From 736f050a939486c5b23f9a026744d2ee389bff1a Mon Sep 17 00:00:00 2001 From: xAiluros <51412484+xAiluros@users.noreply.github.com> Date: Mon, 17 Jul 2023 16:03:48 +0200 Subject: [PATCH 1/3] Remove Environment Exit from Harvester --- Rubeus/lib/Harvest.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Rubeus/lib/Harvest.cs b/Rubeus/lib/Harvest.cs index ba2d8377..2f17e24a 100755 --- a/Rubeus/lib/Harvest.cs +++ b/Rubeus/lib/Harvest.cs @@ -88,7 +88,8 @@ public void HarvestTicketGrantingTickets() if (collectionStart.AddSeconds(this.runFor) < DateTime.Now) { Console.WriteLine("[*] Completed running for {0} seconds, exiting\r\n", runFor); - System.Environment.Exit(0); + // break out of loop will exit Rubeus + break; } } From a692b55853b001111a67bcedfadf87a72d83c1cd Mon Sep 17 00:00:00 2001 From: xAiluros <51412484+xAiluros@users.noreply.github.com> Date: Mon, 17 Jul 2023 16:56:54 +0200 Subject: [PATCH 2/3] Remove Environment.Exit --- Rubeus/Commands/ASREP2Kirbi.cs | 11 ++++++++++- Rubeus/Commands/Describe.cs | 27 +++++++++++++++++---------- Rubeus/Commands/Golden.cs | 16 +++++++++++++++- Rubeus/Commands/Silver.cs | 16 +++++++++++++++- Rubeus/lib/Harvest.cs | 4 ++-- Rubeus/lib/Helpers.cs | 3 +-- 6 files changed, 60 insertions(+), 17 deletions(-) diff --git a/Rubeus/Commands/ASREP2Kirbi.cs b/Rubeus/Commands/ASREP2Kirbi.cs index 5f44a5b0..62500139 100644 --- a/Rubeus/Commands/ASREP2Kirbi.cs +++ b/Rubeus/Commands/ASREP2Kirbi.cs @@ -86,7 +86,16 @@ public void Execute(Dictionary arguments) } else if (arguments.ContainsKey("/keyhex")) { - key = Helpers.StringToByteArray(arguments["/keyhex"]); + try + { + key = Helpers.StringToByteArray(arguments["/keyhex"]); + } + catch (ArgumentException ex) + { + + Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); + return; + } } else { diff --git a/Rubeus/Commands/Describe.cs b/Rubeus/Commands/Describe.cs index 1dbed6f5..316c7aa3 100755 --- a/Rubeus/Commands/Describe.cs +++ b/Rubeus/Commands/Describe.cs @@ -20,17 +20,24 @@ public void Execute(Dictionary arguments) - if (arguments.ContainsKey("/servicekey")) - { - serviceKey = Helpers.StringToByteArray(arguments["/servicekey"]); - } - if (arguments.ContainsKey("/asrepkey")) - { - asrepKey = Helpers.StringToByteArray(arguments["/asrepkey"]); - } - if (arguments.ContainsKey("/krbkey")) + try { + if (arguments.ContainsKey("/servicekey")) + { + serviceKey = Helpers.StringToByteArray(arguments["/servicekey"]); + } + if (arguments.ContainsKey("/asrepkey")) + { + asrepKey = Helpers.StringToByteArray(arguments["/asrepkey"]); + } + if (arguments.ContainsKey("/krbkey")) + { + krbKey = Helpers.StringToByteArray(arguments["/krbkey"]); + } + } catch (ArgumentException ex) { - krbKey = Helpers.StringToByteArray(arguments["/krbkey"]); + + Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); + return; } // for generating service ticket hash when using AES256 diff --git a/Rubeus/Commands/Golden.cs b/Rubeus/Commands/Golden.cs index 1adf2e80..1d0641ac 100644 --- a/Rubeus/Commands/Golden.cs +++ b/Rubeus/Commands/Golden.cs @@ -44,6 +44,7 @@ public void Execute(Dictionary arguments) string ldappassword = null; string hash = ""; + byte[] hashBytes = null; Interop.KERB_ETYPE encType = Interop.KERB_ETYPE.subkey_keymaterial; Interop.TicketFlags flags = Interop.TicketFlags.forwardable | Interop.TicketFlags.renewable | Interop.TicketFlags.pre_authent | Interop.TicketFlags.initial; @@ -383,6 +384,19 @@ public void Execute(Dictionary arguments) Console.WriteLine("\r\n[X] You must supply a [/des|/rc4|/aes128|/aes256] hash!\r\n"); return; } + else + { + try + { + hashBytes = Helpers.StringToByteArray(hash); + } + catch (ArgumentException ex) + { + + Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); + return; + } + } if (!((encType == Interop.KERB_ETYPE.des_cbc_md5) || (encType == Interop.KERB_ETYPE.rc4_hmac) || (encType == Interop.KERB_ETYPE.aes128_cts_hmac_sha1) || (encType == Interop.KERB_ETYPE.aes256_cts_hmac_sha1))) { @@ -394,7 +408,7 @@ public void Execute(Dictionary arguments) ForgeTickets.ForgeTicket( user, String.Format("krbtgt/{0}", domain), - Helpers.StringToByteArray(hash), + hashBytes, encType, null, Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_HMAC_SHA1_96_AES256, diff --git a/Rubeus/Commands/Silver.cs b/Rubeus/Commands/Silver.cs index 78f6695b..aa888484 100644 --- a/Rubeus/Commands/Silver.cs +++ b/Rubeus/Commands/Silver.cs @@ -44,6 +44,7 @@ public void Execute(Dictionary arguments) string ldappassword = null; string hash = ""; + byte[] hashBytes = null; Interop.KERB_ETYPE encType = Interop.KERB_ETYPE.subkey_keymaterial; byte[] krbKey = null; Interop.KERB_CHECKSUM_ALGORITHM krbEncType = Interop.KERB_CHECKSUM_ALGORITHM.KERB_CHECKSUM_HMAC_SHA1_96_AES256; @@ -444,6 +445,19 @@ public void Execute(Dictionary arguments) Console.WriteLine("\r\n[X] You must supply a [/des|/rc4|/aes128|/aes256] hash!\r\n"); return; } + else + { + try + { + hashBytes = Helpers.StringToByteArray(hash); + } + catch (ArgumentException ex) + { + + Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); + return; + } + } if (!String.IsNullOrEmpty(s4uProxyTarget) || !String.IsNullOrEmpty(s4uTransitedServices)) { if (String.IsNullOrEmpty(s4uProxyTarget) || String.IsNullOrEmpty(s4uTransitedServices)) @@ -463,7 +477,7 @@ public void Execute(Dictionary arguments) ForgeTickets.ForgeTicket( user, service, - Helpers.StringToByteArray(hash), + hashBytes, encType, krbKey, krbEncType, diff --git a/Rubeus/lib/Harvest.cs b/Rubeus/lib/Harvest.cs index 2f17e24a..065c7668 100755 --- a/Rubeus/lib/Harvest.cs +++ b/Rubeus/lib/Harvest.cs @@ -88,8 +88,8 @@ public void HarvestTicketGrantingTickets() if (collectionStart.AddSeconds(this.runFor) < DateTime.Now) { Console.WriteLine("[*] Completed running for {0} seconds, exiting\r\n", runFor); - // break out of loop will exit Rubeus - break; + // return will exit Rubeus + return; } } diff --git a/Rubeus/lib/Helpers.cs b/Rubeus/lib/Helpers.cs index d41cebc5..5010f4fe 100755 --- a/Rubeus/lib/Helpers.cs +++ b/Rubeus/lib/Helpers.cs @@ -58,8 +58,7 @@ public static byte[] StringToByteArray(string hex) if ((hex.Length % 16) != 0) { - Console.WriteLine("\r\n[X] Hash must be 16, 32 or 64 characters in length\r\n"); - System.Environment.Exit(1); + throw new ArgumentException("Hash must be 16, 32 or 64 characters in length"); } // yes I know this inefficient From 10b978cbff3dc6b85f2ee50cb43d8fc6fb8ea2f6 Mon Sep 17 00:00:00 2001 From: xAiluros <51412484+xAiluros@users.noreply.github.com> Date: Mon, 17 Jul 2023 17:17:56 +0200 Subject: [PATCH 3/3] correct whitespace --- Rubeus/Commands/ASREP2Kirbi.cs | 1 - Rubeus/Commands/Describe.cs | 1 - Rubeus/Commands/Golden.cs | 1 - Rubeus/Commands/Silver.cs | 1 - 4 files changed, 4 deletions(-) diff --git a/Rubeus/Commands/ASREP2Kirbi.cs b/Rubeus/Commands/ASREP2Kirbi.cs index 62500139..43918340 100644 --- a/Rubeus/Commands/ASREP2Kirbi.cs +++ b/Rubeus/Commands/ASREP2Kirbi.cs @@ -92,7 +92,6 @@ public void Execute(Dictionary arguments) } catch (ArgumentException ex) { - Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); return; } diff --git a/Rubeus/Commands/Describe.cs b/Rubeus/Commands/Describe.cs index 316c7aa3..ac032ce5 100755 --- a/Rubeus/Commands/Describe.cs +++ b/Rubeus/Commands/Describe.cs @@ -35,7 +35,6 @@ public void Execute(Dictionary arguments) } } catch (ArgumentException ex) { - Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); return; } diff --git a/Rubeus/Commands/Golden.cs b/Rubeus/Commands/Golden.cs index 1d0641ac..7005d69a 100644 --- a/Rubeus/Commands/Golden.cs +++ b/Rubeus/Commands/Golden.cs @@ -392,7 +392,6 @@ public void Execute(Dictionary arguments) } catch (ArgumentException ex) { - Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); return; } diff --git a/Rubeus/Commands/Silver.cs b/Rubeus/Commands/Silver.cs index aa888484..c2d953a4 100644 --- a/Rubeus/Commands/Silver.cs +++ b/Rubeus/Commands/Silver.cs @@ -453,7 +453,6 @@ public void Execute(Dictionary arguments) } catch (ArgumentException ex) { - Console.WriteLine(String.Format("\r\n[X] {0}\r\n", ex.Message)); return; }