Class: Rex::Proto::Kerberos::Pac::LogonInfo

Inherits:
Element
  • Object
show all
Defined in:
lib/rex/proto/kerberos/pac/logon_info.rb

Overview

TODO:

Make more fields user controllable, instead of constants.

This class provides a representation of a PAC_LOGON_INFO structure, which contains the credential information for the client of the Kerberos ticket.

Constant Summary

Constants included from Rex::Proto::Kerberos::Pac

AD_WIN2K_PAC, DEFAULT_USER_SID, DOMAIN_USERS, NETLOGON_FLAG, NEVER_EXPIRE, NT_AUTHORITY_SID, PAC_CLIENT_INFO, PAC_LOGON_INFO, PAC_PRIVSVR_CHECKSUM, PAC_SERVER_CHECKSUM, SEC_TO_UNIX_EPOCH, SE_GROUP_ALL, SE_GROUP_ENABLED, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_MANDATORY, USER_DONT_EXPIRE_PASSWORD, USER_NORMAL_ACCOUNT, VERSION, WINDOWS_TICK

Constants included from Crypto

Crypto::ENC_AS_RESPONSE, Crypto::ENC_KDC_REQUEST_BODY, Crypto::ENC_TGS_RESPONSE, Crypto::RC4_HMAC, Crypto::RSA_MD5

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Element

attr_accessor, attributes, #attributes, #initialize

Methods included from Crypto::RsaMd5

#checksum_rsa_md5

Methods included from Crypto::Rc4Hmac

#decrypt_rc4_hmac, #encrypt_rc4_hmac

Constructor Details

This class inherits a constructor from Rex::Proto::Kerberos::Pac::Element

Instance Attribute Details

#effective_nameString

Returns The client’s Windows 2000 user name.

Returns:

  • (String)

    The client's Windows 2000 user name



17
18
19
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 17

def effective_name
  @effective_name
end

#group_idsArray<Fixnum>

Returns Array of relative Ids of the groups which the client is a member.

Returns:

  • (Array<Fixnum>)

    Array of relative Ids of the groups which the client is a member



26
27
28
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 26

def group_ids
  @group_ids
end

#logon_domain_idObject

Returns the value of attribute logon_domain_id.



32
33
34
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 32

def logon_domain_id
  @logon_domain_id
end

#logon_domain_nameString

Returns The netbios name of the client’s domain.

Returns:

  • (String)

    The netbios name of the client's domain



29
30
31
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 29

def logon_domain_name
  @logon_domain_name
end

#logon_domain_sidString

Returns The SID of the client’s domain.

Returns:

  • (String)

    The SID of the client's domain



32
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 32

attr_accessor :logon_domain_id

#logon_timeTime

Returns The time the client last logged on.

Returns:

  • (Time)

    The time the client last logged on



14
15
16
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 14

def logon_time
  @logon_time
end

#primary_group_idFixnum

Returns The relative ID for the client’s primary group.

Returns:

  • (Fixnum)

    The relative ID for the client's primary group



23
24
25
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 23

def primary_group_id
  @primary_group_id
end

#user_idFixnum

Returns The relative ID for the client.

Returns:

  • (Fixnum)

    The relative ID for the client



20
21
22
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 20

def user_id
  @user_id
end

Instance Method Details

#encodeString

Encodes the Rex::Proto::Kerberos::Pac::LogonInfo

Returns:

  • (String)


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/rex/proto/kerberos/pac/logon_info.rb', line 37

def encode
  elements = []
  elements[0] = ''
  elements[0] << encode_element_id
  elements[0] << encode_logon_time
  elements[0] << encode_logoff_time
  elements[0] << encode_kickoff_time
  elements[0] << encode_password_last_set
  elements[0] << encode_password_can_change
  elements[0] << encode_password_must_change
  elements[0] << encode_effective_name
  elements << encode_effective_name_info
  elements[0] << encode_full_name
  elements << encode_full_name_info
  elements[0] << encode_logon_script
  elements << encode_logon_script_info
  elements[0] << encode_profile_path
  elements << encode_profile_path_info
  elements[0] << encode_home_directory
  elements << encode_home_directory_info
  elements[0] << encode_home_directory_drive
  elements << encode_home_directory_drive_info
  elements[0] << encode_logon_count
  elements[0] << encode_bad_password_count
  elements[0] << encode_user_id
  elements[0] << encode_primary_group_id
  elements[0] << encode_group_count
  elements[0] << encode_group_ids
  elements << encode_group_ids_info
  elements[0] << encode_user_flags
  elements[0] << encode_user_session_key
  elements[0] << encode_logon_server
  elements << encode_logon_server_info
  elements[0] << encode_logon_domain_name
  elements << encode_logon_domain_name_info
  elements[0] << encode_logon_domain_id
  elements << encode_logon_domain_id_info
  elements[0] << encode_reserved_one
  elements[0] << 
  elements[0] << encode_reserved_three
  elements[0] << encode_sid_count
  elements[0] << encode_extra_sids
  elements[0] << encode_resource_group_domain_sid
  elements[0] << encode_resource_group_count
  elements[0] << encode_resource_group_ids

  decoded = ''
  elements.each do |elem|
    decoded << elem
    decoded << "\x00" * ((elem.length + 3) / 4 * 4 - elem.length)
  end

  header = "\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
  header << [decoded.length, 0].pack('VV')

  header + decoded
end