refactor(kerberos): unify AES etype handling and use f-strings

azoxlpf · azoxlpf · commit f3e60e5ed61f · 2025-06-13T10:06:28.000+02:00
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -1027,8 +1027,6 @@ def kerberoasting(self):
 
              return
 
-
-
         # Building the search filter
         searchFilter = "(&(servicePrincipalName=*)(!(objectCategory=computer)))"
         attributes = [
@@ -1484,5 +1482,3 @@ def bloodhound(self):
                 if each_file.startswith(self.output_filename.split("/")[-1]) and each_file.endswith("json"):
                     z.write(each_file)
                     os.remove(each_file)
-
-
diff --git a/nxc/protocols/ldap/kerberos.py b/nxc/protocols/ldap/kerberos.py
@@ -111,41 +111,22 @@ def output_tgs_from_asrep(self, asrep_blob, spn, fd=None):
         etype  = enc['etype']
         cipher = enc['cipher'].asOctets()
 
-        if etype == constants.EncryptionTypes.rc4_hmac.value:                  # 23
+        service = spn.split('/')[0]
+        spn_fmt = spn.replace(":", "~")
+
+        if etype == constants.EncryptionTypes.rc4_hmac.value:  # 23
             chk  = hexlify(cipher[:16]).decode()
             data = hexlify(cipher[16:]).decode()
-            entry = "$krb5tgs${}$*{}${}${}*${}${}".format(
-                etype,
-                spn.split('/')[0],
-                realm,
-                spn.replace(":", "~"),
-                chk,
-                data,
-            )
+            entry = f"$krb5tgs${etype}*{service}${realm}${spn_fmt}*${chk}${data}"
 
-        elif etype == constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value: # 17
+        elif etype in (
+            constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value,  # 17
+            constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value,  # 18
+        ):
             chk  = hexlify(cipher[-12:]).decode()
             data = hexlify(cipher[:-12]).decode()
-            entry = "$krb5tgs${}${}${}$*{}*${}${}".format(
-                etype,
-                spn.split('/')[0],
-                realm,
-                spn.replace(":", "~"),
-                chk,
-                data,
-            )
+            entry = f"$krb5tgs${etype}${service}${realm}$*{spn_fmt}*${chk}${data}"
 
-        elif etype == constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value: # 18
-            chk  = hexlify(cipher[-12:]).decode()
-            data = hexlify(cipher[:-12]).decode()
-            entry = "$krb5tgs${}${}${}$*{}*${}${}".format(
-                etype,
-                spn.split('/')[0],
-                realm,
-                spn.replace(":", "~"),
-                chk,
-                data,
-            )
         else:
             self.logger.fail(f"[{spn}] etype {etype} not supported")
             return None
