def add_tgs(self, tgs_rep, enc_tgs_rep_part, override_pp=False): #from AS_REP """ Creates credential object from the TGS and adds to the ccache file The TGS is the native representation of the asn1 encoded TGS_REP data when the user requests a tgs to a specific service principal with a valid TGT This function doesn't do decryption of the encrypted part of the tgs_rep object, it is expected that the decrypted XXX is supplied in enc_as_rep_part override_pp: bool to determine if client principal should be used as the primary principal for the ccache file """ c = Credential() c.client = CCACHEPrincipal.from_asn1(tgs_rep['cname'], tgs_rep['crealm']) if override_pp == True: self.primary_principal = c.client c.server = CCACHEPrincipal.from_asn1(enc_tgs_rep_part['sname'], enc_tgs_rep_part['srealm']) c.time = Times.from_asn1(enc_tgs_rep_part) c.key = Keyblock.from_asn1(enc_tgs_rep_part['key']) c.is_skey = 0 #not sure! c.tktflags = TicketFlags(enc_tgs_rep_part['flags']).cast( core.IntegerBitString).native c.num_address = 0 c.num_authdata = 0 c.ticket = CCACHEOctetString.from_asn1( Ticket(tgs_rep['ticket']).dump()) c.second_ticket = CCACHEOctetString.empty() self.credentials.append(c)
def from_asn1(ticket, data): ### # data = KrbCredInfo ### c = Credential() c.client = CCACHEPrincipal.from_asn1(data['pname'], data['prealm']) c.server = CCACHEPrincipal.from_asn1(data['sname'], data['srealm']) c.key = Keyblock.from_asn1(data['key']) c.is_skey = 0 #not sure! c.tktflags = TicketFlags(data['flags']).cast(core.IntegerBitString).native c.num_address = 0 c.num_authdata = 0 c.ticket = CCACHEOctetString.from_asn1(ticket['enc-part']['cipher']) c.second_ticket = CCACHEOctetString.empty() return c
def add_kirbi(self, krbcred, override_pp=True, include_expired=False): c = Credential() enc_credinfo = EncKrbCredPart.load( krbcred['enc-part']['cipher']).native ticket_info = enc_credinfo['ticket-info'][0] """ if ticket_info['endtime'] < datetime.datetime.now(datetime.timezone.utc): if include_expired == True: logging.debug('This ticket has most likely expired, but include_expired is forcing me to add it to cache! This can cause problems!') else: logging.debug('This ticket has most likely expired, skipping') return """ c.client = CCACHEPrincipal.from_asn1(ticket_info['pname'], ticket_info['prealm']) if override_pp == True: self.primary_principal = c.client #yaaaaay 4 additional weirdness!!!! #if sname name-string contains a realm as well htne impacket will crash miserably :( if len(ticket_info['sname']['name-string'] ) > 2 and ticket_info['sname']['name-string'][-1].upper( ) == ticket_info['srealm'].upper(): logger.debug('SNAME contains the realm as well, trimming it') t = ticket_info['sname'] t['name-string'] = t['name-string'][:-1] c.server = CCACHEPrincipal.from_asn1(t, ticket_info['srealm']) else: c.server = CCACHEPrincipal.from_asn1(ticket_info['sname'], ticket_info['srealm']) c.time = Times.from_asn1(ticket_info) c.key = Keyblock.from_asn1(ticket_info['key']) c.is_skey = 0 #not sure! c.tktflags = TicketFlags(ticket_info['flags']).cast( core.IntegerBitString).native c.num_address = 0 c.num_authdata = 0 c.ticket = CCACHEOctetString.from_asn1( Ticket(krbcred['tickets'] [0]).dump()) #kirbi only stores one ticket per file c.second_ticket = CCACHEOctetString.empty() self.credentials.append(c)