Skip to content

Commit

Permalink
fix(nterrors): undo untested breaking changes from fortra#1311 that c…
Browse files Browse the repository at this point in the history 
…hange getErrorString for nt_status errors
  • Loading branch information
@Marshall-Hallenbeck
Marshall-Hallenbeck committed Mar 16, 2024
1 parent 4a62f39 commit dd2cda4
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 31 deletions.
47 changes: 17 additions & 30 deletions impacket/krb5/kerberosv5.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ def sendReceive(data, host, kdcHost, port=88):

return r

def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcHost=None, requestPAC=True, serverName=None, kerberoast_no_preauth=False):
def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcHost=None, requestPAC=True, serverName=None):

# Convert to binary form, just in case we're receiving strings
if isinstance(lmhash, str):
Expand All @@ -119,11 +119,8 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
asReq = AS_REQ()

domain = domain.upper()

if serverName is None:
serverName = Principal('krbtgt/%s'%domain, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
else:
serverName = Principal(serverName, type=constants.PrincipalNameType.NT_PRINCIPAL.value)

pacRequest = KERB_PA_PAC_REQUEST()
pacRequest['include-pac'] = requestPAC
Expand Down Expand Up @@ -193,10 +190,10 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
seq_set_iter(reqBody, 'etype', supportedCiphers)
message = encoder.encode(asReq)
r = sendReceive(message, domain, kdcHost)
else:
raise
else:
raise
else:
raise
raise

# This should be the PREAUTH_FAILED packet or the actual TGT if the target principal has the
# 'Do not require Kerberos preauthentication' set
Expand Down Expand Up @@ -348,11 +345,7 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
# probably bad password if preauth is disabled
if preAuth is False:
error_msg = "failed to decrypt session key: %s" % str(e)
if kerberoast_no_preauth:
LOG.debug(SessionKeyDecryptionError(error_msg, asRep, cipher, key, cipherText))
return tgt, None, key, None
else:
raise SessionKeyDecryptionError(error_msg, asRep, cipher, key, cipherText)
raise SessionKeyDecryptionError(error_msg, asRep, cipher, key, cipherText)
raise
encASRepPart = decoder.decode(plainText, asn1Spec = EncASRepPart())[0]

Expand Down Expand Up @@ -574,10 +567,10 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
from impacket.ntlm import compute_lmhash, compute_nthash
LOG.debug('Got KDC_ERR_ETYPE_NOSUPP, fallback to RC4')
lmhash = compute_lmhash(password)
nthash = compute_nthash(password)
nthash = compute_nthash(password)
continue
else:
raise
raise
else:
raise

Expand All @@ -601,22 +594,22 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
from impacket.ntlm import compute_lmhash, compute_nthash
LOG.debug('Got KDC_ERR_ETYPE_NOSUPP, fallback to RC4')
lmhash = compute_lmhash(password)
nthash = compute_nthash(password)
nthash = compute_nthash(password)
else:
raise
raise
else:
raise
raise
else:
break
else:
tgs = TGS['KDC_REP']
cipher = TGS['cipher']
sessionKey = TGS['sessionKey']
sessionKey = TGS['sessionKey']
break

# Let's build a NegTokenInit with a Kerberos REQ_AP

blob = SPNEGO_NegTokenInit()
blob = SPNEGO_NegTokenInit()

# Kerberos
blob['MechTypes'] = [TypesMech['MS KRB5 - Microsoft Kerberos 5']]
Expand All @@ -625,7 +618,7 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
tgs = decoder.decode(tgs, asn1Spec = TGS_REP())[0]
ticket = Ticket()
ticket.from_asn1(tgs['ticket'])

# Now let's build the AP_REQ
apReq = AP_REQ()
apReq['pvno'] = 5
Expand All @@ -645,7 +638,7 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
authenticator['cusec'] = now.microsecond
authenticator['ctime'] = KerberosTime.to_asn1(now)


authenticator['cksum'] = noValue
authenticator['cksum']['cksumtype'] = 0x8003

Expand Down Expand Up @@ -704,15 +697,15 @@ def __init__( self, error = 0, packet=0):
self.packet = packet
if packet != 0:
self.error = self.packet['error-code']

def getErrorCode( self ):
return self.error

def getErrorPacket( self ):
return self.packet

def getErrorString( self ):
return str(self)
return constants.ERROR_MESSAGES[self.error]

def __str__( self ):
retString = 'Kerberos SessionError: %s(%s)' % (constants.ERROR_MESSAGES[self.error])
Expand All @@ -721,13 +714,7 @@ def __str__( self ):
if self.error == constants.ErrorCodes.KRB_ERR_GENERIC.value:
eData = decoder.decode(self.packet['e-data'], asn1Spec = KERB_ERROR_DATA())[0]
nt_error = struct.unpack('<L', eData['data-value'].asOctets()[:4])[0]

if nt_error in nt_errors.ERROR_MESSAGES:
error_msg_short = nt_errors.ERROR_MESSAGES[nt_error][0]
error_msg_verbose = nt_errors.ERROR_MESSAGES[nt_error][1]
retString += '\nNT ERROR: code: 0x%x - %s - %s' % (nt_error, error_msg_short, error_msg_verbose)
else:
retString += '\nNT ERROR: unknown error code: 0x%x' % nt_error
retString += '\nNT ERROR: %s(%s)' % (nt_errors.ERROR_MESSAGES[nt_error])
except:
pass

Expand Down
2 changes: 1 addition & 1 deletion impacket/smbconnection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -986,7 +986,7 @@ def getErrorPacket( self ):
return self.packet

def getErrorString( self ):
return str(self)
return constants.ERROR_MESSAGES[self.error]

def __str__( self ):
key = self.error
Expand Down

0 comments on commit dd2cda4

Please sign in to comment.