r""" Kerberos AS-Req :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" or "user@DOMAIN" :param spn: (optional) the full service principal name. Defaults to "krbtgt/ " :param ip: the KDC ip. (optional. If not provided,
(
upn: str,
spn: Optional[str] = None,
ip: Optional[str] = None,
key: Optional["Key"] = None,
password: Optional[str] = None,
realm: Optional[str] = None,
host: str = "WIN10",
p12: Optional[str] = None,
x509: Optional[Union[str, Cert]] = None,
x509key: Optional[Union[str, PrivKey]] = None,
**kwargs,
)
| 4197 | |
| 4198 | |
| 4199 | def krb_as_req( |
| 4200 | upn: str, |
| 4201 | spn: Optional[str] = None, |
| 4202 | ip: Optional[str] = None, |
| 4203 | key: Optional["Key"] = None, |
| 4204 | password: Optional[str] = None, |
| 4205 | realm: Optional[str] = None, |
| 4206 | host: str = "WIN10", |
| 4207 | p12: Optional[str] = None, |
| 4208 | x509: Optional[Union[str, Cert]] = None, |
| 4209 | x509key: Optional[Union[str, PrivKey]] = None, |
| 4210 | **kwargs, |
| 4211 | ): |
| 4212 | r""" |
| 4213 | Kerberos AS-Req |
| 4214 | |
| 4215 | :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" |
| 4216 | or "user@DOMAIN" |
| 4217 | :param spn: (optional) the full service principal name. |
| 4218 | Defaults to "krbtgt/<realm>" |
| 4219 | :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for |
| 4220 | _kerberos._tcp.dc._msdcs.domain.local). |
| 4221 | :param key: (optional) pass the Key object. |
| 4222 | :param password: (optional) otherwise, pass the user's password |
| 4223 | :param x509: (optional) pass a x509 certificate for PKINIT. |
| 4224 | :param x509key: (optional) pass the private key of the x509 certificate for PKINIT. |
| 4225 | :param p12: (optional) use a pfx/p12 instead of x509 and x509key. In this case, |
| 4226 | 'password' is the password of the p12. |
| 4227 | :param realm: (optional) the realm to use. Otherwise use the one from UPN. |
| 4228 | :param host: (optional) the host performing the AS-Req. WIN10 by default. |
| 4229 | |
| 4230 | :return: returns a named tuple (asrep=<...>, sessionkey=<...>) |
| 4231 | |
| 4232 | Example:: |
| 4233 | |
| 4234 | >>> # The KDC is found via DC Locator, we ask a TGT for user1 |
| 4235 | >>> krb_as_req("user1@DOMAIN.LOCAL", password="Password1") |
| 4236 | |
| 4237 | Equivalent:: |
| 4238 | |
| 4239 | >>> from scapy.libs.rfc3961 import Key, EncryptionType |
| 4240 | >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 |
| 4241 | ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) |
| 4242 | >>> krb_as_req("user1@DOMAIN.LOCAL", ip="192.168.122.17", key=key) |
| 4243 | |
| 4244 | Example using PKINIT with a p12:: |
| 4245 | |
| 4246 | >>> krb_as_req("user1@DOMAIN.LOCAL", p12="./store.p12", password="password") |
| 4247 | """ |
| 4248 | if realm is None: |
| 4249 | _, realm = _parse_upn(upn) |
| 4250 | if key is None and p12 is None and x509 is None: |
| 4251 | if password is None: |
| 4252 | try: |
| 4253 | from prompt_toolkit import prompt |
| 4254 | |
| 4255 | password = prompt("Enter password: ", is_password=True) |
| 4256 | except ImportError: |
no test coverage detected