r""" Kerberos TGS-Req :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" or "user@DOMAIN" :param spn: the full service principal name (e.g. "cifs/srv1") :param sessionkey: the session key retrieved from the tgt :param ticket: the tgt ti
(
upn,
spn,
sessionkey,
ticket,
ip=None,
renew=False,
realm=None,
additional_tickets=[],
u2u=False,
etypes=None,
for_user=None,
s4u2proxy=False,
**kwargs,
)
| 4275 | |
| 4276 | |
| 4277 | def krb_tgs_req( |
| 4278 | upn, |
| 4279 | spn, |
| 4280 | sessionkey, |
| 4281 | ticket, |
| 4282 | ip=None, |
| 4283 | renew=False, |
| 4284 | realm=None, |
| 4285 | additional_tickets=[], |
| 4286 | u2u=False, |
| 4287 | etypes=None, |
| 4288 | for_user=None, |
| 4289 | s4u2proxy=False, |
| 4290 | **kwargs, |
| 4291 | ): |
| 4292 | r""" |
| 4293 | Kerberos TGS-Req |
| 4294 | |
| 4295 | :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" |
| 4296 | or "user@DOMAIN" |
| 4297 | :param spn: the full service principal name (e.g. "cifs/srv1") |
| 4298 | :param sessionkey: the session key retrieved from the tgt |
| 4299 | :param ticket: the tgt ticket |
| 4300 | :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for |
| 4301 | _kerberos._tcp.dc._msdcs.domain.local). |
| 4302 | :param renew: ask for renewal |
| 4303 | :param realm: (optional) the realm to use. Otherwise use the one from SPN. |
| 4304 | :param additional_tickets: (optional) a list of additional tickets to pass. |
| 4305 | :param u2u: (optional) if specified, enable U2U and request the ticket to be |
| 4306 | signed using the session key from the first additional ticket. |
| 4307 | :param etypes: array of EncryptionType values. |
| 4308 | By default: AES128, AES256, RC4, DES_MD5 |
| 4309 | :param for_user: a user principal name to request the ticket for. This is the |
| 4310 | S4U2Self extension. |
| 4311 | |
| 4312 | :return: returns a named tuple (tgsrep=<...>, sessionkey=<...>) |
| 4313 | |
| 4314 | Example:: |
| 4315 | |
| 4316 | >>> # The KDC is on 192.168.122.17, we ask a TGT for user1 |
| 4317 | >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") |
| 4318 | |
| 4319 | Equivalent:: |
| 4320 | |
| 4321 | >>> from scapy.libs.rfc3961 import Key, EncryptionType |
| 4322 | >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 |
| 4323 | ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) |
| 4324 | >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key) |
| 4325 | """ |
| 4326 | cli = KerberosClient( |
| 4327 | mode=KerberosClient.MODE.TGS_REQ, |
| 4328 | realm=realm, |
| 4329 | upn=upn, |
| 4330 | ip=ip, |
| 4331 | spn=spn, |
| 4332 | key=sessionkey, |
| 4333 | ticket=ticket, |
| 4334 | renew=renew, |
no test coverage detected