Class: Metasploit::Credential::KrbEncKey
- Inherits:
-
PasswordHash
- Object
- ApplicationRecord
- Private
- PasswordHash
- Metasploit::Credential::KrbEncKey
- Defined in:
- app/models/metasploit/credential/krb_enc_key.rb
Overview
A password hash that cannot be replayed to authenticate to other services. #data is a string in the format ‘’msf_krbenckey:<enctype digits>:<key hexadecimal>:<salt hexadecimal>‘`.
This class contains information relevant to a Kerberos EncryptionKey www.rfc-editor.org/rfc/rfc4120.html#section-5.2.9 which is used to encrypt/decrypt arbitrary Kerberos protocol message data - such as the AS-REP krbtgt ticket and enc-part.
Instance Attribute Summary collapse
Attributes inherited from Private
#cores, #created_at, #id, #type, #updated_at
Class Method Summary collapse
Instance Method Summary collapse
-
#enctype ⇒ Integer
The enctype as defined by www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml.
-
#key ⇒ String
The key.
-
#salt ⇒ String?
The salt used as part of creating the key.
-
#to_s ⇒ String
A string suitable for displaying to the user.
Instance Attribute Details
#data ⇒ Hash{Symbol => String}
|
# File 'app/models/metasploit/credential/krb_enc_key.rb', line 68
|
Class Method Details
.build_data(enctype:, key:, salt: nil) ⇒ String
94 95 96 97 98 99 |
# File 'app/models/metasploit/credential/krb_enc_key.rb', line 94 def self.build_data(enctype:, key:, salt: nil) raise ArgumentError('enctype must be numeric') unless enctype.is_a?(Numeric) raise ArgumentError('key must be set') if key.nil? "msf_krbenckey:#{enctype}:#{as_hex(key)}:#{as_hex(salt)}" end |
Instance Method Details
#enctype ⇒ Integer
The enctype as defined by www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml
108 109 110 |
# File 'app/models/metasploit/credential/krb_enc_key.rb', line 108 def enctype parsed_data[:enctype] end |
#key ⇒ String
The key
115 116 117 |
# File 'app/models/metasploit/credential/krb_enc_key.rb', line 115 def key parsed_data[:key] end |
#salt ⇒ String?
The salt used as part of creating the key. This is normally derived from the Kerberos principal name/Realm. For windows the following convention is used to create the salt: learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/7a7b081d-c0c6-46f4-acbf-a439664270b8
This value can be nil if the salt is not known
125 126 127 |
# File 'app/models/metasploit/credential/krb_enc_key.rb', line 125 def salt parsed_data[:salt] end |
#to_s ⇒ String
A string suitable for displaying to the user
132 133 134 |
# File 'app/models/metasploit/credential/krb_enc_key.rb', line 132 def to_s "#{ENCTYPE_NAMES[enctype]}:#{self.class.as_hex(key)}#{salt ? ":#{self.class.as_hex(salt)}" : ''}" end |