async def amain(args):
cu = KerberosClientURL.from_url(args.kerberos_connection_url)
ccred = cu.get_creds()
target = cu.get_target()
service_spn = KerberosSPN.from_target_string(args.spn)
target_user = KerberosSPN.from_user_email(args.targetuser)
if not ccred.ccache:
logger.debug('Getting TGT')
client = AIOKerberosClient(ccred, target)
await client.get_TGT()
logger.debug('Getting ST')
tgs, encTGSRepPart, key = await client.getST(target_user, service_spn)
else:
logger.debug('Getting TGS via TGT from CCACHE')
for tgt, key in ccred.ccache.get_all_tgt():
try:
logger.info('Trying to get SPN with %s' % '!'.join(tgt['cname']['name-string']))
client = AIOKerberosClient.from_tgt(target, tgt, key)
tgs, encTGSRepPart, key = await client.getST(target_user, service_spn)
logger.info('Sucsess!')
except Exception as e:
logger.debug('This ticket is not usable it seems Reason: %s' % e)
continue
else:
break
client.ccache.to_file(args.ccache)
logger.info('Done!')
async def s4u(url, spn, targetuser, out_file=None):
try:
logger.debug('[KERBEROS][S4U] Started')
cu = KerberosClientURL.from_url(url)
ccred = cu.get_creds()
target = cu.get_target()
service_spn = KerberosSPN.from_target_string(spn)
target_user = KerberosSPN.from_user_email(targetuser)
if not ccred.ccache:
logger.debug('[KERBEROS][S4U] Getting TGT')
client = AIOKerberosClient(ccred, target)
await client.get_TGT()
logger.debug('[KERBEROS][S4U] Getting ST')
tgs, encTGSRepPart, key = await client.getST(
target_user, service_spn)
else:
logger.debug('[KERBEROS][S4U] Getting TGS via TGT from CCACHE')
for tgt, key in ccred.ccache.get_all_tgt():
try:
logger.debug('[KERBEROS][S4U] Trying to get SPN with %s' %
'!'.join(tgt['cname']['name-string']))
client = AIOKerberosClient.from_tgt(target, tgt, key)
tgs, encTGSRepPart, key = await client.getST(
target_user, service_spn)
logger.debug('[KERBEROS][S4U] Sucsess!')
except Exception as e:
logger.debug(
'[KERBEROS][S4U] This ticket is not usable it seems Reason: %s'
% e)
continue
else:
break
if out_file:
client.ccache.to_file(out_file)
logger.debug('[KERBEROS][S4U] Done!')
return tgs, encTGSRepPart, key, None
except Exception as e:
return None, None, None, e
def build(self):
if self.creds.auth_method == LDAPAuthProtocol.SICILY:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception(
'NTLM authentication requres password/NT hash!')
if len(self.creds.password) == 32:
try:
bytes.fromhex(self.creds.password)
except:
ntlmcred.password = self.creds.password
else:
ntlmcred.nt_hash = self.creds.password
else:
ntlmcred.password = self.creds.password
settings = NTLMHandlerSettings(ntlmcred)
return NTLMAUTHHandler(settings)
elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE:
cred = MSLDAPPLAINCredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method == LDAPAuthProtocol.PLAIN:
cred = MSLDAPSIMPLECredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method in [
LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT
]:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception('NTLM authentication requres password!')
if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD:
ntlmcred.password = self.creds.password
elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT:
ntlmcred.nt_hash = self.creds.password
else:
raise Exception('Unknown NTLM auth method!')
settings = NTLMHandlerSettings(ntlmcred)
handler = NTLMAUTHHandler(settings)
##setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT,
LDAPAuthProtocol.KERBEROS_AES,
LDAPAuthProtocol.KERBEROS_PASSWORD,
LDAPAuthProtocol.KERBEROS_CCACHE,
LDAPAuthProtocol.KERBEROS_KEYTAB
]:
if self.target is None:
raise Exception('Target must be specified with Kerberos!')
if self.target.host is None:
raise Exception(
'target must have a domain name or hostname for kerberos!')
if self.target.dc_ip is None:
raise Exception('target must have a dc_ip for kerberos!')
kcred = MSLDAPKerberosCredential()
kc = KerberosCredential()
kc.username = self.creds.username
kc.domain = self.creds.domain
kcred.enctypes = []
if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD:
kc.password = self.creds.password
kcred.enctypes = [23, 17, 18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT:
kc.nt_hash = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES:
if len(self.creds.password) == 32:
kc.kerberos_key_aes_128 = self.creds.password
kcred.enctypes = [17]
elif len(self.creds.password) == 64:
kc.kerberos_key_aes_256 = self.creds.password
kcred.enctypes = [18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4:
kc.kerberos_key_rc4 = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE:
kc.ccache = self.creds.password
kcred.enctypes = [23, 17, 18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB:
kc.keytab = self.creds.password
kcred.enctypes = [23, 17, 18]
else:
raise Exception(
'No suitable secret type found to set up kerberos!')
if self.creds.etypes is not None:
kcred.enctypes = list(
set(self.creds.etypes).intersection(set(kcred.enctypes)))
kcred.ccred = kc
kcred.spn = KerberosSPN.from_target_string(
self.target.to_target_string())
kcred.target = KerberosTarget(self.target.dc_ip)
kcred.encrypt = self.creds.encrypt
if self.target.proxy is not None:
kcred.target.proxy = KerberosProxy()
kcred.target.proxy.type = self.target.proxy.type
kcred.target.proxy.target = copy.deepcopy(
self.target.proxy.target)
kcred.target.proxy.target.endpoint_ip = self.target.dc_ip
kcred.target.proxy.target.endpoint_port = 88
kcred.target.proxy.creds = copy.deepcopy(
self.target.proxy.auth)
handler = MSLDAPKerberos(kcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS:
if self.target is None:
raise Exception('Target must be specified with Kerberos SSPI!')
kerbcred = MSLDAPKerberosSSPICredential()
kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
kerbcred.spn = self.target.to_target_string()
kerbcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosSSPI(kerbcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM:
ntlmcred = MSLDAPNTLMSSPICredential()
ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMSSPI(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method.value.startswith('MULTIPLEXOR'):
if self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM,
LDAPAuthProtocol.MULTIPLEXOR_NTLM
]:
from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS,
LDAPAuthProtocol.MULTIPLEXOR_KERBEROS
]:
from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
def build(self):
if self.creds.auth_method == LDAPAuthProtocol.SICILY:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception(
'NTLM authentication requres password/NT hash!')
if len(self.creds.password) == 32:
try:
bytes.fromhex(self.creds.password)
except:
ntlmcred.password = self.creds.password
else:
ntlmcred.nt_hash = self.creds.password
else:
ntlmcred.password = self.creds.password
settings = NTLMHandlerSettings(ntlmcred)
return NTLMAUTHHandler(settings)
elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE:
cred = MSLDAPPLAINCredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method == LDAPAuthProtocol.PLAIN:
cred = MSLDAPSIMPLECredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method in [
LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT
]:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception('NTLM authentication requres password!')
if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD:
ntlmcred.password = self.creds.password
elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT:
ntlmcred.nt_hash = self.creds.password
else:
raise Exception('Unknown NTLM auth method!')
settings = NTLMHandlerSettings(ntlmcred)
handler = NTLMAUTHHandler(settings)
##setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT,
LDAPAuthProtocol.KERBEROS_AES,
LDAPAuthProtocol.KERBEROS_PASSWORD,
LDAPAuthProtocol.KERBEROS_CCACHE,
LDAPAuthProtocol.KERBEROS_KEYTAB,
LDAPAuthProtocol.KERBEROS_KIRBI, LDAPAuthProtocol.KERBEROS_PFX,
LDAPAuthProtocol.KERBEROS_PEM,
LDAPAuthProtocol.KERBEROS_CERTSTORE
]:
if self.target is None:
raise Exception('Target must be specified with Kerberos!')
if self.target.host is None:
raise Exception(
'target must have a domain name or hostname for kerberos!')
if self.target.dc_ip is None:
raise Exception('target must have a dc_ip for kerberos!')
kcred = MSLDAPKerberosCredential()
if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI:
kc = KerberosCredential.from_kirbi(self.creds.password,
self.creds.username,
self.creds.domain)
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE:
kc = KerberosCredential.from_ccache_file(
self.creds.password, self.creds.username,
self.creds.domain)
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB:
kc = KerberosCredential.from_kirbi(self.creds.password,
self.creds.username,
self.creds.domain)
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PFX:
kc = KerberosCredential.from_pfx_file(
self.creds.username,
self.creds.password,
username=self.creds.altname,
domain=self.creds.altdomain)
self.creds.username = kc.username
self.creds.domain = kc.domain
self.target.domain = kc.domain
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PEM:
kc = KerberosCredential.from_pem_file(
self.creds.username,
self.creds.password,
username=self.creds.altname,
domain=self.creds.altdomain)
self.creds.username = kc.username
self.creds.domain = kc.domain
self.target.domain = kc.domain
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CERTSTORE:
# username is the CN of the certificate
# secret is the name of the certstore, default: MY
certstore = self.creds.secret
if self.creds.secret is None:
certstore = 'MY'
kc = KerberosCredential.from_windows_certstore(
self.creds.username,
certstore,
username=self.creds.altname,
domain=self.creds.altdomain)
self.creds.username = kc.username
self.creds.domain = kc.domain
self.target.domain = kc.domain
else:
kc = KerberosCredential()
kc.username = self.creds.username
kc.domain = self.creds.domain
kcred.enctypes = []
if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD:
kc.password = self.creds.password
kcred.enctypes = [23, 17, 18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT:
kc.nt_hash = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES:
if len(self.creds.password) == 32:
kc.kerberos_key_aes_128 = self.creds.password
kcred.enctypes = [17]
elif len(self.creds.password) == 64:
kc.kerberos_key_aes_256 = self.creds.password
kcred.enctypes = [18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4:
kc.kerberos_key_rc4 = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE:
kcred.enctypes = [23, 17, 18] # TODO: fix this
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB:
kc.keytab = self.creds.password
kcred.enctypes = [23, 17, 18] # TODO: fix this
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI:
kcred.enctypes = [23, 17, 18] # TODO: fix this
elif self.creds.auth_method in [
LDAPAuthProtocol.KERBEROS_PFX,
LDAPAuthProtocol.KERBEROS_CERTSTORE,
LDAPAuthProtocol.KERBEROS_PEM
]:
kcred.enctypes = [17, 18]
else:
raise Exception(
'No suitable secret type found to set up kerberos!')
if self.creds.etypes is not None:
kcred.enctypes = list(
set(self.creds.etypes).intersection(set(kcred.enctypes)))
kcred.ccred = kc
kcred.spn = KerberosSPN.from_target_string(
self.target.to_target_string())
kcred.target = KerberosTarget(self.target.dc_ip)
kcred.encrypt = self.creds.encrypt
if self.target.proxy is not None:
kcred.target.proxy = KerberosProxy()
kcred.target.proxy.type = self.target.proxy.type
kcred.target.proxy.target = copy.deepcopy(
self.target.proxy.target)
kcred.target.proxy.target[-1].endpoint_ip = self.target.dc_ip
kcred.target.proxy.target[-1].endpoint_port = 88
handler = MSLDAPKerberos(kcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS:
if self.target is None:
raise Exception('Target must be specified with Kerberos SSPI!')
kerbcred = MSLDAPKerberosSSPICredential()
kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
kerbcred.spn = self.target.to_target_string()
kerbcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosSSPI(kerbcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM:
ntlmcred = MSLDAPNTLMSSPICredential()
ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMSSPI(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method.value.startswith('MULTIPLEXOR'):
if self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM,
LDAPAuthProtocol.MULTIPLEXOR_NTLM
]:
from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS,
LDAPAuthProtocol.MULTIPLEXOR_KERBEROS
]:
from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
elif self.creds.auth_method.value.startswith('SSPIPROXY'):
if self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_NTLM:
from msldap.authentication.ntlm.sspiproxy import MSLDAPSSPIProxyNTLMAuth
ntlmcred = MSLDAPSSPIProxyCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
ntlmcred.host = self.creds.settings['host'][0]
ntlmcred.port = int(self.creds.settings['port'][0])
ntlmcred.proto = 'ws'
if 'proto' in self.creds.settings:
ntlmcred.proto = self.creds.settings['proto'][0]
if 'agentid' in self.creds.settings:
ntlmcred.agent_id = bytes.fromhex(
self.creds.settings['agentid'][0])
handler = MSLDAPSSPIProxyNTLMAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_KERBEROS:
from msldap.authentication.kerberos.sspiproxyws import MSLDAPSSPIProxyKerberosAuth
ntlmcred = MSLDAPSSPIProxyCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
ntlmcred.host = self.creds.settings['host'][0]
ntlmcred.port = self.creds.settings['port'][0]
ntlmcred.proto = 'ws'
if 'proto' in self.creds.settings:
ntlmcred.proto = self.creds.settings['proto'][0]
if 'agentid' in self.creds.settings:
ntlmcred.agent_id = bytes.fromhex(
self.creds.settings['agentid'][0])
handler = MSLDAPSSPIProxyKerberosAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
elif self.creds.auth_method.value.startswith('WSNET'):
if self.creds.auth_method in [LDAPAuthProtocol.WSNET_NTLM]:
from msldap.authentication.ntlm.wsnet import MSLDAPWSNetNTLMAuth
ntlmcred = MSLDAPWSNETCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
handler = MSLDAPWSNetNTLMAuth(ntlmcred)
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method in [LDAPAuthProtocol.WSNET_KERBEROS]:
from msldap.authentication.kerberos.wsnet import MSLDAPWSNetKerberosAuth
ntlmcred = MSLDAPWSNETCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
handler = MSLDAPWSNetKerberosAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
def to_spnego_cred(creds, target=None):
if creds.authentication_type == SMBAuthProtocol.NTLM:
ntlmcred = SMBNTLMCredential()
ntlmcred.username = creds.username
ntlmcred.domain = creds.domain if creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
if creds.secret is None:
raise Exception('NTLM authentication requres password!')
if creds.secret_type == SMBCredentialsSecretType.NT:
ntlmcred.nt_hash = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.PASSWORD:
ntlmcred.password = creds.secret
settings = NTLMHandlerSettings(ntlmcred)
handler = NTLMAUTHHandler(settings)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.KERBEROS:
if target is None:
raise Exception('Target must be specified with Kerberos!')
if target.hostname is None:
raise Exception(
'target must have a domain name or hostname for kerberos!')
if target.dc_ip is None:
raise Exception('target must have a dc_ip for kerberos!')
kc = KerberosCredential()
kc.username = creds.username
kc.domain = creds.domain
if creds.secret_type == SMBCredentialsSecretType.PASSWORD:
kc.password = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.NT:
kc.nt_hash = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.AES:
if len(creds.secret) == 32:
kc.kerberos_key_aes_128 = creds.secret
elif len(creds.secret) == 64:
kc.kerberos_key_aes_256 = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.RC4:
kc.kerberos_key_rc4 = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.RC4:
kc.ccache = creds.secret
else:
raise Exception(
'No suitable secret type found to set up kerberos!')
kcred = SMBKerberosCredential()
kcred.ccred = kc
kcred.spn = KerberosSPN.from_target_string(
target.to_target_string())
kcred.target = KerberosTarget(target.dc_ip)
if target.proxy is not None:
kcred.target.proxy = KerberosProxy()
kcred.target.proxy.target = copy.deepcopy(target.proxy.target)
kcred.target.proxy.target.endpoint_ip = target.dc_ip
kcred.target.proxy.target.endpoint_port = 88
kcred.target.proxy.creds = copy.deepcopy(target.proxy.auth)
handler = SMBKerberos(kcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.SSPI_KERBEROS:
if target is None:
raise Exception('Target must be specified with Kerberos SSPI!')
kerbcred = SMBKerberosSSPICredential()
kerbcred.client = None #creds.username #here we could submit the domain as well for impersonation? TODO!
kerbcred.password = creds.secret
kerbcred.target = target.to_target_string()
handler = SMBKerberosSSPI(kerbcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.SSPI_NTLM:
ntlmcred = SMBNTLMSSPICredential()
ntlmcred.client = creds.username #here we could submit the domain as well for impersonation? TODO!
ntlmcred.password = creds.secret
handler = SMBNTLMSSPI(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif creds.authentication_type.value.startswith('MULTIPLEXOR'):
if creds.authentication_type in [
SMBAuthProtocol.MULTIPLEXOR_SSL_NTLM,
SMBAuthProtocol.MULTIPLEXOR_NTLM
]:
from aiosmb.authentication.ntlm.multiplexor import SMBNTLMMultiplexor
ntlmcred = SMBMultiplexorCredential()
ntlmcred.type = 'NTLM'
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if creds.authentication_type == SMBAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(creds.settings)
handler = SMBNTLMMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif creds.authentication_type in [
SMBAuthProtocol.MULTIPLEXOR_SSL_KERBEROS,
SMBAuthProtocol.MULTIPLEXOR_KERBEROS
]:
from aiosmb.authentication.kerberos.multiplexor import SMBKerberosMultiplexor
ntlmcred = SMBMultiplexorCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = creds.target
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if creds.authentication_type == SMBAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(creds.settings)
handler = SMBKerberosMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
def to_spnego_cred(creds, target=None):
if creds.authentication_type == SMBAuthProtocol.NEGOEX:
with_certstrore = creds.secret_type == SMBCredentialsSecretType.CERTSTORE
settings = SPNEGOEXAuthHandlerSettings(
creds.username,
creds.secret,
target,
dh_params=None,
with_certstrore=with_certstrore)
handler = SPNEGOEXAuthHandler(settings)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NEGOEX - SPNEGO Extended Negotiation Security Mechanism',
handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.NTLM:
ntlmcred = SMBNTLMCredential()
ntlmcred.username = creds.username
ntlmcred.domain = creds.domain if creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
if creds.secret is None:
if creds.username is None and creds.domain is None:
ntlmcred.is_guest = True
else:
raise Exception('NTLM authentication requres password!')
if creds.secret_type == SMBCredentialsSecretType.NT:
ntlmcred.nt_hash = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.PASSWORD:
ntlmcred.password = creds.secret
settings = NTLMHandlerSettings(ntlmcred)
handler = NTLMAUTHHandler(settings)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.KERBEROS:
if target is None:
raise Exception('Target must be specified with Kerberos!')
if target.hostname is None:
raise Exception(
'target must have a domain name or hostname for kerberos!')
if target.dc_ip is None:
raise Exception('target must have a dc_ip for kerberos!')
if creds.secret_type == SMBCredentialsSecretType.KEYTAB:
filename = creds.secret
if creds.secret.upper() == 'ENV':
filename = os.environ['KRB5KEYTAB']
kc = KerberosCredential.from_keytab(filename, creds.username,
creds.domain)
elif creds.secret_type == SMBCredentialsSecretType.CCACHE:
filename = creds.secret
if creds.secret.upper() == 'ENV':
try:
filename = os.environ['KRB5CCACHE']
except:
raise Exception(
'Kerberos auth missing environment variable KRB5CCACHE'
)
kc = KerberosCredential.from_ccache_file(filename)
kc.username = creds.username
kc.domain = creds.domain
elif creds.secret_type == SMBCredentialsSecretType.KIRBI:
filename = creds.secret
kc = KerberosCredential.from_kirbi(filename)
kc.username = creds.username
kc.domain = creds.domain
elif creds.secret_type == SMBCredentialsSecretType.PFX:
kc = KerberosCredential.from_pfx_file(creds.username,
creds.secret,
username=creds.altname,
domain=creds.altdomain)
creds.username = kc.username
creds.domain = kc.domain
target.domain = kc.domain
elif creds.secret_type == SMBCredentialsSecretType.PFXSTR:
kc = KerberosCredential.from_pfx_string(creds.username,
creds.secret,
username=creds.altname,
domain=creds.altdomain)
creds.username = kc.username
creds.domain = kc.domain
target.domain = kc.domain
elif creds.secret_type == SMBCredentialsSecretType.PEM:
kc = KerberosCredential.from_pem_file(creds.username,
creds.secret,
username=creds.altname,
domain=creds.altdomain)
creds.username = kc.username
creds.domain = kc.domain
target.domain = kc.domain
elif creds.secret_type == SMBCredentialsSecretType.CERTSTORE:
# username is the CN of the certificate
# secret is the name of the certstore, default: MY
certstore = creds.secret
if creds.secret is None:
certstore = 'MY'
kc = KerberosCredential.from_windows_certstore(
creds.username,
certstore,
username=creds.altname,
domain=creds.altdomain)
creds.username = kc.username
creds.domain = kc.domain
target.domain = kc.domain
else:
kc = KerberosCredential()
kc.username = creds.username
kc.domain = creds.domain
if creds.secret_type == SMBCredentialsSecretType.PASSWORD:
kc.password = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.NT:
kc.nt_hash = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.AES:
if len(creds.secret) == 32:
kc.kerberos_key_aes_128 = creds.secret
elif len(creds.secret) == 64:
kc.kerberos_key_aes_256 = creds.secret
elif creds.secret_type == SMBCredentialsSecretType.RC4:
kc.kerberos_key_rc4 = creds.secret
if kc is None:
raise Exception(
'No suitable secret type found to set up kerberos!')
kcred = SMBKerberosCredential()
kcred.ccred = kc
kcred.spn = KerberosSPN.from_target_string(
target.to_target_string())
if target.proxy is not None:
if target.proxy.type in [
SMBProxyType.WSNET, SMBProxyType.SOCKS5,
SMBProxyType.SOCKS5_SSL, SMBProxyType.SOCKS4,
SMBProxyType.SOCKS4_SSL
]:
kcred.target = KerberosTarget(target.dc_ip)
kcred.target.proxy = KerberosProxy()
kcred.target.proxy.target = copy.deepcopy(
target.proxy.target)
kcred.target.proxy.target[-1].endpoint_ip = target.dc_ip
kcred.target.proxy.target[-1].endpoint_port = 88
elif target.proxy.type in [
SMBProxyType.MULTIPLEXOR, SMBProxyType.MULTIPLEXOR_SSL
]:
kcred.target = KerberosTarget(target.dc_ip)
kcred.target.proxy = copy.deepcopy(target.proxy)
else:
kcred.target = KerberosTarget(target.dc_ip)
handler = SMBKerberos(kcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.SSPI_KERBEROS:
if target is None:
raise Exception('Target must be specified with Kerberos SSPI!')
kerbcred = SMBKerberosSSPICredential()
kerbcred.client = None #creds.username #here we could submit the domain as well for impersonation? TODO!
kerbcred.password = creds.secret
kerbcred.target = target.to_target_string()
handler = SMBKerberosSSPI(kerbcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.SSPI_NTLM:
ntlmcred = SMBNTLMSSPICredential()
ntlmcred.client = creds.username #here we could submit the domain as well for impersonation? TODO!
ntlmcred.password = creds.secret
handler = SMBNTLMSSPI(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif creds.authentication_type.value.startswith('MPN'):
if creds.authentication_type in [
SMBAuthProtocol.MPN_SSL_NTLM, SMBAuthProtocol.MPN_NTLM
]:
from aiosmb.authentication.ntlm.mpn import SMBNTLMMPN
ntlmcred = SMBMPNCredential()
ntlmcred.type = 'NTLM'
ntlmcred.is_ssl = True if creds.authentication_type == SMBAuthProtocol.MPN_SSL_NTLM else False
ntlmcred.parse_settings(creds.settings)
handler = SMBNTLMMPN(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif creds.authentication_type in [
SMBAuthProtocol.MPN_SSL_KERBEROS,
SMBAuthProtocol.MPN_KERBEROS
]:
from aiosmb.authentication.kerberos.mpn import SMBKerberosMPN
ntlmcred = SMBMPNCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = creds.target
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if creds.authentication_type == SMBAuthProtocol.MPN_SSL_KERBEROS else False
ntlmcred.parse_settings(creds.settings)
handler = SMBKerberosMPN(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
elif creds.authentication_type.value.startswith('MULTIPLEXOR'):
if creds.authentication_type in [
SMBAuthProtocol.MULTIPLEXOR_SSL_NTLM,
SMBAuthProtocol.MULTIPLEXOR_NTLM
]:
from aiosmb.authentication.ntlm.multiplexor import SMBNTLMMultiplexor
ntlmcred = SMBMultiplexorCredential()
ntlmcred.type = 'NTLM'
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if creds.authentication_type == SMBAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(creds.settings)
handler = SMBNTLMMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif creds.authentication_type in [
SMBAuthProtocol.MULTIPLEXOR_SSL_KERBEROS,
SMBAuthProtocol.MULTIPLEXOR_KERBEROS
]:
from aiosmb.authentication.kerberos.multiplexor import SMBKerberosMultiplexor
ntlmcred = SMBMultiplexorCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = creds.target
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if creds.authentication_type == SMBAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(creds.settings)
handler = SMBKerberosMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
elif creds.authentication_type.value.startswith('WSNET'):
if creds.authentication_type in [SMBAuthProtocol.WSNET_NTLM]:
from aiosmb.authentication.ntlm.wsnet import SMBWSNetNTLMAuth
ntlmcred = SMBWSNETCredential()
ntlmcred.type = 'NTLM'
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
handler = SMBWSNetNTLMAuth(ntlmcred)
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif creds.authentication_type in [SMBAuthProtocol.WSNET_KERBEROS]:
from aiosmb.authentication.kerberos.wsnet import SMBWSNetKerberosAuth
ntlmcred = SMBWSNETCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = creds.target
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
handler = SMBWSNetKerberosAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
elif creds.authentication_type.value.startswith('SSPIPROXY'):
if creds.authentication_type == SMBAuthProtocol.SSPIPROXY_NTLM:
from aiosmb.authentication.ntlm.sspiproxy import SMBSSPIProxyNTLMAuth
ntlmcred = SMBSSPIProxyCredential()
ntlmcred.type = 'NTLM'
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.host = creds.settings['host'][0]
ntlmcred.port = int(creds.settings['port'][0])
ntlmcred.proto = 'ws'
if 'proto' in creds.settings:
ntlmcred.proto = creds.settings['proto'][0]
if 'agentid' in creds.settings:
ntlmcred.agent_id = bytes.fromhex(
creds.settings['agentid'][0])
handler = SMBSSPIProxyNTLMAuth(ntlmcred)
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif creds.authentication_type == SMBAuthProtocol.SSPIPROXY_KERBEROS:
from aiosmb.authentication.kerberos.sspiproxy import SMBSSPIProxyKerberosAuth
ntlmcred = SMBSSPIProxyCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = creds.target
if creds.username is not None:
ntlmcred.username = '******'
if creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if creds.secret is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.host = creds.settings['host'][0]
ntlmcred.port = int(creds.settings['port'][0])
ntlmcred.proto = 'ws'
if 'proto' in creds.settings:
ntlmcred.proto = creds.settings['proto'][0]
if 'agentid' in creds.settings:
ntlmcred.agent_id = bytes.fromhex(
creds.settings['agentid'][0])
handler = SMBSSPIProxyKerberosAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
