forked from outflanknl/C2-Tool-Collection
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathKlist_bof.s1.py
31 lines (19 loc) · 1.13 KB
/
Klist_bof.s1.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
from typing import List, Tuple
from outflank_stage1.task.base_bof_task import BaseBOFTask
from outflank_stage1.task.enums import BOFArgumentEncoding
class KlistBOF(BaseBOFTask):
def __init__(self):
super().__init__("klist", base_binary_name="Klist")
self.parser.description = "Interact with cached Kerberos tickets."
self.parser.epilog = "Example usage:\n" " - klist\n" " - klist get target_spn\n" " - klist purge"
action_parser = self.parser.add_subparsers(dest="action", help="The action to perform.")
action_get_parser = action_parser.add_parser("get")
action_get_parser.add_argument("spn", help="Target SPN.")
_ = action_parser.add_parser("purge")
def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]:
parser_arguments = self.parser.parse_args(arguments)
if parser_arguments.action == "purge":
return [(BOFArgumentEncoding.WSTR, "purge")]
if parser_arguments.action == "get":
return [(BOFArgumentEncoding.WSTR, "get"), (BOFArgumentEncoding.WSTR, parser_arguments.spn)]
return []