class Metasploit::Credential::KrbEncKey
A {Metasploit::Credential::PasswordHash password hash} that cannot be replayed to authenticate to other services. {#data} is a string in the format ‘’msf_krbenckey:<enctype digits>:<key hexadecimal>:<salt hexadecimal>‘`.
This class contains information relevant to a Kerberos EncryptionKey www.rfc-editor.org/rfc/rfc4120.html#section-5.2.9 which is used to encrypt/decrypt arbitrary Kerberos protocol message data - such as the AS-REP krbtgt ticket and enc-part.
Constants
- DATA_REGEXP
Valid format for {#data} composed of ‘’msf_krbenckey:<enctype digits>:<key hexadecimal>:<salt hexadecimal>‘`.
- ENCTYPE_NAMES
www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml
- KEY_REGEXP
Valid format for
KrbEncKey
key portion of {#data}: lowercase hexadecimal characters- SALT_REGEXP
Valid format for
KrbEncKey
enctype portion of {#data}: lowercase hexadecimal characters- TYPE_REGEXP
Valid format for
KrbEncKey
enctype portion of {#data}: numeric characters @seeENCTYPE_NAMES
Public Class Methods
Converts a buffer containing bytes to a String containing the hex representation of the bytes
@param hash [String,nil] a buffer of bytes @return [String] a string where every 2 hexadecimal characters represents a byte in the original hash buffer
# File app/models/metasploit/credential/krb_enc_key.rb, line 155 def self.as_bytes(value) [value.to_s].pack('H*') end
Converts a buffer containing bytes to a String containing the hex representation of the bytes
@param hash [String,nil] a buffer of bytes @return [String] a string where every 2 hexadecimal characters represents a byte in the original hash buffer
# File app/models/metasploit/credential/krb_enc_key.rb, line 147 def self.as_hex(value) value.to_s.unpack1('H*') end
@param [Integer] enctype The enctype @param [String] key The key bytes @param [String,nil] salt The salt @return [String] @raise [ArgumentError] if an option is invalid
# File app/models/metasploit/credential/krb_enc_key.rb, line 99 def self.build_data(enctype:, key:, salt: nil) raise ArgumentError('enctype must be numeric') unless enctype.is_a?(Numeric) raise ArgumentError('key must be set') if key.nil? "msf_krbenckey:#{enctype}:#{as_hex(key)}:#{as_hex(salt)}" end
Public Instance Methods
The enctype as defined by www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml
@return [Integer]
# File app/models/metasploit/credential/krb_enc_key.rb, line 113 def enctype parsed_data[:enctype] end
The key
@return [String]
# File app/models/metasploit/credential/krb_enc_key.rb, line 120 def key parsed_data[:key] end
The salt used as part of creating the key. This is normally derived from the Kerberos principal name/Realm. For windows the following convention is used to create the salt: learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/7a7b081d-c0c6-46f4-acbf-a439664270b8
This value can be nil if the salt is not known @return [String,nil] The key salt if available
# File app/models/metasploit/credential/krb_enc_key.rb, line 130 def salt parsed_data[:salt] end
A string suitable for displaying to the user
@return [String]
# File app/models/metasploit/credential/krb_enc_key.rb, line 137 def to_s "#{ENCTYPE_NAMES[enctype]}:#{self.class.as_hex(key)}#{salt ? ":#{self.class.as_hex(salt)}" : ''}" end
Private Instance Methods
Validates that {#data} is in the expected data format
# File app/models/metasploit/credential/krb_enc_key.rb, line 172 def data_format unless DATA_REGEXP.match(data) errors.add(:data, :format) end end
@return [Hash] The parsed data with enctype, key, salt keys
# File app/models/metasploit/credential/krb_enc_key.rb, line 160 def parsed_data match = data.match(DATA_REGEXP) return {} unless match { enctype: match[:enctype].to_i, key: self.class.as_bytes(match[:key]), salt: match[:salt].empty? ? nil : self.class.as_bytes(match[:salt]) } end