Replicate Logon domain name and extra sids from sapphire ticket
This commit is contained in:
parent
4e6a29d0fb
commit
24490cbe1e
|
@ -52,6 +52,7 @@ module Msf
|
|||
group_ids = opts[:group_ids] || [Rex::Proto::Kerberos::Pac::DOMAIN_USERS]
|
||||
extra_sids = opts[:extra_sids] || []
|
||||
domain_name = opts[:realm] || ''
|
||||
logon_domain_name = opts[:logon_domain_name] || opts[:realm] || ''
|
||||
domain_id = opts[:domain_id] || Rex::Proto::Kerberos::Pac::NT_AUTHORITY_SID
|
||||
auth_time = opts[:auth_time] || Time.now
|
||||
checksum_type = opts[:checksum_type] || Rex::Proto::Kerberos::Crypto::Checksum::RSA_MD5
|
||||
|
@ -64,7 +65,7 @@ module Msf
|
|||
effective_name: user_name,
|
||||
user_id: user_id,
|
||||
primary_group_id: primary_group_id,
|
||||
logon_domain_name: domain_name,
|
||||
logon_domain_name: logon_domain_name,
|
||||
logon_domain_id: domain_id,
|
||||
full_name: base_vi.full_name,
|
||||
logon_script: base_vi.logon_script,
|
||||
|
|
|
@ -150,8 +150,12 @@ module Msf
|
|||
when Rex::Proto::Kerberos::Pac::Krb5PacElementType::LOGON_INFORMATION
|
||||
opts[:group_id] = element.data.primary_group_id.value
|
||||
opts[:domain_id] = element.data.logon_domain_id
|
||||
opts[:logon_domain_name] = element.data.logon_domain_name
|
||||
if copy_entire_pac
|
||||
opts[:base_verification_info] = element.data
|
||||
element.data.extra_sids.each do |sid|
|
||||
opts[:extra_sids].append(sid.sid.to_s)
|
||||
end
|
||||
end
|
||||
when Rex::Proto::Kerberos::Pac::Krb5PacElementType::TICKET_CHECKSUM
|
||||
# We want to be stealthy and match whatever the KDC is doing, so we should do it too
|
||||
|
|
Loading…
Reference in New Issue