Skip to content

Commit

Permalink
Land rapid7#17690, Update inspect ticket tests to use the local timezone
Browse files Browse the repository at this point in the history
  • Loading branch information
@adfoster-r7
adfoster-r7 authored Feb 23, 2023
2 parents 6c5c158 + 8a37cc6 commit d21f6a1
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 63 deletions.
45 changes: 26 additions & 19 deletions lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,10 +82,10 @@ def present_cred(cred, key: nil)
end

output << 'Times:'
output << "Auth time: #{cred.authtime}".indent(2)
output << "Start time: #{cred.starttime}".indent(2)
output << "End time: #{cred.endtime}".indent(2)
output << "Renew Till: #{cred.renew_till}".indent(2)
output << "Auth time: #{present_time(cred.authtime)}".indent(2)
output << "Start time: #{present_time(cred.starttime)}".indent(2)
output << "End time: #{present_time(cred.endtime)}".indent(2)
output << "Renew Till: #{present_time(cred.renew_till)}".indent(2)

output << 'Ticket:'
output << "Ticket Version Number: #{ticket.tkt_vno}".indent(2)
Expand Down Expand Up @@ -113,12 +113,12 @@ def present_logon_info(logon_info)
output = []
output << 'Validation Info:'

output << "Logon Time: #{present_time(validation_info.logon_time)}".indent(2)
output << "Logoff Time: #{present_time(validation_info.logoff_time)}".indent(2)
output << "Kick Off Time: #{present_time(validation_info.kick_off_time)}".indent(2)
output << "Password Last Set: #{present_time(validation_info.password_last_set)}".indent(2)
output << "Password Can Change: #{present_time(validation_info.password_can_change)}".indent(2)
output << "Password Must Change: #{present_time(validation_info.password_must_change)}".indent(2)
output << "Logon Time: #{present_ndr_file_time(validation_info.logon_time)}".indent(2)
output << "Logoff Time: #{present_ndr_file_time(validation_info.logoff_time)}".indent(2)
output << "Kick Off Time: #{present_ndr_file_time(validation_info.kick_off_time)}".indent(2)
output << "Password Last Set: #{present_ndr_file_time(validation_info.password_last_set)}".indent(2)
output << "Password Can Change: #{present_ndr_file_time(validation_info.password_can_change)}".indent(2)
output << "Password Must Change: #{present_ndr_file_time(validation_info.password_must_change)}".indent(2)

output << "Logon Count: #{validation_info.logon_count}".indent(2)
output << "Bad Password Count: #{validation_info.bad_password_count}".indent(2)
Expand All @@ -129,8 +129,8 @@ def present_logon_info(logon_info)
output << "User Account Control: #{validation_info.user_account_control}".indent(2)
output << "Sub Auth Status: #{validation_info.sub_auth_status}".indent(2)

output << "Last Successful Interactive Logon: #{present_time(validation_info.last_successful_i_logon)}".indent(2)
output << "Last Failed Interactive Logon: #{present_time(validation_info.last_failed_i_logon)}".indent(2)
output << "Last Successful Interactive Logon: #{present_ndr_file_time(validation_info.last_successful_i_logon)}".indent(2)
output << "Last Failed Interactive Logon: #{present_ndr_file_time(validation_info.last_failed_i_logon)}".indent(2)
output << "Failed Interactive Logon Count: #{validation_info.failed_i_logon_count}".indent(2)

output << "SID Count: #{validation_info.sid_count}".indent(2)
Expand Down Expand Up @@ -160,7 +160,7 @@ def present_client_info(client_info)
output = []
output << 'Client Info:'
output << "Name: '#{client_info.name.encode('utf-8')}'".indent(2)
output << "Client ID: #{present_time(client_info.client_id)}".indent(2)
output << "Client ID: #{present_ndr_file_time(client_info.client_id)}".indent(2)
output.join("\n")
end

Expand Down Expand Up @@ -231,10 +231,10 @@ def present_encrypted_ticket_part(ticket, key)
ticket_enc_part = Rex::Proto::Kerberos::Model::TicketEncPart.decode(decrypted_part)
output = []
output << 'Times:'
output << "Auth time: #{ticket_enc_part.authtime}".indent(2)
output << "Start time: #{ticket_enc_part.starttime}".indent(2)
output << "End time: #{ticket_enc_part.endtime}".indent(2)
output << "Renew Till: #{ticket_enc_part.renew_till}".indent(2)
output << "Auth time: #{present_time(ticket_enc_part.authtime)}".indent(2)
output << "Start time: #{present_time(ticket_enc_part.starttime)}".indent(2)
output << "End time: #{present_time(ticket_enc_part.endtime)}".indent(2)
output << "Renew Till: #{present_time(ticket_enc_part.renew_till)}".indent(2)

output << "Client Addresses: #{ticket_enc_part.caddr.to_a.length}"
unless ticket_enc_part.caddr.to_a.empty?
Expand Down Expand Up @@ -281,14 +281,21 @@ def present_user_session_key(user_session_key)

# @param [RubySMB::Dcerpc::Ndr::NdrFileTime] time
# @return [String] A human readable representation of the time
def present_time(time)
def present_ndr_file_time(time)
if time.get == Rex::Proto::Kerberos::Pac::NEVER_EXPIRE
'Never Expires (inf)'
elsif time.get == 0
'No Time Set (0)'
else
time.to_time.to_s
present_time(time.to_time)
end
end


# @param [Time] time
# @return [String] A human readable representation of the time in the users timezone
def present_time(time)
time.localtime.to_s
end
end
end
24 changes: 12 additions & 12 deletions spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,10 +124,10 @@
Addresses: 0
Authdatas: 0
Times:
Auth time: 2022-11-28 15:51:29 +0000
Start time: 2022-11-28 15:51:29 +0000
End time: 2032-11-25 15:51:29 +0000
Renew Till: 2032-11-25 15:51:29 +0000
Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time}
Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time}
End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time}
Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time}
Ticket:
Ticket Version Number: 5
Realm: WINDOMAIN.LOCAL
Expand Down Expand Up @@ -157,10 +157,10 @@
Addresses: 0
Authdatas: 0
Times:
Auth time: 2022-11-28 15:51:29 +0000
Start time: 2022-11-28 15:51:29 +0000
End time: 2032-11-25 15:51:29 +0000
Renew Till: 2032-11-25 15:51:29 +0000
Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time}
Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time}
End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time}
Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time}
Ticket:
Ticket Version Number: 5
Realm: WINDOMAIN.LOCAL
Expand All @@ -170,10 +170,10 @@
Key Version Number: 2
Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326):
Times:
Auth time: 2022-11-28 15:51:29 UTC
Start time: 2022-11-28 15:51:29 UTC
End time: 2032-11-25 15:51:29 UTC
Renew Till: 2032-11-25 15:51:29 UTC
Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time}
Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time}
End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time}
Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time}
Client Addresses: 0
Transited: tr_type: 0, Contents: ""
Client Name: 'Administrator'
Expand Down
64 changes: 32 additions & 32 deletions spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -459,7 +459,7 @@

let(:expected_decrypted_aes_output) do
expected_output = ["#{file_format} File:#{ticket_path}"]
expected_output << <<~'EOF'.chomp # Single quote removes interpolation for the hex results
expected_output << <<~EOF.chomp
Primary Principal: [email protected]
Ccache version: 4
Expand All @@ -475,10 +475,10 @@
Addresses: 0
Authdatas: 0
Times:
Auth time: 2023-01-13 14:31:25 +0000
Start time: 2023-01-13 14:31:25 +0000
End time: 2033-01-10 14:31:25 +0000
Renew Till: 2033-01-10 14:31:25 +0000
Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
Ticket:
Ticket Version Number: 5
Realm: WINDOMAIN.LOCAL
Expand All @@ -488,10 +488,10 @@
Key Version Number: 2
Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326):
Times:
Auth time: 2023-01-13 14:31:25 UTC
Start time: 2023-01-13 14:31:25 UTC
End time: 2033-01-10 14:31:25 UTC
Renew Till: 2033-01-10 14:31:25 UTC
Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
Client Addresses: 0
Transited: tr_type: 0, Contents: ""
Client Name: 'Administrator'
Expand All @@ -501,7 +501,7 @@
Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
PAC:
Validation Info:
Logon Time: 2023-01-13 14:31:25 +0000
Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
Logoff Time: Never Expires (inf)
Kick Off Time: Never Expires (inf)
Password Last Set: No Time Set (0)
Expand Down Expand Up @@ -538,7 +538,7 @@
Logon Domain Name: 'WINDOMAIN.LOCAL'
Client Info:
Name: 'Administrator'
Client ID: 2023-01-13 14:31:25 +0000
Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
Pac Server Checksum:
Signature: 81a20da731b3b9bdd2e756dc
Pac Privilege Server Checksum:
Expand All @@ -550,7 +550,7 @@
let(:expected_encrypted_aes_output) do
expected_output = ['No decryption key provided proceeding without decryption.']
expected_output << "#{file_format} File:#{ticket_path}"
expected_output << <<~'EOF'.chomp # Single quote removes interpolation for the hex results
expected_output << <<~EOF.chomp
Primary Principal: [email protected]
Ccache version: 4
Expand All @@ -566,10 +566,10 @@
Addresses: 0
Authdatas: 0
Times:
Auth time: 2023-01-13 14:31:25 +0000
Start time: 2023-01-13 14:31:25 +0000
End time: 2033-01-10 14:31:25 +0000
Renew Till: 2033-01-10 14:31:25 +0000
Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
Ticket:
Ticket Version Number: 5
Realm: WINDOMAIN.LOCAL
Expand All @@ -585,7 +585,7 @@

let(:expected_decrypted_nthash_output) do
expected_output = ["#{file_format} File:#{ticket_path}"]
expected_output << <<~'EOF'.chomp # Single quote removes interpolation for the hex results
expected_output << <<~EOF.chomp
Primary Principal: [email protected]
Ccache version: 4
Expand All @@ -601,10 +601,10 @@
Addresses: 0
Authdatas: 0
Times:
Auth time: 2023-01-13 14:36:39 +0000
Start time: 2023-01-13 14:36:39 +0000
End time: 2033-01-10 14:36:39 +0000
Renew Till: 2033-01-10 14:36:39 +0000
Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
Ticket:
Ticket Version Number: 5
Realm: WINDOMAIN.LOCAL
Expand All @@ -614,10 +614,10 @@
Key Version Number: 2
Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29):
Times:
Auth time: 2023-01-13 14:36:39 UTC
Start time: 2023-01-13 14:36:39 UTC
End time: 2033-01-10 14:36:39 UTC
Renew Till: 2033-01-10 14:36:39 UTC
Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
Client Addresses: 0
Transited: tr_type: 0, Contents: ""
Client Name: 'Administrator'
Expand All @@ -627,7 +627,7 @@
Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
PAC:
Validation Info:
Logon Time: 2023-01-13 14:36:39 +0000
Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
Logoff Time: Never Expires (inf)
Kick Off Time: Never Expires (inf)
Password Last Set: No Time Set (0)
Expand Down Expand Up @@ -664,7 +664,7 @@
Logon Domain Name: 'WINDOMAIN.LOCAL'
Client Info:
Name: 'Administrator'
Client ID: 2023-01-13 14:36:39 +0000
Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
Pac Server Checksum:
Signature: 1a038d8dd257a7d9b875280259ab0e4a
Pac Privilege Server Checksum:
Expand All @@ -676,7 +676,7 @@
let(:expected_encrypted_nthash_output) do
expected_output = ['No decryption key provided proceeding without decryption.']
expected_output << "#{file_format} File:#{ticket_path}"
expected_output << <<~'EOF'.chomp # Single quote removes interpolation for the hex results
expected_output << <<~EOF.chomp
Primary Principal: [email protected]
Ccache version: 4
Expand All @@ -692,10 +692,10 @@
Addresses: 0
Authdatas: 0
Times:
Auth time: 2023-01-13 14:36:39 +0000
Start time: 2023-01-13 14:36:39 +0000
End time: 2033-01-10 14:36:39 +0000
Renew Till: 2033-01-10 14:36:39 +0000
Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
Ticket:
Ticket Version Number: 5
Realm: WINDOMAIN.LOCAL
Expand Down

0 comments on commit d21f6a1

Please sign in to comment.