diff options
| author | Bryan McNulty <bryanmcnulty@protonmail.com> | 2025-04-24 12:17:27 -0500 |
|---|---|---|
| committer | Bryan McNulty <bryanmcnulty@protonmail.com> | 2025-04-24 12:17:27 -0500 |
| commit | 911a2456e7f2098a9b4a9bec3e95b4216ee97c41 (patch) | |
| tree | 5af42a7b1f6f3b4ce267e5da42dea6cc4deba52d /pkg | |
| parent | 212d6e79f6d77109d20b98c2f08fbff0e8895b9f (diff) | |
| download | goexec-911a2456e7f2098a9b4a9bec3e95b4216ee97c41.tar.gz goexec-911a2456e7f2098a9b4a9bec3e95b4216ee97c41.zip | |
Ensure that Kerberos requests use proxy dialer
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/goexec/dce/options.go | 21 | ||||
| -rw-r--r-- | pkg/goexec/smb/options.go | 3 |
2 files changed, 16 insertions, 8 deletions
diff --git a/pkg/goexec/dce/options.go b/pkg/goexec/dce/options.go index b554009..d11a157 100644 --- a/pkg/goexec/dce/options.go +++ b/pkg/goexec/dce/options.go @@ -6,6 +6,7 @@ import ( "github.com/FalconOpsLLC/goexec/pkg/goexec" "github.com/RedTeamPentesting/adauth/dcerpcauth" "github.com/oiweiwei/go-msrpc/dcerpc" + "net" ) type Options struct { @@ -34,7 +35,7 @@ type Options struct { Smb bool `json:"use_smb" yaml:"use_smb"` stringBindings []*dcerpc.StringBinding - dialer dcerpc.Dialer + dialer goexec.Dialer authOptions []dcerpc.Option DcerpcOptions []dcerpc.Option EpmOptions []dcerpc.Option @@ -90,20 +91,26 @@ func (c *Client) Parse(ctx context.Context) (err error) { if c.Proxy != "" { // Parse proxy URL - d, err := goexec.ParseProxyURI(c.Proxy) + c.dialer, err = goexec.ParseProxyURI(c.Proxy) if err != nil { return err } - var ok bool - if c.dialer, ok = d.(dcerpc.Dialer); !ok { + if d, ok := c.dialer.(dcerpc.Dialer); !ok { return fmt.Errorf("cannot cast %T to dcerpc.Dialer", d) + + } else { + c.DcerpcOptions = append(c.DcerpcOptions, dcerpc.WithDialer(d)) + c.EpmOptions = append(c.EpmOptions, dcerpc.WithDialer(d)) } - c.DcerpcOptions = append(c.DcerpcOptions, dcerpc.WithDialer(c.dialer)) - c.EpmOptions = append(c.EpmOptions, dcerpc.WithDialer(c.dialer)) + + } else { + c.dialer = &net.Dialer{} } // Parse authentication parameters - if c.authOptions, err = dcerpcauth.AuthenticationOptions(ctx, c.Credential, c.Target, &dcerpcauth.Options{}); err != nil { + if c.authOptions, err = dcerpcauth.AuthenticationOptions(ctx, c.Credential, c.Target, &dcerpcauth.Options{ + KerberosDialer: c.dialer, // Use the same net dialer as dcerpc + }); err != nil { return fmt.Errorf("parse auth c: %w", err) } diff --git a/pkg/goexec/smb/options.go b/pkg/goexec/smb/options.go index 0c2ffb6..4112abf 100644 --- a/pkg/goexec/smb/options.go +++ b/pkg/goexec/smb/options.go @@ -85,7 +85,8 @@ func (c *Client) Parse(ctx context.Context) (err error) { // Validate authentication parameters c.dialer, err = smbauth.Dialer(ctx, c.Credential, c.Target, &smbauth.Options{ - SMBOptions: do, + KerberosDialer: c.netDialer, + SMBOptions: do, }) if err != nil { |