public void TestKerberosValidatorRC4ModifiedPac()
{
var key = ReadFile("rc4-key-data");
var infoBuffer = "dv///9uwIJUdzAWaCdn16YcrrEk=";
var pac = "BQAAAAAAAAABAAAAIAMAAFgAAAAAAAAACgAAABwAAAB4AwAAAAAAAAwAAABQAAAAmAMAAAAAAAAGAAAAFAAAAOgDAAAAAAAABwAA" +
"ABQAAAAABAAAAAAAAAEQCADMzMzMEAMAAAAAAAAAAAIAYE1z2X1yyQH/////////f/////////9/sFbR+dRwyQGwFjsknnHJAf////////" +
"9/EgASAAQAAgASABIACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIALgAAAFIEAAABAgAACwAAABwAAgAgAAAAAAAAAAAA" +
"AAAAAAAAAAAAAAwADgAgAAIADAAOACQAAgAoAAIAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAAAAsAAIAAA" +
"AAAAAAAAAAAAAACQAAAAAAAAAJAAAAdQBzAGUAcgAuAHQAZQBzAHQAAAAJAAAAAAAAAAkAAABVAHMAZQByACAAVABlAHMAdAAAAAAAAAAA" +
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAAAACAgAABwAAAFAEAAAHAAAAAQIAAAcAAAAEAgAABwAAAA" +
"MCAAAHAAAACAIAAAcAAAAAAgAABwAAAAkCAAAHAAAABgIAAAcAAAAHAgAABwAAAPIBAAAHAAAABwAAAAAAAAAGAAAAVwBTADIAMAAwADgA" +
"BwAAAAAAAAAGAAAARABPAE0AQQBJAE4ABAAAAAEEAAAAAAAFFQAAAELcI/DfA8DDi6apKQcAAAAwAAIABwAAIDQAAgAHAAAgOAACAAcAAC" +
"A8AAIABwAAIEAAAgAHAAAgRAACAAcAACBIAAIABwAAIAUAAAABBQAAAAAABRUAAABC3CPw3wPAw4umqSk8AgAABQAAAAEFAAAAAAAFFQAA" +
"AELcI/DfA8DDi6apKTsCAAAFAAAAAQUAAAAAAAUVAAAAQtwj8N8DwMOLpqkp6QMAAAUAAAABBQAAAAAABRUAAABC3CPw3wPAw4umqSnoAw" +
"AABQAAAAEFAAAAAAAFFQAAAELcI / DfA8DDi6apKQUCAAAFAAAAAQUAAAAAAAUVAAAAQtwj8N8DwMOLpqkpTwQAAAUAAAABBQAAAAAABR" +
"UAAABC3CPw3wPAw4umqSkpAgAAAL9Len5yyQESAHUAcwBlAHIALgB0AGUAcwB0AAAAAAAoABAAFAA4AAAAAAAAAAAAdQBzAGUAcgAuAHQA" +
"ZQBzAHQAQABkAG8AbQBhAGkAbgAuAGMAbwBtAEQATwBNAEEASQBOAC4AQwBPAE0AAAAAAHb///8AAAAAAAAAAAAAAAAAAAAAAAAAAHb//" +
"/8AAAAAAAAAAAAAAAAAAAAAAAAAAA==";
var infoBufferBytes = Convert.FromBase64String(infoBuffer);
var pacBytes = Convert.FromBase64String(pac);
var rand = new Random();
for (var i = 20; i < 50; i++)
{
pacBytes[i] = (byte)rand.Next(0, 254);
}
var pacSign = new PacSignature(infoBufferBytes, ref pacBytes);
pacSign.Validator.Validate(new KerberosKey(key));
}
private void ParsePacType(PacType type, ReadOnlyMemory <byte> pacInfoBuffer, out int exclusionStart, out int exclusionLength)
{
exclusionStart = 0;
exclusionLength = 0;
if (!KnownTypes.TryGetValue(type, out Type pacObjectType))
{
return;
}
var attribute = (PacObject)Activator.CreateInstance(pacObjectType);
if (pacInfoBuffer.Length > 0)
{
PacSignature signature = null;
if (attribute is PacSignature)
{
signature = (PacSignature)attribute;
signature.SignatureData = pacData;
}
attribute.Unmarshal(pacInfoBuffer);
if (signature != null)
{
exclusionStart = signature.SignaturePosition;
exclusionLength = signature.Signature.Length;
}
}
attributes[type] = attribute;
}
public void TestKerberosValidatorAes256ModifiedPac()
{
var key = ReadFile("aes256-key-data");
var infoBuffer = "EAAAAHcQyvz922ZFzfua7A==";
var pac = "BQAAAAAAAAABAAAAIAMAAFgAAAAAAAAACgAAABwAAAB4AwAAAAAAAAwAAABQAAAAmAMAAAAAAAAGAAAAEAAAAOgDAAAAAAAAB" +
"wAAABQAAAD4AwAAAAAAAAEQCADMzMzMEAMAAAAAAAAAAAIAsITafH9yyQH/////////f/////////9/4Cg/sn9yyQHg6KjcSHPJAf//" +
"//////9/EgASAAQAAgASABIACAACAAAAAAAMAAIAAAAAABAAAgAAAAAAFAACAAAAAAAYAAIAMQAAAFIEAAABAgAACwAAABwAAgAgAAA" +
"AAAAAAAAAAAAAAAAAAAAAAAwADgAgAAIADAAOACQAAgAoAAIAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
"cAAAAsAAIAAAAAAAAAAAAAAAAACQAAAAAAAAAJAAAAdQBzAGUAcgAuAHQAZQBzAHQAAAAJAAAAAAAAAAkAAABVAHMAZQByACAAVABlA" +
"HMAdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAAAACAgAABwAAAFAEAAAHAAAAAQIA" +
"AAcAAAAEAgAABwAAAAMCAAAHAAAACAIAAAcAAAAAAgAABwAAAAkCAAAHAAAABgIAAAcAAAAHAgAABwAAAPIBAAAHAAAABwAAAAAAAAA" +
"GAAAAVwBTADIAMAAwADgABwAAAAAAAAAGAAAARABPAE0AQQBJAE4ABAAAAAEEAAAAAAAFFQAAAELcI/DfA8DDi6apKQcAAAAwAAIABw" +
"AAIDQAAgAHAAAgOAACAAcAACA8AAIABwAAIEAAAgAHAAAgRAACAAcAACBIAAIABwAAIAUAAAABBQAAAAAABRUAAABC3CPw3wPAw4umq" +
"Sk8AgAABQAAAAEFAAAAAAAFFQAAAELcI/DfA8DDi6apKTsCAAAFAAAAAQUAAAAAAAUVAAAAQtwj8N8DwMOLpqkp6QMAAAUAAAABBQAA" +
"AAAABRUAAABC3CPw3wPAw4umqSnoAwAABQAAAAEFAAAAAAAFFQAAAELcI / DfA8DDi6apKQUCAAAFAAAAAQUAAAAAAAUVAAAAQtwj8" +
"N8DwMOLpqkpTwQAAAUAAAABBQAAAAAABRUAAABC3CPw3wPAw4umqSkpAgAAACRGyX9yyQESAHUAcwBlAHIALgB0AGUAcwB0AAAAAAAo" +
"ABAAFAA4AAAAAAAAAAAAdQBzAGUAcgAuAHQAZQBzAHQAQABkAG8AbQBhAGkAbgAuAGMAbwBtAEQATwBNAEEASQBOAC4AQwBPAE0AAAA" +
"AABAAAAAAAAAAAAAAAAAAAAB2////AAAAAAAAAAAAAAAAAAAAAAAAAAA=";
var infoBufferBytes = Convert.FromBase64String(infoBuffer);
var pacBytes = Convert.FromBase64String(pac);
var rand = new Random();
for (var i = 20; i < 50; i++)
{
pacBytes[i] = (byte)rand.Next(0, 254);
}
var pacSign = new PacSignature(infoBufferBytes, ref pacBytes);
pacSign.Validator.Validate(new KerberosKey(key));
}
private void ParsePacType(PacType type, byte[] infoBuffer, out int exclusionStart, out int exclusionLength)
{
exclusionStart = 0;
exclusionLength = 0;
switch (type)
{
case PacType.LOGON_INFO:
LogonInfo = new PacLogonInfo(infoBuffer);
break;
case PacType.CREDENTIAL_TYPE:
CredentialType = new PacCredentialInfo(infoBuffer);
break;
case PacType.SERVER_CHECKSUM:
ServerSignature = new PacSignature(infoBuffer, ref signatureData);
exclusionStart = ServerSignature.SignaturePosition;
exclusionLength = ServerSignature.Signature.Length;
break;
case PacType.PRIVILEGE_SERVER_CHECKSUM:
KdcSignature = new PacSignature(infoBuffer, ref signatureData);
exclusionStart = KdcSignature.SignaturePosition;
exclusionLength = KdcSignature.Signature.Length;
break;
case PacType.CLIENT_NAME_TICKET_INFO:
ClientInformation = new PacClientInfo(infoBuffer);
break;
case PacType.CONSTRAINED_DELEGATION_INFO:
DelegationInformation = new PacDelegationInfo(infoBuffer);
break;
case PacType.UPN_DOMAIN_INFO:
UpnDomainInformation = new UpnDomainInfo(infoBuffer);
break;
case PacType.CLIENT_CLAIMS:
ClientClaims = new ClaimsSetMetadata(infoBuffer);
break;
case PacType.DEVICE_INFO:
break;
case PacType.DEVICE_CLAIMS:
DeviceClaims = new ClaimsSetMetadata(infoBuffer);
break;
}
}
private PacSignature ProcessSignature(PacSignature signature, PacType type)
{
if (type == PacType.PRIVILEGE_SERVER_CHECKSUM)
{
signature.SignatureData = this.ServerSignature.Signature;
}
else
{
signature.SignatureData = pacData;
}
return(signature);
}
private static PacSignature GenerateCorruptPac(string infoBuffer, string pac)
{
var infoBufferBytes = Convert.FromBase64String(infoBuffer);
var pacBytes = Convert.FromBase64String(pac);
var rand = new Random();
for (var i = 20; i < 50; i++)
{
pacBytes[i] = (byte)rand.Next(0, 254);
}
var sig = new PacSignature(pacBytes);
sig.ReadBody(infoBufferBytes);
return(sig);
}
private static bool ValidatePac(KerberosKey kerbKey, byte[] infoBufferBytes, byte[] pacBytes)
{
bool pacValidated;
try
{
var sig = new PacSignature(pacBytes);
sig.ReadBody(infoBufferBytes);
sig.Validator.Validate(kerbKey);
pacValidated = true;
}
catch (Exception)
{
pacValidated = false;
}
return(pacValidated);
}
private void ParsePacType(PacType type, byte[] data)
{
switch (type)
{
case PacType.LOGON_INFO:
LogonInfo = new PacLogonInfo(data);
break;
case PacType.CREDENTIAL_TYPE:
CredentialType = data;
break;
case PacType.SERVER_CHECKSUM:
ServerSignature = new PacSignature(data);
break;
case PacType.PRIVILEGE_SERVER_CHECKSUM:
KdcSignature = new PacSignature(data);
break;
case PacType.CLIENT_NAME_TICKET_INFO:
ClientInformation = new PacClientInfo(data);
break;
case PacType.CONSTRAINED_DELEGATION_INFO:
break;
case PacType.UPN_DOMAIN_INFO:
UpnDomainInformation = new UpnDomainInfo(data);
break;
case PacType.CLIENT_CLAIMS:
ClientClaims = new ClaimsSetMetadata(data);
break;
case PacType.DEVICE_INFO:
break;
case PacType.DEVICE_CLAIMS:
DeviceClaims = new ClaimsSetMetadata(data);
break;
}
}
private void ParsePacType(PacType type, ReadOnlyMemory <byte> pacInfoBuffer, out int exclusionStart, out int exclusionLength)
{
exclusionStart = 0;
exclusionLength = 0;
if (!KnownTypes.TryGetValue(type, out Type pacObjectType))
{
this.Attributes[type] = new UnknownPacObject(type, pacInfoBuffer);
return;
}
var attribute = (PacObject)Activator.CreateInstance(pacObjectType);
if (pacInfoBuffer.Length <= 0)
{
return;
}
PacSignature signature = null;
if (attribute is PacSignature sig)
{
signature = this.ProcessSignature(sig, type);
if (!this.Mode.HasFlag(SignatureMode.Kdc) && type == PacType.PRIVILEGE_SERVER_CHECKSUM)
{
signature.Ignored = true;
}
}
attribute.Unmarshal(pacInfoBuffer);
if (signature != null)
{
exclusionStart = signature.SignaturePosition;
exclusionLength = signature.Signature.Length;
}
this.Attributes[type] = attribute;
}
private static bool ValidatePac(KerberosKey kerbKey, byte[] infoBufferBytes, byte[] pacBytes)
{
bool pacValidated;
try
{
var sig = new PacSignature()
{
SignatureData = pacBytes
};
sig.Unmarshal(infoBufferBytes);
sig.Validator.Validate(kerbKey);
pacValidated = true;
}
#pragma warning disable CA1031 // Do not catch general exception types
catch
#pragma warning restore CA1031 // Do not catch general exception types
{
pacValidated = false;
}
return(pacValidated);
}
