class Metasploit::Credential::KrbEncKey

A {Metasploit::Credential::PasswordHash password hash} that cannot be replayed to authenticate to other services. {#data} is a string in the format ‘’msf_krbenckey:<enctype digits>:<key hexadecimal>:<salt hexadecimal>‘`.

This class contains information relevant to a Kerberos EncryptionKey www.rfc-editor.org/rfc/rfc4120.html#section-5.2.9 which is used to encrypt/decrypt arbitrary Kerberos protocol message data - such as the AS-REP krbtgt ticket and enc-part.

Constants

DATA_REGEXP

Valid format for {#data} composed of ‘’msf_krbenckey:<enctype digits>:<key hexadecimal>:<salt hexadecimal>‘`.

ENCTYPE_NAMES

www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml

KEY_REGEXP

Valid format for KrbEncKey key portion of {#data}: lowercase hexadecimal characters

SALT_REGEXP

Valid format for KrbEncKey enctype portion of {#data}: lowercase hexadecimal characters

TYPE_REGEXP

Valid format for KrbEncKey enctype portion of {#data}: numeric characters @see ENCTYPE_NAMES

Public Class Methods

as_bytes(value) click to toggle source

Converts a buffer containing bytes to a String containing the hex representation of the bytes

@param hash [String,nil] a buffer of bytes @return [String] a string where every 2 hexadecimal characters represents a byte in the original hash buffer

# File app/models/metasploit/credential/krb_enc_key.rb, line 155
def self.as_bytes(value)
  [value.to_s].pack('H*')
end
as_hex(value) click to toggle source

Converts a buffer containing bytes to a String containing the hex representation of the bytes

@param hash [String,nil] a buffer of bytes @return [String] a string where every 2 hexadecimal characters represents a byte in the original hash buffer

# File app/models/metasploit/credential/krb_enc_key.rb, line 147
def self.as_hex(value)
  value.to_s.unpack1('H*')
end
build_data(enctype:, key:, salt: nil) click to toggle source

@param [Integer] enctype The enctype @param [String] key The key bytes @param [String,nil] salt The salt @return [String] @raise [ArgumentError] if an option is invalid

# File app/models/metasploit/credential/krb_enc_key.rb, line 99
def self.build_data(enctype:, key:, salt: nil)
  raise ArgumentError('enctype must be numeric') unless enctype.is_a?(Numeric)
  raise ArgumentError('key must be set') if key.nil?

  "msf_krbenckey:#{enctype}:#{as_hex(key)}:#{as_hex(salt)}"
end

Public Instance Methods

enctype() click to toggle source

The enctype as defined by www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml

@return [Integer]

# File app/models/metasploit/credential/krb_enc_key.rb, line 113
def enctype
  parsed_data[:enctype]
end
key() click to toggle source

The key

@return [String]

# File app/models/metasploit/credential/krb_enc_key.rb, line 120
def key
  parsed_data[:key]
end
salt() click to toggle source

The salt used as part of creating the key. This is normally derived from the Kerberos principal name/Realm. For windows the following convention is used to create the salt: learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/7a7b081d-c0c6-46f4-acbf-a439664270b8

This value can be nil if the salt is not known @return [String,nil] The key salt if available

# File app/models/metasploit/credential/krb_enc_key.rb, line 130
def salt
  parsed_data[:salt]
end
to_s() click to toggle source

A string suitable for displaying to the user

@return [String]

# File app/models/metasploit/credential/krb_enc_key.rb, line 137
def to_s
  "#{ENCTYPE_NAMES[enctype]}:#{self.class.as_hex(key)}#{salt ? ":#{self.class.as_hex(salt)}" : ''}"
end

Private Instance Methods

data_format() click to toggle source

Validates that {#data} is in the expected data format

# File app/models/metasploit/credential/krb_enc_key.rb, line 172
def data_format
  unless DATA_REGEXP.match(data)
    errors.add(:data, :format)
  end
end
parsed_data() click to toggle source

@return [Hash] The parsed data with enctype, key, salt keys

# File app/models/metasploit/credential/krb_enc_key.rb, line 160
def parsed_data
  match = data.match(DATA_REGEXP)
  return {} unless match

  {
    enctype: match[:enctype].to_i,
    key: self.class.as_bytes(match[:key]),
    salt: match[:salt].empty? ? nil : self.class.as_bytes(match[:salt])
  }
end