Merge pull request Pennyw0rth#393 from Pennyw0rth/neff-fix-kerberos

NeffIsBack · web-flow · commit e14be335c302 · 2024-09-01T12:44:29.000+02:00
Fix issues with kerberos and non NTLM domains
diff --git a/nxc/connection.py b/nxc/connection.py
@@ -134,7 +134,7 @@ def __init__(self, args, db, target):
         # Authentication info
         self.password = ""
         self.username = ""
-        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey)
+        self.kerberos = bool(self.args.kerberos or self.args.use_kcache or self.args.aesKey or (hasattr(self.args, "delegate") and self.args.delegate))
         self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
         self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
         self.admin_privs = False
@@ -157,7 +157,7 @@ def __init__(self, args, db, target):
         else:
             return
 
-        if self.args.kerberos:
+        if self.kerberos:
             self.host = self.hostname
 
         self.logger.info(f"Socket info: host={self.host}, hostname={self.hostname}, kerberos={self.kerberos}, ipv6={self.is_ipv6}, link-local ipv6={self.is_link_local_ipv6}")
@@ -469,8 +469,6 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
             return False
         if self.args.continue_on_success and owned:
             return False
-        if hasattr(self.args, "delegate") and self.args.delegate:
-            self.args.kerberos = True
 
         if self.args.jitter:
             jitter = self.args.jitter
@@ -485,7 +483,7 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
 
         with sem:
             if cred_type == "plaintext":
-                if self.args.kerberos:
+                if self.kerberos:
                     self.logger.debug("Trying to authenticate using Kerberos")
                     return self.kerberos_login(domain, username, secret, "", "", self.kdcHost, False)
                 elif hasattr(self.args, "domain"):  # Some protocols don't use domain for login
@@ -498,7 +496,7 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
                     self.logger.debug("Trying to authenticate using plaintext")
                     return self.plaintext_login(username, secret)
             elif cred_type == "hash":
-                if self.args.kerberos:
+                if self.kerberos:
                     return self.kerberos_login(domain, username, "", secret, "", self.kdcHost, False)
                 return self.hash_login(domain, username, secret)
             elif cred_type == "aesKey":
diff --git a/nxc/protocols/ldap/laps.py b/nxc/protocols/ldap/laps.py
@@ -356,7 +356,7 @@ def laps_search(self, username, password, cred_type, domain, dns_server):
     password = msMCSAdmPwd
     domain = self.hostname
     self.args.local_auth = True
-    self.args.kerberos = False
+    self.kerberos = False
     self.logger.extra["protocol"] = prev_protocol
     self.logger.extra["port"] = prev_port
     return username, password, domain
