Class: Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::MSSQL

Inherits:
Base
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/kerberos/service_authenticator/mssql.rb

Overview

This class acts as standalone authenticator for Kerberos

Constant Summary

Constants inherited from Base

Base::GSS_CONFIDENTIAL, Base::GSS_DELEGATE, Base::GSS_INTEGRITY, Base::GSS_MUTUAL, Base::GSS_REPLAY_DETECT, Base::GSS_SEQUENCE

Constants included from Client

Client::NEG_TOKEN_ACCEPT_COMPLETED, Client::NEG_TOKEN_ACCEPT_INCOMPLETE, Client::NEG_TOKEN_REJECT, Client::NEG_TOKEN_REQUEST_MIC, Client::TOK_ID_KRB_AP_REP, Client::TOK_ID_KRB_AP_REQ, Client::TOK_ID_KRB_ERROR

Constants included from Client::ApRequest

Client::ApRequest::AP_MUTUAL_REQUIRED, Client::ApRequest::AP_USE_SESSION_KEY

Instance Attribute Summary collapse

Attributes inherited from Base

#framework, #framework_module, #host, #hostname, #key, #mechanism, #mutual_auth, #offered_etypes, #password, #pfx, #port, #proxies, #realm, #send_delegated_creds, #ticket_storage, #timeout, #use_gss_checksum, #username

Attributes included from Client

#client

Instance Method Summary collapse

Methods inherited from Base

#authenticate, #authenticate_via_kdc, #get_message_encryptor, #parse_gss_init_response, #request_tgs_only, #request_tgt_only, #rhost, #rport, #s4u2proxy, #s4u2self, #u2uself, #validate_response!

Methods included from Rex::Proto::Gss::Asn1

#unwrap_pseudo_asn1, #wrap_pseudo_asn1

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Methods included from Client

#cleanup, #connect, #disconnect, #framework_module, #peer, #proxies, #rhost, #rport, #select_cipher, #send_request_as, #send_request_tgs, #send_request_tgt, #send_request_tgt_pkinit, #timeout

Methods included from Client::Pkinit

#build_dh, #build_pa_pk_as_req, #calculate_shared_key, #extract_user_and_realm, #k_truncate, #sign_auth_pack

Methods included from Client::Pac

#build_empty_auth_data, #build_pa_pac_request, #build_pac, #build_pac_authorization_data

Methods included from Client::TgsResponse

#decrypt_kdc_tgs_rep_enc_part, #extract_kerb_creds

Methods included from Client::TgsRequest

#build_ap_req, #build_authenticator, #build_enc_auth_data, #build_pa_for_user, #build_subkey, #build_tgs_body_checksum, #build_tgs_request, #build_tgs_request_body

Methods included from Client::AsResponse

#decrypt_kdc_as_rep_enc_part, #extract_logon_time, #extract_session_key, #format_as_rep_to_john_hash

Methods included from Client::AsRequest

#build_as_pa_time_stamp, #build_as_request, #build_as_request_body

Methods included from Client::ApRequest

#build_service_ap_request, #encode_gss_kerberos_ap_request, #encode_gss_spnego_ap_request

Methods included from Client::Base

#build_client_name, #build_server_name

Constructor Details

#initialize(mssql_port: 1433, **kwargs) ⇒ MSSQL

Returns a new instance of MSSQL.



11
12
13
14
15
16
17
# File 'lib/msf/core/exploit/remote/kerberos/service_authenticator/mssql.rb', line 11

def initialize(
  mssql_port: 1433,
  **kwargs
)
  @mssql_port = mssql_port
  super(**kwargs)
end

Instance Attribute Details

#mssql_portObject (readonly)

Returns the value of attribute mssql_port.



9
10
11
# File 'lib/msf/core/exploit/remote/kerberos/service_authenticator/mssql.rb', line 9

def mssql_port
  @mssql_port
end

Instance Method Details

#build_spn(options = {}) ⇒ Object



19
20
21
22
23
24
25
26
27
# File 'lib/msf/core/exploit/remote/kerberos/service_authenticator/mssql.rb', line 19

def build_spn(options = {})
  Rex::Proto::Kerberos::Model::PrincipalName.new(
    name_type: Rex::Proto::Kerberos::Model::NameType::NT_SRV_INST,
    name_string: [
      'MSSQLSvc',
      "#{options.fetch(:hostname) { hostname }}:#{options.fetch(:mssql_port, mssql_port)}"
    ]
  )
end