Module: Msf::Exploit::Remote::Kerberos::Ticket::Storage

Included in:

LDAP, MSSQL, SMB::Client::Authenticated, WinRM, Rex::Proto::MSSQL::Client

Defined in:

lib/msf/core/exploit/remote/kerberos/ticket/storage.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/base.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/none.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/read_only.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/read_write.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/write_only.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/stored_ticket.rb

Defined Under Namespace

Modules: ReadMixin, WriteMixin Classes: Base, None, ReadOnly, ReadWrite, StoredTicket, WriteOnly

Class Method Summary

• .store_ccache(ccache, options = {}) ⇒ Object

  Storage a credential cache object.

Instance Method Summary

• #initialize(info = {}) ⇒ Object
• #kerberos_storage_options(protocol:) ⇒ Array<Msf::OptEnum>
• #kerberos_ticket_storage(options = {}) ⇒ Object

  Build a ticket storage object based on either the specified options or the datastore if no options are defined.

Class Method Details

.store_ccache(ccache, options = {}) ⇒ Object

Storage a credential cache object.

Parameters:

• options (Hash) (defaults to: {}) —

  See the options description in Base#tickets.

Options Hash (options):

• The (Msf::Module) —

  framework module associated with the store operation.

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 9

def self.store_ccache(ccache, options = {})
  driver = WriteOnly.new(framework_module: options[:framework_module])
  driver.store_ccache(ccache, options)
end

Instance Method Details

#initialize(info = {}) ⇒ Object

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 14

def initialize(info = {})
  super
end

#kerberos_storage_options(protocol:) ⇒ Array<Msf::OptEnum>

Parameters:

• protocol (String) —

  The service protocol type, i.e. smb/ldap/winrm/mssql

Returns:

• (Array<Msf::OptEnum>)

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 20

def kerberos_storage_options(protocol:)
  option_conditions = ["#{protocol}::Auth", '==', 'kerberos']
  [
    Msf::OptEnum.new(
      'KrbCacheMode',
      [
        true,
        'Kerberos ticket cache storage mode',
        'read-write',
        %w[none read-only write-only read-write]
      ],
      conditions: option_conditions
    )
  ]
end

#kerberos_ticket_storage(options = {}) ⇒ Object

Build a ticket storage object based on either the specified options or the datastore if no options are defined.

Parameters:

• options (Hash) (defaults to: {}) —

  Options used to select the ticket storage driver backend. If this option is present, it overrides the datastore configuration. All options it contains default to true, meaning it should only be necessary to specify the operations (e.g. read) that should be disabled.

Options Hash (options):

• read (Boolean) —

  Whether or not the storage mechanism should support reading

• write (Boolean) —

  Whether or not the storage mechanism should support writing

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 43

def kerberos_ticket_storage(options = {})
  if options.present?
    case [options.fetch(:read, true), options.fetch(:write, true)]
    when [false, false]
      mode = 'none'
    when [false, true]
      mode = 'write-only'
    when [true, false]
      mode = 'read-only'
    when [true, true]
      mode = 'read-write'
    end
  else
    mode = datastore['KrbCacheMode']
  end

  case mode
  when 'none'
    None.new(framework_module: self)
  when 'read-only'
    ReadOnly.new(framework_module: self)
  when 'write-only'
    WriteOnly.new(framework_module: self)
  when 'read-write'
    ReadWrite.new(framework_module: self)
  end
end