Module: Msf::Exploit::Remote::Kerberos::Ticket::Storage

Included in:
LDAP, MSSQL, SMB::Client::Authenticated, WinRM
Defined in:
lib/msf/core/exploit/remote/kerberos/ticket/storage.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/base.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/none.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/read_only.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/read_mixin.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/read_write.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/write_only.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/write_mixin.rb,
lib/msf/core/exploit/remote/kerberos/ticket/storage/stored_ticket.rb

Defined Under Namespace

Modules: ReadMixin, WriteMixin Classes: Base, None, ReadOnly, ReadWrite, StoredTicket, WriteOnly

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.store_ccache(ccache, options = {}) ⇒ Object

Storage a credential cache object.

Parameters:

  • options (Hash) (defaults to: {})

    See the options description in Base#tickets.

Options Hash (options):

  • The (Msf::Module)

    framework module associated with the store operation.



9
10
11
12
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 9

def self.store_ccache(ccache, options = {})
  driver = WriteOnly.new(framework_module: options[:framework_module])
  driver.store_ccache(ccache, options)
end

Instance Method Details

#initialize(info = {}) ⇒ Object



14
15
16
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 14

def initialize(info = {})
  super
end

#kerberos_storage_options(protocol:) ⇒ Array<Msf::OptEnum>

Parameters:

  • protocol (String)

    The service protocol type, i.e. smb/ldap/winrm/mssql

Returns:



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 20

def kerberos_storage_options(protocol:)
  option_conditions = ["#{protocol}::Auth", '==', 'kerberos']
  [
    Msf::OptEnum.new(
      'KrbCacheMode',
      [
        true,
        'Kerberos ticket cache storage mode',
        'read-write',
        %w[none read-only write-only read-write]
      ],
      conditions: option_conditions
    )
  ]
end

#kerberos_ticket_storage(options = {}) ⇒ Object

Build a ticket storage object based on either the specified options or the datastore if no options are defined.

Parameters:

  • options (Hash) (defaults to: {})

    Options used to select the ticket storage driver backend. If this option is present, it overrides the datastore configuration. All options it contains default to true, meaning it should only be necessary to specify the operations (e.g. read) that should be disabled.

Options Hash (options):

  • read (Boolean)

    Whether or not the storage mechanism should support reading

  • write (Boolean)

    Whether or not the storage mechanism should support writing



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/msf/core/exploit/remote/kerberos/ticket/storage.rb', line 43

def kerberos_ticket_storage(options = {})
  if options.present?
    case [options.fetch(:read, true), options.fetch(:write, true)]
    when [false, false]
      mode = 'none'
    when [false, true]
      mode = 'write-only'
    when [true, false]
      mode = 'read-only'
    when [true, true]
      mode = 'read-write'
    end
  else
    mode = datastore['KrbCacheMode']
  end

  case mode
  when 'none'
    None.new(framework_module: self)
  when 'read-only'
    ReadOnly.new(framework_module: self)
  when 'write-only'
    WriteOnly.new(framework_module: self)
  when 'read-write'
    ReadWrite.new(framework_module: self)
  end
end