Module: Msf::Exploit::Remote::Kerberos::Ticket::Storage::WriteMixin

Included in:
ReadWrite, WriteOnly
Defined in:
lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb

Overview

A mixin providing the ability to store new and delete existing tickets.

Instance Method Summary collapse

Instance Method Details

#activate_ccache(ids:) ⇒ Array<StoredTicket>

Mark ccache(s) as active

Parameters:

  • ids (Array<Integer>)

    The list of ccache IDs.

Returns:

[View source]

50
51
52
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 50

def activate_ccache(ids:)
  set_ccache_status(ids: ids, status: 'active')
end

#deactivate_ccache(ids:) ⇒ Array<StoredTicket>

Mark ccache(s) as inactive

Parameters:

  • ids (Array<Integer>)

    The list of ccache IDs.

Returns:

[View source]

45
46
47
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 45

def deactivate_ccache(ids:)
  set_ccache_status(ids: ids, status: 'inactive')
end

#delete_tickets(options = {}) ⇒ Array<StoredTicket>

Delete tickets matching the options query.

Parameters:

  • options (Hash) (defaults to: {})

    See the options hash description in #tickets.

Options Hash (options):

  • :ids (Array<Integer>)

    The identifiers of the tickets to delete (optional)

Returns:

[View source]

5
6
7
8
9
10
11
12
13
14
15
16
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 5

def delete_tickets(options = {})
  if options.keys == [:ids]
    # skip calling #objects which issues a query when the IDs are specified
    ids = options[:ids]
  else
    ids = objects(options).map(&:id)
  end

  framework.db.delete_loot(ids: ids).map do |stored_loot|
    StoredTicket.new(stored_loot)
  end
end

#store_ccache(ccache, options = {}) ⇒ Hash

Store the specified object.

Parameters:

Returns:

  • (Hash)
    • :path [String] The path to the persisted ccache file if successful

[View source]

19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb', line 19

def store_ccache(ccache, options = {})
  realm = options.fetch(:realm) { ccache.default_principal.realm }
  # use #components.to_a.join('/') to omit the realm that #to_s includes
  client = options.fetch(:client) { ccache.credentials.first&.client&.components.to_a.join('/') }
  server = options.fetch(:server) { ccache.credentials.first&.server&.components.to_a.join('/') }
  info = generate_info_string(realm: realm, client: client, server: server)
  loot = nil
  path = store_loot('mit.kerberos.ccache', 'application/octet-stream', options[:host], ccache.encode, nil, info) do |mdm_loot|
    loot = mdm_loot
  end
  message = ''
  if @framework_module.respond_to?(:peer) && @framework_module.peer.present? && @framework_module.peer != ':'
    message << "#{@framework_module.peer} - "
  end
  if server && server.to_s.downcase.start_with?('krbtgt/')
    message << 'TGT '
  else
    message << 'TGS '
  end
  message << "MIT Credential Cache ticket saved to #{path}"
  print_status(message)

  { path: path, loot: loot }
end