public static byte[] TGT(string userName, string domain, string certFile, string certPass, Interop.KERB_ETYPE etype, string outfile, bool ptt, string domainController = "", LUID luid = new LUID(), bool describe = false, bool verifyCerts = false, string servicekey = "", bool getCredentials = false) { try { X509Certificate2 cert = FindCertificate(certFile, certPass); // Check for Base64 encoded certificate second in case certFile was a hex-encoded fingerprint if (cert == null && Helpers.IsBase64String(certFile)) { cert = new X509Certificate2(Convert.FromBase64String(certFile), certPass); } if (cert == null) { Console.WriteLine("[!] Failed to find certificate for {0}", certFile); return(null); } KDCKeyAgreement agreement = new KDCKeyAgreement(); Console.WriteLine("[*] Using PKINIT with etype {0} and subject: {1} ", etype, cert.Subject); Console.WriteLine("[*] Building AS-REQ (w/ PKINIT preauth) for: '{0}\\{1}'", domain, userName); AS_REQ pkinitASREQ = AS_REQ.NewASReq(userName, domain, cert, agreement, etype, verifyCerts); return(InnerTGT(pkinitASREQ, etype, outfile, ptt, domainController, luid, describe, true, false, servicekey, getCredentials)); } catch (KerberosErrorException ex) { KRB_ERROR error = ex.krbError; Console.WriteLine("\r\n[X] KRB-ERROR ({0}) : {1}\r\n", error.error_code, (Interop.KERBEROS_ERROR)error.error_code); } catch (RubeusException ex) { Console.WriteLine("\r\n" + ex.Message + "\r\n"); } return(null); }
public static byte[] TGT(string userName, string domain, string certFile, string certPass, Interop.KERB_ETYPE etype, string outfile, bool ptt, string domainController = "", LUID luid = new LUID(), bool describe = false) { try { X509Certificate2 cert = FindCertificate(certFile, certPass); if (cert == null) { Console.WriteLine("[!] Failed to find certificate for {0}", certFile); return(null); } KDCKeyAgreement agreement = new KDCKeyAgreement(); Console.WriteLine("[*] Using PKINIT with etype {0} and subject: {1} ", etype, cert.Subject); Console.WriteLine("[*] Building AS-REQ (w/ PKINIT preauth) for: '{0}\\{1}'", domain, userName); AS_REQ pkinitASREQ = AS_REQ.NewASReq(userName, domain, cert, agreement, etype); return(InnerTGT(pkinitASREQ, etype, outfile, ptt, domainController, luid, describe, true)); } catch (KerberosErrorException ex) { KRB_ERROR error = ex.krbError; Console.WriteLine("\r\n[X] KRB-ERROR ({0}) : {1}\r\n", error.error_code, (Interop.KERBEROS_ERROR)error.error_code); } catch (RubeusException ex) { Console.WriteLine("\r\n" + ex.Message + "\r\n"); } return(null); }
public PA_PK_AS_REQ(KrbAuthPack krbAuthPack, X509Certificate2 pkCert, KDCKeyAgreement agreement, bool verifyCerts = false) { AuthPack = krbAuthPack; PKCert = pkCert; Agreement = agreement; VerifyCerts = verifyCerts; }
public AS_REQ(X509Certificate2 pkCert, KDCKeyAgreement agreement, bool verifyCerts = false) { // default, for creation pvno = 5; msg_type = 10; padata = new List <PA_DATA>(); req_body = new KDCReqBody(); // add the include-pac == true padata.Add(new PA_DATA()); // add the encrypted timestamp padata.Add(new PA_DATA(pkCert, agreement, req_body, verifyCerts)); }
public PA_DATA(X509Certificate2 pkInitCert, KDCKeyAgreement agreement, KDCReqBody kdcRequestBody, bool verifyCerts = false) { DateTime now = DateTime.UtcNow; KrbPkAuthenticator authenticator = new KrbPkAuthenticator((uint)now.Millisecond, now, now.Millisecond, kdcRequestBody); KrbAuthPack authPack = new KrbAuthPack(authenticator, pkInitCert); byte[] pubKeyInfo = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeInteger(agreement.P), AsnElt.MakeInteger(agreement.G), }).Encode(); authPack.ClientPublicValue = new KrbSubjectPublicKeyInfo(new KrbAlgorithmIdentifier(DiffieHellman, pubKeyInfo), AsnElt.MakeInteger(agreement.Y).Encode()); type = Interop.PADATA_TYPE.PK_AS_REQ; value = new PA_PK_AS_REQ(authPack, pkInitCert, agreement, verifyCerts); }
public PA_PK_AS_REQ(KrbAuthPack krbAuthPack, X509Certificate2 pkCert, KDCKeyAgreement agreement) { AuthPack = krbAuthPack; PKCert = pkCert; Agreement = agreement; }
//TODO: Insert DHKeyPair parameter also. public static AS_REQ NewASReq(string userName, string domain, X509Certificate2 cert, KDCKeyAgreement agreement, Interop.KERB_ETYPE etype, bool verifyCerts = false) { // build a new AS-REQ for the given userName, domain, and etype, w/ PA-ENC-TIMESTAMP // used for "legit" AS-REQs w/ pre-auth // set pre-auth AS_REQ req = new AS_REQ(cert, agreement, verifyCerts); // req.padata.Add() // set the username to request a TGT for req.req_body.cname.name_string.Add(userName); // the realm (domain) the user exists in req.req_body.realm = domain; // KRB_NT_SRV_INST = 2 // service and other unique instance (krbtgt) req.req_body.sname.name_type = Interop.PRINCIPAL_TYPE.NT_SRV_INST; req.req_body.sname.name_string.Add("krbtgt"); req.req_body.sname.name_string.Add(domain); // add in our encryption type req.req_body.etypes.Add(etype); return(req); }