forked from outflanknl/C2-Tool-Collection
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathKlist.cna
43 lines (35 loc) · 1.17 KB
/
Klist.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#author Cornelis de Plaa
#@outflank.nl
beacon_command_register("klist", "Displays a list of currently cached Kerberos tickets.",
"Synopsis: klist [optional purge]\n" .
" klist [optional get] [SPN]\n");
alias klist {
$bid = $1;
$input = substr($0, 6);
@args = split(' ', $input);
$command = @args[0];
$spn = @args[1];
# Read in the right BOF file
$handle = openf(script_resource("Klist." . barch($bid) . ".o"));
$data = readb($handle, -1);
closef($handle);
# Pack our arguments
if ($command eq "get") {
blog($bid, "Requesting a service ticket (tgs).");
if ($spn eq "") {
berror($bid, "Please specify a SPN.");
return;
}
$arg_data = bof_pack($bid, "ZZ", $command, $spn);
beacon_inline_execute($bid, $data, "go", $arg_data);
}
else if ($command eq "purge") {
blog($bid, "Purging all Kerberos tickets.");
$arg_data = bof_pack($bid, "Z", $command);
beacon_inline_execute($bid, $data, "go", $arg_data);
}
else {
blog($bid, "Enumerating Kerberos tickets.");
beacon_inline_execute($bid, $data, "go", $null);
}
}