Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing #263 #271

Merged
merged 5 commits into from
Apr 27, 2024
Merged

Fixing #263 #271

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
12779c4
Change strings to format strings, to prevent concatination errors
NeffIsBack Apr 21, 2024
7987704
Remove deprecated utcnow() function, add better exception handling an…
NeffIsBack Apr 21, 2024
f649c04
Check if we got a TGT
NeffIsBack Apr 21, 2024
d9ce7a4
Keep backwards compatability with datetime
NeffIsBack Apr 21, 2024
0d84189
Show exception only in debug mode
NeffIsBack Apr 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions nxc/protocols/ldap.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
if hash_tgt:
self.logger.highlight(f"{hash_tgt}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_tgt + "\n")
hash_asreproast.write(f"{hash_tgt}\n")
return False

kerb_pass = next(s for s in [self.nthash, password, aesKey] if s) if not all(s == "" for s in [self.nthash, password, aesKey]) else ""
Expand Down Expand Up @@ -436,7 +436,7 @@ def plaintext_login(self, domain, username, password):
if hash_tgt:
self.logger.highlight(f"{hash_tgt}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_tgt + "\n")
hash_asreproast.write(f"{hash_tgt}\n")
return False

try:
Expand Down Expand Up @@ -525,7 +525,7 @@ def hash_login(self, domain, username, ntlm_hash):
if hash_tgt:
self.logger.highlight(f"{hash_tgt}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_tgt + "\n")
hash_asreproast.write(f"{hash_tgt}\n")
return False

try:
Expand Down Expand Up @@ -886,7 +886,7 @@ def asreproast(self):
"lastLogon",
]
resp = self.search(search_filter, attributes, 0)
if resp == []:
if resp is None:
self.logger.highlight("No entries found!")
elif resp:
answers = []
Expand Down Expand Up @@ -930,10 +930,10 @@ def asreproast(self):
if len(answers) > 0:
for user in answers:
hash_TGT = KerberosAttacks(self).get_tgt_asroast(user[0])
hash_TGT = KerberosAttacks(self).get_tgt_asroast(user[0])
self.logger.highlight(f"{hash_TGT}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(hash_TGT + "\n")
if hash_TGT:
self.logger.highlight(f"{hash_TGT}")
with open(self.args.asreproast, "a+") as hash_asreproast:
hash_asreproast.write(f"{hash_TGT}\n")
return True
else:
self.logger.highlight("No entries found!")
Expand Down
28 changes: 15 additions & 13 deletions nxc/protocols/ldap/kerberos.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
import random
from binascii import hexlify, unhexlify
from datetime import datetime, timedelta
import traceback
try:
# This is only available in python >= 3.11
# if we are in a lower version, we will use the deprecated utcnow() method
from datetime import UTC
utc_failed = False
except ImportError:
utc_failed = True
from os import getenv

from impacket.krb5 import constants
from impacket.krb5.asn1 import (
TGS_REP,
AS_REQ,
KERB_PA_PAC_REQUEST,
KRB_ERROR,
AS_REP,
seq_set,
seq_set_iter,
)
from impacket.krb5.asn1 import TGS_REP, AS_REQ, AS_REP, KERB_PA_PAC_REQUEST, KRB_ERROR, seq_set, seq_set_iter
from impacket.krb5.ccache import CCache
from impacket.krb5.kerberosv5 import sendReceive, KerberosError, getKerberosTGT
from impacket.krb5.types import KerberosTime, Principal
Expand Down Expand Up @@ -211,7 +211,8 @@ def get_tgt_asroast(self, userName, requestPAC=True):
return None

req_body["realm"] = domain
now = datetime.utcnow() + timedelta(days=1)
# When we drop python 3.10 support utcnow() can be removed, as it is deprecated
now = datetime.utcnow() + timedelta(days=1) if utc_failed else datetime.now(UTC) + timedelta(days=1)
req_body["till"] = KerberosTime.to_asn1(now)
req_body["rtime"] = KerberosTime.to_asn1(now)
req_body["nonce"] = random.getrandbits(31)
Expand All @@ -235,10 +236,11 @@ def get_tgt_asroast(self, userName, requestPAC=True):
message = encoder.encode(as_req)
r = sendReceive(message, domain, self.kdcHost)
elif e.getErrorCode() == constants.ErrorCodes.KDC_ERR_KEY_EXPIRED.value:
return "Password of user " + userName + " expired but user doesn't require pre-auth"
return f"Password of user {userName} expired but user doesn't require pre-auth"
else:
nxc_logger.debug(e)
return False
nxc_logger.fail(e)
nxc_logger.debug(traceback.format_exc())
return None

# This should be the PREAUTH_FAILED packet or the actual TGT if the target principal has the
# 'Do not require Kerberos preauthentication' set
Expand Down
Loading