Skip to content

Commit

Permalink
Allow deleting tickets by ID
Browse files Browse the repository at this point in the history
  • Loading branch information
zeroSteiner committed Dec 15, 2022
1 parent e0799d7 commit 81d4b25
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
3 changes: 3 additions & 0 deletions lib/msf/core/exploit/remote/kerberos/ticket/storage/base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ def initialize(framework: nil, framework_module: nil)
# Delete tickets matching the options query.
#
# @param [Hash] options See the options hash description in {#tickets}.
# @option options [Array<Integer>] :ids The identifiers of the tickets to delete (optional)
# @return [Array<StoredTicket>]
def delete_tickets(options = {})
[]
Expand All @@ -29,6 +30,7 @@ def delete_tickets(options = {})
# @param [Hash] options The options for matching tickets. The :realm, :server, :client and :status options are all
# processed as a group. If any one or more of them are specified, they are all used for filtering. It can not for
# example specify client and fetch all tickets for a particular client where the server is different.
# @option options [Integer, Array<Integer>] :id The identifier of the ticket (optional)
# @option options [String] :host The host for the ticket (optional)
# @option options [String] :realm The realm of the ticket (optional)
# @option options [String] :server The service name of the ticket (optional)
Expand Down Expand Up @@ -88,6 +90,7 @@ def objects(options, &block)
return [] unless active_db?

filter = {}
filter[:id] = options[:id] if options[:id].present?
filter[:host] = options[:host] if options[:host].present?
unless (info = loot_info(options)).blank?
filter[:info] = info
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,14 @@ module Msf::Exploit::Remote::Kerberos::Ticket::Storage
module WriteMixin
# (see Base#delete_tickets)
def delete_tickets(options = {})
objects = objects(options)
framework.db.delete_loot(ids: objects.map(&:id))
objects.map do |stored_loot|
if options.keys == [:ids]
# skip calling #objects which issues a query when the IDs are specified
ids = options[:ids]
else
ids = objects(options).map(&:id)
end

framework.db.delete_loot(ids: ids).map do |stored_loot|
StoredTicket.new(stored_loot)
end
end
Expand Down

0 comments on commit 81d4b25

Please sign in to comment.