Module: Msf::Exploit::Remote::Kerberos::Ticket::Storage::ReadMixin

Included in:

ReadOnly, ReadWrite

Defined in:

lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb

Overview

A mixin providing the ability to read previously stored tickets.

Instance Method Summary

• #load_credential(options = {}) ⇒ Rex::Proto::Kerberos::CredentialCache::Krb5CcacheCredential^?

  Load a stored credential object that is suitable for authentication.

• #tickets(options = {}, &block) ⇒ Array<StoredTicket>

  Get stored tickets matching the options query.

Instance Method Details

#load_credential(options = {}) ⇒ Rex::Proto::Kerberos::CredentialCache::Krb5CcacheCredential^?

Load a stored credential object that is suitable for authentication.

Parameters:

• options (Hash) (defaults to: {}) —

  See the options description in #tickets.

Returns:

• (Rex::Proto::Kerberos::CredentialCache::Krb5CcacheCredential, nil) —

  credential The credential if one was found.

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb', line 5

def load_credential(options = {})
  return nil unless active_db?

  now = Time.now.utc
  tickets(options) do |ticket|
    next if ticket.expired?(now)

    return ticket.ccache.credentials.first
  end

  nil
end

#tickets(options = {}, &block) ⇒ Array<StoredTicket>

Get stored tickets matching the options query.

Parameters:

• options (Hash) (defaults to: {}) —

  The options for matching tickets. The :realm, :server, :client and :status options are all processed as a group. If any one or more of them are specified, they are all used for filtering. It can not for example specify client and fetch all tickets for a particular client where the server is different.

Options Hash (options):

• :id (Integer, Array<Integer>) —

  The identifier of the ticket (optional)

• :host (String) —

  The host for the ticket (optional)

• :realm (String) —

  The realm of the ticket (optional)

• :server (String) —

  The service name of the ticket (optional)

• :client (String) —

  The client username of the ticket (optional)

• :status (Symbol) —

  The ticket status, defaults to valid (optional)

Returns:

• (Array<StoredTicket>)

# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb', line 19

def tickets(options = {}, &block)
  objects(options).map do |stored_loot|
    stored_ticket = StoredTicket.new(stored_loot)
    block.call(stored_ticket) if block_given?
    stored_ticket
  end
end