success(out)
+                    return True
                 dce.disconnect()
-                out = f"{self.domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
-                self.logger.success(out)
-                return True
+                return False
 
     def plaintext_login(self, domain, username, password):
         self.password = password
