MCPcopy Index your code
hub / github.com/secdev/scapy / kpasswd

Function kpasswd

scapy/layers/kerberos.py:4385–4561  ·  view source on GitHub ↗

Change a password using RFC3244's Kerberos Set / Change Password. :param upn: the UPN to use for authentication :param targetupn: (optional) the UPN to change the password of. If not specified, same as upn. :param ip: the KDC ip. (optional. If not provided, Sc

(
    upn,
    targetupn=None,
    ip=None,
    password=None,
    newpassword=None,
    key=None,
    ticket=None,
    realm=None,
    ssp=None,
    setpassword=None,
    timeout=3,
    port=464,
    debug=0,
    **kwargs,
)

Source from the content-addressed store, hash-verified

4383
4384
4385def kpasswd(
4386 upn,
4387 targetupn=None,
4388 ip=None,
4389 password=None,
4390 newpassword=None,
4391 key=None,
4392 ticket=None,
4393 realm=None,
4394 ssp=None,
4395 setpassword=None,
4396 timeout=3,
4397 port=464,
4398 debug=0,
4399 **kwargs,
4400):
4401 """
4402 Change a password using RFC3244's Kerberos Set / Change Password.
4403
4404 :param upn: the UPN to use for authentication
4405 :param targetupn: (optional) the UPN to change the password of. If not specified,
4406 same as upn.
4407 :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for
4408 _kerberos._tcp.dc._msdcs.domain.local).
4409 :param key: (optional) pass the Key object.
4410 :param ticket: (optional) a ticket to use. Either a TGT or ST for kadmin/changepw.
4411 :param password: (optional) otherwise, pass the user's password
4412 :param realm: (optional) the realm to use. Otherwise use the one from UPN.
4413 :param setpassword: (optional) use "Set Password" mechanism.
4414 :param ssp: (optional) a Kerberos SSP for the service kadmin/changepw@REALM.
4415 If provided, you probably don't need anything else. Otherwise built.
4416 """
4417 from scapy.layers.ldap import dclocator
4418
4419 if not realm:
4420 _, realm = _parse_upn(upn)
4421 spn = "kadmin/changepw@%s" % realm
4422 if ip is None:
4423 ip = dclocator(
4424 realm,
4425 timeout=timeout,
4426 # Use connect mode instead of ldap for compatibility
4427 # with MIT kerberos servers
4428 mode="connect",
4429 port=port,
4430 debug=debug,
4431 ).ip
4432 if ssp is None and ticket is not None:
4433 tktspn = ticket.getSPN().split("/")[0]
4434 assert tktspn in ["krbtgt", "kadmin"], "Unexpected ticket type ! %s" % tktspn
4435 if tktspn == "krbtgt":
4436 log_runtime.info(
4437 "Using 'Set Password' mode. This only works with admin privileges."
4438 )
4439 setpassword = True
4440 resp = krb_tgs_req(
4441 upn=upn,
4442 spn=spn,

Callers 1

kpasswdsetMethod · 0.90

Calls 15

GSS_Init_sec_contextMethod · 0.95
dclocatorFunction · 0.90
warningFunction · 0.90
StreamSocketClass · 0.90
ASN1_INTEGERClass · 0.90
ASN1_STRINGClass · 0.90
_parse_upnFunction · 0.85
krb_tgs_reqFunction · 0.85
krb_as_reqFunction · 0.85
KerberosSSPClass · 0.85
KRB_PRIVClass · 0.85
EncryptedDataClass · 0.85

Tested by

no test coverage detected