MCPcopy Index your code
hub / github.com/secdev/scapy / krb_tgs_req

Function krb_tgs_req

scapy/layers/kerberos.py:4277–4344  ·  view source on GitHub ↗

r""" Kerberos TGS-Req :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" or "user@DOMAIN" :param spn: the full service principal name (e.g. "cifs/srv1") :param sessionkey: the session key retrieved from the tgt :param ticket: the tgt ti

(
    upn,
    spn,
    sessionkey,
    ticket,
    ip=None,
    renew=False,
    realm=None,
    additional_tickets=[],
    u2u=False,
    etypes=None,
    for_user=None,
    s4u2proxy=False,
    **kwargs,
)

Source from the content-addressed store, hash-verified

4275
4276
4277def krb_tgs_req(
4278 upn,
4279 spn,
4280 sessionkey,
4281 ticket,
4282 ip=None,
4283 renew=False,
4284 realm=None,
4285 additional_tickets=[],
4286 u2u=False,
4287 etypes=None,
4288 for_user=None,
4289 s4u2proxy=False,
4290 **kwargs,
4291):
4292 r"""
4293 Kerberos TGS-Req
4294
4295 :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user"
4296 or "user@DOMAIN"
4297 :param spn: the full service principal name (e.g. "cifs/srv1")
4298 :param sessionkey: the session key retrieved from the tgt
4299 :param ticket: the tgt ticket
4300 :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for
4301 _kerberos._tcp.dc._msdcs.domain.local).
4302 :param renew: ask for renewal
4303 :param realm: (optional) the realm to use. Otherwise use the one from SPN.
4304 :param additional_tickets: (optional) a list of additional tickets to pass.
4305 :param u2u: (optional) if specified, enable U2U and request the ticket to be
4306 signed using the session key from the first additional ticket.
4307 :param etypes: array of EncryptionType values.
4308 By default: AES128, AES256, RC4, DES_MD5
4309 :param for_user: a user principal name to request the ticket for. This is the
4310 S4U2Self extension.
4311
4312 :return: returns a named tuple (tgsrep=<...>, sessionkey=<...>)
4313
4314 Example::
4315
4316 >>> # The KDC is on 192.168.122.17, we ask a TGT for user1
4317 >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1")
4318
4319 Equivalent::
4320
4321 >>> from scapy.libs.rfc3961 import Key, EncryptionType
4322 >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546
4323 ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9"))
4324 >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key)
4325 """
4326 cli = KerberosClient(
4327 mode=KerberosClient.MODE.TGS_REQ,
4328 realm=realm,
4329 upn=upn,
4330 ip=ip,
4331 spn=spn,
4332 key=sessionkey,
4333 ticket=ticket,
4334 renew=renew,

Callers 5

request_stMethod · 0.90
renewMethod · 0.90
krb_as_and_tgsFunction · 0.85
kpasswdFunction · 0.85
GSS_Init_sec_contextMethod · 0.85

Calls 3

KerberosClientClass · 0.85
runMethod · 0.45
stopMethod · 0.45

Tested by

no test coverage detected