Ensure that Kerberos requests use proxy dialer

3 files changed, 20 insertions, 11 deletions

diff --git a/TODO.md b/TODO.md
index 01a00b6..7afd1da 100644
--- a/TODO.md
+++ b/TODO.md
@@ -11,7 +11,7 @@
 
 ## SCMR
 
-- [X] Clean up SCMR module 
+- [X] Clean up SCMR module
 - [X] add dynamic string binding support
 - [X] general cleanup. Use TSCH & WMI as reference
 - [ ] Output
@@ -39,8 +39,9 @@
 
 ## Bug Fixes
 
-- [X] Fix SMB transport for SCMR module - `rpc_s_cannot_support: The requested operation is not supported.`
-- [X] Fix proxy - EPM doesn't use the proxy dialer
+- [X] (Fixed) SMB transport for SCMR module - `rpc_s_cannot_support: The requested operation is not supported.`
+- [X] (Fixed) Proxy - EPM doesn't use the proxy dialer
+- [X] (Fixed) Kerberos requests don't dial through proxy
 - [ ] Fix SCMR `change` method so that dependencies field isn't permanently overwritten
 
 ## Lower Priority
diff --git a/pkg/goexec/dce/options.go b/pkg/goexec/dce/options.go
index b554009..d11a157 100644
--- a/pkg/goexec/dce/options.go
+++ b/pkg/goexec/dce/options.go
@@ -6,6 +6,7 @@ import (
   "github.com/FalconOpsLLC/goexec/pkg/goexec"
   "github.com/RedTeamPentesting/adauth/dcerpcauth"
   "github.com/oiweiwei/go-msrpc/dcerpc"
+  "net"
 )
 
 type Options struct {
@@ -34,7 +35,7 @@ type Options struct {
   Smb bool `json:"use_smb" yaml:"use_smb"`
 
   stringBindings []*dcerpc.StringBinding
-  dialer         dcerpc.Dialer
+  dialer         goexec.Dialer
   authOptions    []dcerpc.Option
   DcerpcOptions  []dcerpc.Option
   EpmOptions     []dcerpc.Option
@@ -90,20 +91,26 @@ func (c *Client) Parse(ctx context.Context) (err error) {
 
   if c.Proxy != "" {
     // Parse proxy URL
-    d, err := goexec.ParseProxyURI(c.Proxy)
+    c.dialer, err = goexec.ParseProxyURI(c.Proxy)
     if err != nil {
       return err
     }
-    var ok bool
-    if c.dialer, ok = d.(dcerpc.Dialer); !ok {
+    if d, ok := c.dialer.(dcerpc.Dialer); !ok {
       return fmt.Errorf("cannot cast %T to dcerpc.Dialer", d)
+
+    } else {
+      c.DcerpcOptions = append(c.DcerpcOptions, dcerpc.WithDialer(d))
+      c.EpmOptions = append(c.EpmOptions, dcerpc.WithDialer(d))
     }
-    c.DcerpcOptions = append(c.DcerpcOptions, dcerpc.WithDialer(c.dialer))
-    c.EpmOptions = append(c.EpmOptions, dcerpc.WithDialer(c.dialer))
+
+  } else {
+    c.dialer = &net.Dialer{}
   }
 
   // Parse authentication parameters
-  if c.authOptions, err = dcerpcauth.AuthenticationOptions(ctx, c.Credential, c.Target, &dcerpcauth.Options{}); err != nil {
+  if c.authOptions, err = dcerpcauth.AuthenticationOptions(ctx, c.Credential, c.Target, &dcerpcauth.Options{
+    KerberosDialer: c.dialer, // Use the same net dialer as dcerpc
+  }); err != nil {
     return fmt.Errorf("parse auth c: %w", err)
   }
 
diff --git a/pkg/goexec/smb/options.go b/pkg/goexec/smb/options.go
index 0c2ffb6..4112abf 100644
--- a/pkg/goexec/smb/options.go
+++ b/pkg/goexec/smb/options.go
@@ -85,7 +85,8 @@ func (c *Client) Parse(ctx context.Context) (err error) {
   // Validate authentication parameters
   c.dialer, err = smbauth.Dialer(ctx, c.Credential, c.Target,
     &smbauth.Options{
-      SMBOptions: do,
+      KerberosDialer: c.netDialer,
+      SMBOptions:     do,
     })
 
   if err != nil {