Use kerberos with no-preauth and allow preauth authentication if flag is set

NeffIsBack · NeffIsBack · commit 9e780c71a942 · 2025-06-16T08:53:50.000-04:00
diff --git a/nxc/connection.py b/nxc/connection.py
@@ -136,7 +136,11 @@ def __init__(self, args, db, target):
         # Authentication info
         self.password = ""
         self.username = ""
-        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey or (hasattr(self.args, "delegate") and self.args.delegate))
+        self.kerberos = bool(self.args.kerberos or
+                             self.args.use_kcache or
+                             self.args.aesKey or
+                             (hasattr(self.args, "delegate") and self.args.delegate) or
+                             (hasattr(self.args, "no_preauth") and self.args.no_preauth))
         self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
         self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
         self.admin_privs = False
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -409,7 +409,11 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
                 f"{domain}\\{self.username}{' account vulnerable to asreproast attack'} {''}",
                 color="yellow",
             )
-            return False
+            # If no preauth is set, we want to be able to execute commands such as --kerberoasting
+            if self.args.no_preauth:  # noqa: SIM103
+                return True
+            else:
+                return False
         except SessionError as e:
             error, desc = e.getErrorString()
             used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
