async def setup(self):
try:
if self.no_work_dir is False:
logger.debug('Setting up working directory')
if self.work_dir is not None:
if isinstance(self.work_dir, str):
self.work_dir = pathlib.Path(self.work_dir)
else:
self.work_dir = pathlib.Path()
self.work_dir.mkdir(parents=True, exist_ok=True)
self.ldap_work_dir = self.work_dir.joinpath('ldap')
self.ldap_work_dir.mkdir(parents=True, exist_ok=True)
self.smb_work_dir = self.work_dir.joinpath('smb')
self.smb_work_dir.mkdir(parents=True, exist_ok=True)
logger.debug('Setting up connection objects')
if self.dns_server is not None:
self.rdns_resolver = RDNS(server=self.dns_server,
protocol='TCP',
cache=True,
proxy=self.proxy)
if self.ldap_url is not None:
self.ldap_mgr = self.ldap_url
if isinstance(self.ldap_url, str):
self.ldap_mgr = MSLDAPURLDecoder(self.ldap_url)
if self.proxy is not None:
#overriding proxy!
pu = SocksClientURL.from_urls(self.proxy)
p = MSLDAPProxy(MSLDAPProxyType.SOCKS5, pu)
self.ldap_mgr.proxy = p
if self.smb_url is not None:
self.smb_mgr = self.smb_url
if isinstance(self.smb_url, str):
self.smb_mgr = SMBConnectionURL(self.smb_url)
if self.proxy is not None:
#overriding proxy!
pu = SocksClientURL.from_urls(self.proxy)
p = SMBProxy()
p.type = SMBProxyType.SOCKS5
p.target = pu
self.smb_mgr.proxy = p
logger.debug('Setting up database connection')
if self.progress_queue is None and self.show_progress is True:
self.progress_queue = asyncio.Queue()
self.progress_task = asyncio.create_task(self.print_progress())
return True, None
except Exception as e:
return False, e
async def setup(self): try: if self.proxy is None: # no need for additional setup return None, None self.in_q = asyncio.Queue() self.out_q = asyncio.Queue() comms = SocksQueueComms(self.in_q, self.out_q) proxies = SocksClientURL.from_urls(self.proxy, self.server, self.port) self.proxyobj = SOCKSClient(comms, proxies) self.proxy_task = asyncio.create_task(self.proxyobj.run()) return None, None except Exception as e: return None, e
async def run(self):
try:
if self.progress_queue is not None:
msg = GathererProgress()
msg.type = GathererProgressType.KERBEROAST
msg.msg_type = MSGTYPE.STARTED
msg.adid = self.ad_id
msg.domain_name = self.domain_name
await self.progress_queue.put(msg)
if self.domain_name is None:
info = self.db_session.query(ADInfo).get(self.ad_id)
self.domain_name = str(info.distinguishedName).replace(
',', '.').replace('DC=', '')
_, err = await self.get_targets()
if err is not None:
raise err
if len(self.targets_asreq) == 0 and len(self.targets_spn) == 0:
logger.debug('No targets found!')
return True, None
if isinstance(self.kerb_url, KerberosClientURL):
self.kerb_mgr = self.kerb_url
if self.proxy is not None:
pu = SocksClientURL.from_urls(self.proxy)
p = KerberosProxy(pu, None, type='SOCKS')
self.kerb_mgr.proxy = p
elif isinstance(self.kerb_url, str):
if self.kerb_url == 'auto':
if platform.system() == 'Windows':
_, err = await self.asreproast()
if err is not None:
raise err
_, err = await self.kerberoast_sspi()
if err is not None:
raise err
return True, None
else:
raise Exception(
'No kerberos URL was provided and not running on Windows!'
)
elif self.kerb_url.startswith('kerberos'):
self.kerb_mgr = KerberosClientURL.from_url(self.kerb_url)
if self.proxy is not None:
pu = SocksClientURL.from_urls(self.proxy)
p = KerberosProxy(pu, None, type='SOCKS')
self.kerb_mgr.proxy = p
_, err = await self.asreproast()
if err is not None:
raise err
_, err = await self.kerberoast()
if err is not None:
raise err
elif self.kerb_url.startswith('ws'):
if self.kerb_url.find('type=sspiproxy'):
await self.kerberoast_sspiproxy()
else:
await self.kerberoast_multiplexor()
return True, None
except Exception as e:
return None, e
finally:
if self.progress_queue is not None:
msg = GathererProgress()
msg.type = GathererProgressType.KERBEROAST
msg.msg_type = MSGTYPE.FINISHED
msg.adid = self.ad_id
msg.domain_name = self.domain_name
await self.progress_queue.put(msg)