Module: Msf::Exploit::Remote::Kerberos::Ticket::Storage::WriteMixin

Included in:
ReadWrite, WriteOnly
Defined in:
lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb

Overview

A mixin providing the ability to store new and delete existing tickets.

Instance Method Summary collapse

Instance Method Details

#activate_ccache(ids:) ⇒ Array<StoredTicket>

Mark ccache(s) as active

Parameters:

  • ids (Array<Integer>)

    The list of ccache IDs.

Returns:



50
51
52
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 50

def activate_ccache(ids:)
  set_ccache_status(ids: ids, status: 'active')
end

#deactivate_ccache(ids:) ⇒ Array<StoredTicket>

Mark ccache(s) as inactive

Parameters:

  • ids (Array<Integer>)

    The list of ccache IDs.

Returns:



45
46
47
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 45

def deactivate_ccache(ids:)
  set_ccache_status(ids: ids, status: 'inactive')
end

#delete_tickets(options = {}) ⇒ Array<StoredTicket>

Delete tickets matching the options query.

Parameters:

  • options (Hash) (defaults to: {})

    See the options hash description in #tickets.

Options Hash (options):

  • :ids (Array<Integer>)

    The identifiers of the tickets to delete (optional)

Returns:



5
6
7
8
9
10
11
12
13
14
15
16
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 5

def delete_tickets(options = {})
  if options.keys == [:ids]
    # skip calling #objects which issues a query when the IDs are specified
    ids = options[:ids]
  else
    ids = objects(options).map(&:id)
  end

  framework.db.delete_loot(ids: ids).map do |stored_loot|
    StoredTicket.new(stored_loot)
  end
end

#store_ccache(ccache, options = {}) ⇒ Hash

Store the specified object.

Parameters:

Returns:

  • (Hash)
    • :path [String] The path to the persisted ccache file if successful



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 19

def store_ccache(ccache, options = {})
  realm = options.fetch(:realm) { ccache.default_principal.realm }
  # use #components.to_a.join('/') to omit the realm that #to_s includes
  client = options.fetch(:client) { ccache.credentials.first&.client&.components.to_a.join('/') }
  server = options.fetch(:server) { ccache.credentials.first&.server&.components.to_a.join('/') }
  info = generate_info_string(realm: realm, client: client, server: server)
  loot = nil
  path = store_loot('mit.kerberos.ccache', 'application/octet-stream', options[:host], ccache.encode, nil, info) do |mdm_loot|
    loot = mdm_loot
  end
  message = ''
  if @framework_module.respond_to?(:peer) && @framework_module.peer.present? && @framework_module.peer != ':'
    message << "#{@framework_module.peer} - "
  end
  if server && server.to_s.downcase.start_with?('krbtgt/')
    message << 'TGT '
  else
    message << 'TGS '
  end
  message << "MIT Credential Cache ticket saved to #{path}"
  print_status(message)

  { path: path, loot: loot }
end