From 385cb2bb8c50735911f53b26f7388867b6c9d949 Mon Sep 17 00:00:00 2001 From: Ronnie Flathers Date: Thu, 11 Apr 2019 18:19:25 -0500 Subject: [PATCH] test if we got ASREP if no error (#6) * test if we got ASREP if no error * check if err is not nil before handling * adding more debug statements * rebuild all in Makefile * Revert "adding more debug statements" This reverts commit 97615a406a517d1559c59c03ecd8a6eeca7eb2eb. --- Makefile | 7 ++++--- cmd/worker.go | 7 +++++-- session/session.go | 12 ++++++++++-- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 592cf25..3b1875c 100644 --- a/Makefile +++ b/Makefile @@ -27,26 +27,27 @@ help: ## Show this help. windows: ## Make Windows x86 and x64 Binaries @for ARCH in ${ARCHS}; do \ echo "Building for windows $${ARCH}.." ;\ - GOOS=windows GOARCH=$${ARCH} go build -ldflags ${LDFLAGS} -o ${TARGET}/kerbrute_windows_$${ARCH}.exe ;\ + GOOS=windows GOARCH=$${ARCH} go build -a -ldflags ${LDFLAGS} -o ${TARGET}/kerbrute_windows_$${ARCH}.exe ;\ done; \ echo "Done." linux: ## Make Linux x86 and x64 Binaries @for ARCH in ${ARCHS}; do \ echo "Building for linux $${ARCH}..." ; \ - GOOS=linux GOARCH=$${ARCH} go build -ldflags ${LDFLAGS} -o ${TARGET}/kerbrute_linux_$${ARCH} ;\ + GOOS=linux GOARCH=$${ARCH} go build -a -ldflags ${LDFLAGS} -o ${TARGET}/kerbrute_linux_$${ARCH} ;\ done; \ echo "Done." mac: ## Make Darwin (Mac) x86 and x64 Binaries @for ARCH in ${ARCHS}; do \ echo "Building for mac $${ARCH}..." ; \ - GOOS=darwin GOARCH=$${ARCH} go build -ldflags ${LDFLAGS} -o ${TARGET}/kerbrute_darwin_$${ARCH} ;\ + GOOS=darwin GOARCH=$${ARCH} go build -a -ldflags ${LDFLAGS} -o ${TARGET}/kerbrute_darwin_$${ARCH} ;\ done; \ echo "Done." clean: ## Delete any binaries @rm -f ${TARGET}/* ; \ + go clean -i -n github.com/ropnop/kerbrute ; \ echo "Done." all: ## Make Windows, Linux and Mac x86/x64 Binaries diff --git a/cmd/worker.go b/cmd/worker.go index 0134788..91a812b 100644 --- a/cmd/worker.go +++ b/cmd/worker.go @@ -76,10 +76,11 @@ func testLogin(ctx context.Context, username string, password string) { func testUsername(ctx context.Context, username string) { atomic.AddInt32(&counter, 1) usernamefull := fmt.Sprintf("%v@%v", username, domain) - if ok, err := kSession.TestUsername(username); ok { + valid, err := kSession.TestUsername(username) + if valid { atomic.AddInt32(&successes, 1) logger.Log.Notice("[+] VALID USERNAME:\t %s", usernamefull) - } else { + } else if err != nil { // This is to determine if the error is "okay" or if we should abort everything ok, errorString := kSession.HandleKerbError(err) if !ok { @@ -88,5 +89,7 @@ func testUsername(ctx context.Context, username string) { } else { logger.Log.Debugf("[!] %v - %v", usernamefull, errorString) } + } else { + logger.Log.Debug("[!] Unknown behavior - %v", usernamefull) } } diff --git a/session/session.go b/session/session.go index e7a8441..376b74c 100644 --- a/session/session.go +++ b/session/session.go @@ -95,7 +95,7 @@ func (k KerbruteSession) TestUsername(username string) (bool, error) { if err != nil { return false, err } - _, err = cl.SendToKDC(b, k.Realm) + rb, err := cl.SendToKDC(b, k.Realm) if err != nil { if e, ok := err.(messages.KRBError); ok { if e.ErrorCode == errorcode.KDC_ERR_PREAUTH_REQUIRED { @@ -103,7 +103,15 @@ func (k KerbruteSession) TestUsername(username string) (bool, error) { } } } - return false, err + // if we made it here, we got an AS REP, meaning pre-auth was probably not required. try to unmarshal it to make sure format is right + var ASRep messages.ASRep + err = ASRep.Unmarshal(rb) + if err != nil { + return false, err + } + // AS REP was valid, user therefore exists (don't bother trying to decrypt) + return true, err + } func (k KerbruteSession) HandleKerbError(err error) (bool, string) {