-
Notifications
You must be signed in to change notification settings - Fork 28
/
kerberosv5.patch
35 lines (29 loc) · 1.34 KB
/
kerberosv5.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
diff --git a/impacket/krb5/kerberosv5.py b/impacket/krb5/kerberosv5.py
index 67b98271..2f46fde2 100644
--- a/impacket/krb5/kerberosv5.py
+++ b/impacket/krb5/kerberosv5.py
@@ -338,7 +338,7 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
return tgt, cipher, key, sessionKey
-def getKerberosTGS(serverName, domain, kdcHost, tgt, cipher, sessionKey):
+def getKerberosTGS(serverName, domain, kdcHost, tgt, cipher, sessionKey, clientrealm=None):
# Decode the TGT
try:
@@ -366,6 +366,10 @@ def getKerberosTGS(serverName, domain, kdcHost, tgt, cipher, sessionKey):
clientName = Principal()
clientName.from_asn1( decodedTGT, 'crealm', 'cname')
+ # Cross-domain fix
+ if clientrealm:
+ clientName.realm = clientrealm.upper()
+
seq_set(authenticator, 'cname', clientName.components_to_asn1)
now = datetime.datetime.utcnow()
@@ -446,7 +450,9 @@ def getKerberosTGS(serverName, domain, kdcHost, tgt, cipher, sessionKey):
spn = Principal()
spn.from_asn1(res['ticket'], 'realm', 'sname')
- if spn.components[0] == serverName.components[0]:
+ # Force this to always return, we don't want to try to follow
+ # referral tickets
+ if spn.components[0] == serverName.components[0] or True:
# Yes.. bye bye
return r, cipher, sessionKey, newSessionKey
else: