scapy.layers.kerberos module

Kerberos V5

Implements parts of:

  • Kerberos Network Authentication Service (V5): RFC4120

  • Kerberos Version 5 GSS-API: RFC1964, RFC4121

  • Kerberos Pre-Authentication: RFC6113 (FAST)

  • Kerberos Principal Name Canonicalization and Cross-Realm Referrals: RFC6806

  • Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols: RFC3244

  • User to User Kerberos Authentication: draft-ietf-cat-user2user-03

  • Public Key Cryptography Based User-to-User Authentication (PKU2U): draft-zhu-pku2u-09

  • Initial and Pass Through Authentication Using Kerberos V5 (IAKERB): draft-ietf-kitten-iakerb-03

  • Kerberos Protocol Extensions: [MS-KILE]

  • Kerberos Protocol Extensions: Service for User: [MS-SFU]

Note

You will find more complete documentation for this layer over at Kerberos

Example decryption:

>>> from scapy.libs.rfc3961 import Key, EncryptionType
>>> pkt = Ether(hex_bytes("525400695813525400216c2b08004500015da71840008006dc\
83c0a87a9cc0a87a11c209005854f6ab2392c25bd650182014b6e00000000001316a8201\
2d30820129a103020105a20302010aa3633061304ca103020102a24504433041a0030201\
12a23a043848484decb01c9b62a1cabfbc3f2d1ed85aa5e093ba8358a8cea34d4393af93\
bf211e274fa58e814878db9f0d7a28d94e7327660db4f3704b3011a10402020080a20904\
073005a0030101ffa481b73081b4a00703050040810010a1123010a003020101a1093007\
1b0577696e3124a20e1b0c444f4d41494e2e4c4f43414ca321301fa003020102a1183016\
1b066b72627467741b0c444f4d41494e2e4c4f43414ca511180f32303337303931333032\
343830355aa611180f32303337303931333032343830355aa7060204701cc5d1a8153013\
0201120201110201170201180202ff79020103a91d301b3019a003020114a11204105749\
4e31202020202020202020202020"))
>>> enc = pkt[Kerberos].root.padata[0].padataValue
>>> k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23a\
e87127a819d42e69b5e22de0ddc63da80096d"))
>>> enc.decrypt(k)
scapy.layers.kerberos.ADMANDATORYFORKDC[source]

alias of AuthorizationData

class scapy.layers.kerberos.AD_AND_OR(_pkt, /, *, conditionCount=0x0 <ASN1_INTEGER[0]>, elements=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>
aliastypes
fields_desc
AD_AND_OR fields

conditionCount

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

elements

ASN1F_PACKET

None

scapy.layers.kerberos.AD_IF_RELEVANT[source]

alias of AuthorizationData

class scapy.layers.kerberos.AD_KDCIssued(_pkt, /, *, adChecksum=<Checksum  |>, iRealm=<ASN1_GENERAL_STRING['']>, iSname=None, elements=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>)>
aliastypes
fields_desc
AD_KDCIssued fields

adChecksum

ASN1F_PACKET

<Checksum  |>

iRealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

iSname

ASN1F_PACKET

None

elements

ASN1F_PACKET

None

class scapy.layers.kerberos.ASN1_Class_KRB[source]

Bases: ASN1_Class

AP_REP = <ASN1Tag AP_REP[111]>
AP_REQ = <ASN1Tag AP_REQ[110]>
AS_REP = <ASN1Tag AS_REP[107]>
AS_REQ = <ASN1Tag AS_REQ[106]>
Authenticator = <ASN1Tag Authenticator[98]>
CRED = <ASN1Tag CRED[118]>
ERROR = <ASN1Tag ERROR[126]>
EncAPRepPart = <ASN1Tag EncAPRepPart[123]>
EncASRepPart = <ASN1Tag EncASRepPart[121]>
EncKrbCredPart = <ASN1Tag EncKrbCredPart[125]>
EncKrbPrivPart = <ASN1Tag EncKrbPrivPart[124]>
EncTGSRepPart = <ASN1Tag EncTGSRepPart[122]>
EncTicketPart = <ASN1Tag EncTicketPart[99]>
PRIV = <ASN1Tag PRIV[117]>
TGS_REP = <ASN1Tag TGS_REP[109]>
TGS_REQ = <ASN1Tag TGS_REQ[108]>
Ticket = <ASN1Tag Ticket[97]>
Token = <ASN1Tag Token[96]>
name = 'Kerberos'
class scapy.layers.kerberos.AuthorizationData(_pkt, /, *, seq=[<AuthorizationDataItem  |>])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE_OF seq>
aliastypes
fields_desc
AuthorizationData fields

seq

ASN1F_SEQUENCE_OF

[<AuthorizationDataItem  |>]

class scapy.layers.kerberos.AuthorizationDataItem(_pkt, /, *, adType=0x0 <ASN1_INTEGER[0]>, adData=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._AuthorizationData_value_Field object>)>
aliastypes
fields_desc
AuthorizationDataItem fields

adType

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

adData

_AuthorizationData_value_Field

<ASN1_STRING['']>

class scapy.layers.kerberos.ChangePasswdData(_pkt, /, *, newpasswd=<ASN1_STRING[<ASN1_STRING['']>]>, targname=None, targrealm=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
ChangePasswdData fields

newpasswd

ASN1F_STRING

<ASN1_STRING[<ASN1_STRING['']>]>

targname

ASN1F_PACKET

None

targrealm

ASN1F_GENERAL_STRING

None

class scapy.layers.kerberos.Checksum(_pkt, /, *, cksumtype=0x0 <ASN1_INTEGER[0]>, checksum=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._Checksum_Field object>)>
aliastypes
fields_desc
Checksum fields

cksumtype

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

checksum

_Checksum_Field

<ASN1_STRING['']>

get_usage()[source]

Get current key usage number

make(key, text, key_usage_number=None, cksumtype=None)[source]

Encrypt text and set it into cipher.

Parameters:
  • key – the key to use to make the checksum

  • text – the bytes to make a checksum of

  • key_usage_number – (optional) specify the key usage number. Guessed otherwise

verify(key, text, key_usage_number=None)[source]

Decrypt and return the data contained in cipher.

Parameters:
  • key – the key to use to check the checksum

  • text – the bytes to verify

  • key_usage_number – (optional) specify the key usage number. Guessed otherwise

class scapy.layers.kerberos.DHRepInfo(_pkt, /, *, dhSignedData=<ASN1_STRING['']>, serverDHNonce=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
DHRepInfo fields

dhSignedData

ASN1F_STRING

<ASN1_STRING['']>

serverDHNonce

ASN1F_STRING

<ASN1_STRING['']>

class scapy.layers.kerberos.ETYPE_INFO(_pkt, /, *, seq=[<ETYPE_INFO_ENTRY  |>])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE_OF seq>
aliastypes
fields_desc
ETYPE_INFO fields

seq

ASN1F_SEQUENCE_OF

[<ETYPE_INFO_ENTRY  |>]

class scapy.layers.kerberos.ETYPE_INFO2(_pkt, /, *, seq=[<ETYPE_INFO_ENTRY2  |>])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE_OF seq>
aliastypes
fields_desc
ETYPE_INFO2 fields

seq

ASN1F_SEQUENCE_OF

[<ETYPE_INFO_ENTRY2  |>]

class scapy.layers.kerberos.ETYPE_INFO_ENTRY(_pkt, /, *, etype=0x1 <ASN1_INTEGER[1]>, salt=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
ETYPE_INFO_ENTRY fields

etype

ASN1F_enum_INTEGER

0x1 <ASN1_INTEGER[1]>

salt

ASN1F_STRING

<ASN1_STRING['']>

class scapy.layers.kerberos.ETYPE_INFO_ENTRY2(_pkt, /, *, etype=0x1 <ASN1_INTEGER[1]>, salt=<ASN1_GENERAL_STRING['']>, s2kparams=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
ETYPE_INFO_ENTRY2 fields

etype

ASN1F_enum_INTEGER

0x1 <ASN1_INTEGER[1]>

salt

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

s2kparams

ASN1F_STRING

<ASN1_STRING['']>

class scapy.layers.kerberos.EncAPRepPart(_pkt, /, *, ctime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, cusec=0x0 <ASN1_INTEGER[0]>, subkey=None, seqNumber=0x0 <ASN1_INTEGER[0]>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
EncAPRepPart fields

ctime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

cusec

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

subkey

ASN1F_PACKET

None

seqNumber

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

class scapy.layers.kerberos.EncASRepPart(_pkt, /, *, key=None, lastReq=[], nonce=0x0 <ASN1_INTEGER[0]>, keyExpiration=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, flags=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, authtime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, starttime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, endtime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, renewTill=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, srealm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName  |>, caddr=[], encryptedPaData=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF lastReq>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
EncASRepPart fields

key

ASN1F_PACKET

None

lastReq

ASN1F_SEQUENCE_OF

[]

nonce

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

keyExpiration

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

flags

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

authtime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

starttime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

endtime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

renewTill

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

srealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

sname

ASN1F_PACKET

<PrincipalName  |>

caddr

ASN1F_SEQUENCE_OF

[]

encryptedPaData

ASN1F_SEQUENCE_OF

[]

class scapy.layers.kerberos.EncKeyPack(_pkt, /, *, encKeyPack=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <scapy.asn1fields.ASN1F_STRING object>
aliastypes
fields_desc
EncKeyPack fields

encKeyPack

ASN1F_STRING

<ASN1_STRING['']>

class scapy.layers.kerberos.EncKrbCredPart(_pkt, /, *, ticketInfo=[<KrbCredInfo  key=<EncryptionKey  |> |>], nonce=None, timestamp=None, usec=None, sAddress=None, cAddress=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF ticketInfo>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
EncKrbCredPart fields

ticketInfo

ASN1F_SEQUENCE_OF

[<KrbCredInfo  key=<EncryptionKey  |> |>]

nonce

ASN1F_INTEGER

None

timestamp

ASN1F_GENERALIZED_TIME

None

usec

ASN1F_INTEGER

None

sAddress

ASN1F_PACKET

None

cAddress

ASN1F_PACKET

None

class scapy.layers.kerberos.EncKrbPrivPart(_pkt, /, *, userData=<ASN1_STRING[<ASN1_STRING['']>]>, timestamp=None, usec=None, seqNumber=None, sAddress=None, cAddress=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
EncKrbPrivPart fields

userData

ASN1F_STRING

<ASN1_STRING[<ASN1_STRING['']>]>

timestamp

ASN1F_GENERALIZED_TIME

None

usec

ASN1F_INTEGER

None

seqNumber

ASN1F_INTEGER

None

sAddress

ASN1F_PACKET

None

cAddress

ASN1F_PACKET

None

class scapy.layers.kerberos.EncTGSRepPart(_pkt, /, *, key=None, lastReq=[], nonce=0x0 <ASN1_INTEGER[0]>, keyExpiration=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, flags=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, authtime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, starttime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, endtime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, renewTill=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, srealm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName  |>, caddr=[], encryptedPaData=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF lastReq>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
EncTGSRepPart fields

key

ASN1F_PACKET

None

lastReq

ASN1F_SEQUENCE_OF

[]

nonce

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

keyExpiration

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

flags

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

authtime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

starttime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

endtime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

renewTill

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

srealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

sname

ASN1F_PACKET

<PrincipalName  |>

caddr

ASN1F_SEQUENCE_OF

[]

encryptedPaData

ASN1F_SEQUENCE_OF

[]

class scapy.layers.kerberos.EncTicketPart(_pkt, /, *, flags=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, key=<EncryptionKey  |>, crealm=<ASN1_GENERAL_STRING['']>, cname=<PrincipalName  |>, transited=<TransitedEncoding  |>, authtime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, starttime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, endtime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, renewTill=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, addresses=[], authorizationData=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
EncTicketPart fields

flags

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

key

ASN1F_PACKET

<EncryptionKey  |>

crealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

cname

ASN1F_PACKET

<PrincipalName  |>

transited

ASN1F_PACKET

<TransitedEncoding  |>

authtime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

starttime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

endtime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

renewTill

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

addresses

ASN1F_SEQUENCE_OF

[]

authorizationData

ASN1F_PACKET

None

class scapy.layers.kerberos.EncryptedData(_pkt, /, *, etype=0x17 <ASN1_INTEGER[23]>, kvno=None, cipher=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_STRING object>)>
aliastypes
decrypt(key, key_usage_number=None, cls=None)[source]

Decrypt and return the data contained in cipher.

Parameters:
  • key – the key to use for decryption

  • key_usage_number – (optional) specify the key usage number. Guessed otherwise

  • cls – (optional) the class of the decrypted payload Guessed otherwise (or bytes)

encrypt(key, text, confounder=None, key_usage_number=None)[source]

Encrypt text and set it into cipher.

Parameters:
  • key – the key to use for encryption

  • text – the bytes value to encode

  • confounder – (optional) specify the confounder bytes. Random otherwise

  • key_usage_number – (optional) specify the key usage number. Guessed otherwise

fields_desc
EncryptedData fields

etype

ASN1F_enum_INTEGER

0x17 <ASN1_INTEGER[23]>

kvno

ASN1F_INTEGER

None

cipher

ASN1F_STRING

<ASN1_STRING['']>

get_usage()[source]

Get current key usage number and encrypted class

class scapy.layers.kerberos.EncryptionKey(_pkt, /, *, keytype=0x0 <ASN1_INTEGER[0]>, keyvalue=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>)>
aliastypes
fields_desc
EncryptionKey fields

keytype

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

keyvalue

ASN1F_STRING

<ASN1_STRING['']>

classmethod fromKey(key)[source]
toKey()[source]
class scapy.layers.kerberos.ExternalPrincipalIdentifier(_pkt, /, *, subjectName=<ASN1_STRING['']>, issuerAndSerialNumber=<ASN1_STRING['']>, subjectKeyIdentifier=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
ExternalPrincipalIdentifier fields

subjectName

ASN1F_STRING

<ASN1_STRING['']>

issuerAndSerialNumber

ASN1F_STRING

<ASN1_STRING['']>

subjectKeyIdentifier

ASN1F_STRING

<ASN1_STRING['']>

class scapy.layers.kerberos.HostAddress(_pkt, /, *, addrType=0x0 <ASN1_INTEGER[0]>, address=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>)>
aliastypes
fields_desc
HostAddress fields

addrType

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

address

ASN1F_STRING

<ASN1_STRING['']>

scapy.layers.kerberos.HostAddresses(name, **kwargs)[source]
class scapy.layers.kerberos.IAKERB_HEADER(_pkt, /, *, targetRealm=<ASN1_GENERAL_STRING['']>, cookie=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
IAKERB_HEADER fields

targetRealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

cookie

ASN1F_STRING

None

class scapy.layers.kerberos.KERB_AD_LOGIN_ALIAS(_pkt, /, *, loginAliases=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF loginAliases>,)>
aliastypes
fields_desc
KERB_AD_LOGIN_ALIAS fields

loginAliases

ASN1F_SEQUENCE_OF

[]

class scapy.layers.kerberos.KERB_AD_RESTRICTION_ENTRY(_pkt, /, *, restrictionType=0x0 <ASN1_INTEGER[0]>, restriction=<ASN1_STRING[b'']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._KerbAdRestrictionEntry_Field object>)>,)>
aliastypes
fields_desc
KERB_AD_RESTRICTION_ENTRY fields

restrictionType

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

restriction

_KerbAdRestrictionEntry_Field

<ASN1_STRING[b'']>

class scapy.layers.kerberos.KERB_AUTH_DATA_AP_OPTIONS(_pkt, /, *, apOptions=16384)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                           APOPTIONS                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                  Fig. KERB_AUTH_DATA_AP_OPTIONS                  
KERB_AUTH_DATA_AP_OPTIONS fields

apOptions

LEIntEnumField

16384

class scapy.layers.kerberos.KERB_AUTH_DATA_CLIENT_TARGET(_pkt, /, *, spn=b'')[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              SPN              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                Fig. KERB_AUTH_DATA_CLIENT_TARGET                 
KERB_AUTH_DATA_CLIENT_TARGET fields

spn

StrFieldUtf16

b''

class scapy.layers.kerberos.KERB_DMSA_KEY_PACKAGE(_pkt, /, *, currentKeys=[], previousKeys=[], expirationInterval=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, fetchInterval=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF currentKeys>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>)>
aliastypes
fields_desc
KERB_DMSA_KEY_PACKAGE fields

currentKeys

ASN1F_SEQUENCE_OF

[]

previousKeys

ASN1F_SEQUENCE_OF

[]

expirationInterval

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

fetchInterval

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

class scapy.layers.kerberos.KERB_ERROR_DATA(_pkt, /, *, dataType=0x2 <ASN1_INTEGER[2]>, dataValue=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
KERB_ERROR_DATA fields

dataType

ASN1F_enum_INTEGER

0x2 <ASN1_INTEGER[2]>

dataValue

_Error_Field

None

class scapy.layers.kerberos.KERB_EXT_ERROR(_pkt, /, *, status=0, reserved=0, flags=1)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                             STATUS                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                            RESERVED                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                             FLAGS                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Fig. KERB_EXT_ERROR                        
KERB_EXT_ERROR fields

status

XLEIntField

0

reserved

XLEIntField

0

flags

XLEIntField

1

class scapy.layers.kerberos.KERB_KEY_LIST_REP(_pkt, /, *, keys=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE_OF keys>
aliastypes
fields_desc
KERB_KEY_LIST_REP fields

keys

ASN1F_SEQUENCE_OF

[]

class scapy.layers.kerberos.KERB_KEY_LIST_REQ(_pkt, /, *, keytypes=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE_OF keytypes>
aliastypes
fields_desc
KERB_KEY_LIST_REQ fields

keytypes

ASN1F_SEQUENCE_OF

[]

class scapy.layers.kerberos.KERB_SUPERSEDED_BY_USER(_pkt, /, *, name=None, realm=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>)>
aliastypes
fields_desc
KERB_SUPERSEDED_BY_USER fields

name

ASN1F_PACKET

None

realm

ASN1F_GENERAL_STRING

None

class scapy.layers.kerberos.KPASSWD_REP(_pkt, /, *, len=None, pvno=1, apreplen=None, aprep=<KRB_AP_REP  |>, krbpriv=<KRB_PRIV  |>, error=<KRB_ERROR  sname=<PrincipalName  |> |>)[source]

Bases: Packet

aliastypes
answers(other)[source]
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              LEN              |              PVNO             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            APREPLEN           |             APREP             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            KRBPRIV            |             ERROR             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         Fig. KPASSWD_REP                         
KPASSWD_REP fields

len

ShortField

None

pvno

ShortField

1

apreplen

ShortField

None

aprep

PacketLenField

<KRB_AP_REP  |>

krbpriv

PacketLenField (Cond)

<KRB_PRIV  |>

error

PacketLenField (Cond)

<KRB_ERROR  sname=<PrincipalName  |> |>

post_build(p, pay)[source]
class scapy.layers.kerberos.KPASSWD_REQ(_pkt, /, *, len=None, pvno=65408, apreqlen=None, apreq=<KRB_AP_REQ  |>, krbpriv=<KRB_PRIV  |>, error=<KRB_ERROR  sname=<PrincipalName  |> |>)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              LEN              |              PVNO             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            APREQLEN           |             APREQ             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            KRBPRIV            |             ERROR             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         Fig. KPASSWD_REQ                         
KPASSWD_REQ fields

len

ShortField

None

pvno

ShortField

65408

apreqlen

ShortField

None

apreq

PacketLenField

<KRB_AP_REQ  |>

krbpriv

PacketLenField (Cond)

<KRB_PRIV  |>

error

PacketLenField (Cond)

<KRB_ERROR  sname=<PrincipalName  |> |>

post_build(p, pay)[source]
class scapy.layers.kerberos.KPasswdRepData(_pkt, /, *, resultCode=0, resultString=b'')[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           RESULTCODE          |          RESULTSTRING         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Fig. KPasswdRepData                        
KPasswdRepData fields

resultCode

ShortEnumField

0

resultString

StrField

b''

class scapy.layers.kerberos.KRB_AP_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xf <ASN1_INTEGER[15]>, encPart=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_AP_REP fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0xf <ASN1_INTEGER[15]>

encPart

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_AP_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xe <ASN1_INTEGER[14]>, apOptions=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, ticket=None, authenticator=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_AP_REQ fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0xe <ASN1_INTEGER[14]>

apOptions

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

ticket

ASN1F_PACKET

None

authenticator

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_AS_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xb <ASN1_INTEGER[11]>, padata=[], crealm=<ASN1_GENERAL_STRING['']>, cname=None, ticket=None, encPart=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_AS_REP fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0xb <ASN1_INTEGER[11]>

padata

ASN1F_SEQUENCE_OF

[]

crealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

cname

ASN1F_PACKET

None

ticket

ASN1F_PACKET

None

encPart

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_AS_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xa <ASN1_INTEGER[10]>, padata=[], reqBody=<KRB_KDC_REQ_BODY  |>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_AS_REQ fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0xa <ASN1_INTEGER[10]>

padata

ASN1F_SEQUENCE_OF

[]

reqBody

ASN1F_PACKET

<KRB_KDC_REQ_BODY  |>

class scapy.layers.kerberos.KRB_Authenticator(_pkt, /, *, authenticatorPvno=0x5 <ASN1_INTEGER[5]>, crealm=<ASN1_GENERAL_STRING['']>, cname=None, cksum=None, cusec=0x0 <ASN1_INTEGER[0]>, ctime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, subkey=None, seqNumber=0x0 <ASN1_INTEGER[0]>, encAuthorizationData=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
KRB_Authenticator fields

authenticatorPvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

crealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

cname

ASN1F_PACKET

None

cksum

ASN1F_PACKET

None

cusec

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

ctime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

subkey

ASN1F_PACKET

None

seqNumber

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

encAuthorizationData

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_AuthenticatorChecksum(_pkt, /, *, Lgth=None, Bnd=<GssChannelBindings  initiator_address=<GssBufferDesc  |> acceptor_address=<GssBufferDesc  |> |>, Flags=<Flag 0 ()>, DlgOpt=0, Dlgth=None, Deleg=<KRB_CRED  tickets=[<KRB_Ticket  sname=<PrincipalName  |> encPart=<EncryptedData  |> |>] |>, Exts=[<KRB_GSS_EXT  |>])[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                              LGTH                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              BND              |             FLAGS             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |             DLGOPT            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             DLGTH             |             DELEG             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              EXTS             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                  Fig. KRB_AuthenticatorChecksum                  
KRB_AuthenticatorChecksum fields

Lgth

FieldLenField

None

Bnd

PacketLenField

<GssChannelBindings  initiator_address=<GssBufferDesc  |> acceptor_address=<GssBufferDesc  |> |>

Flags

FlagsField

<Flag 0 ()>

DlgOpt

LEShortField (Cond)

0

Dlgth

FieldLenField (Cond)

None

Deleg

PacketLenField (Cond)

<KRB_CRED  tickets=[<KRB_Ticket  sname=<PrincipalName  |> encPart=<EncryptedData  |> |>] |>

Exts

PacketListField

[<KRB_GSS_EXT  |>]

class scapy.layers.kerberos.KRB_CRED(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x16 <ASN1_INTEGER[22]>, tickets=[<KRB_Ticket  sname=<PrincipalName  |> encPart=<EncryptedData  |> |>], encPart=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <ASN1F_SEQUENCE_OF tickets>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_CRED fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0x16 <ASN1_INTEGER[22]>

tickets

ASN1F_SEQUENCE_OF

[<KRB_Ticket  sname=<PrincipalName  |> encPart=<EncryptedData  |> |>]

encPart

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_ERROR(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x1e <ASN1_INTEGER[30]>, ctime=None, cusec=None, stime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, susec=0x0 <ASN1_INTEGER[0]>, errorCode=0x0 <ASN1_INTEGER[0]>, crealm=None, cname=None, realm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName  |>, eText=<ASN1_GENERAL_STRING['']>, eData=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
aliastypes
fields_desc
KRB_ERROR fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0x1e <ASN1_INTEGER[30]>

ctime

ASN1F_GENERALIZED_TIME

None

cusec

ASN1F_INTEGER

None

stime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

susec

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

errorCode

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

crealm

ASN1F_GENERAL_STRING

None

cname

ASN1F_PACKET

None

realm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

sname

ASN1F_PACKET

<PrincipalName  |>

eText

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

eData

_KRBERROR_data_Field

<ASN1_STRING['']>

class scapy.layers.kerberos.KRB_FINISHED(_pkt, /, *, gssMic=<Checksum  |>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>,)>
aliastypes
fields_desc
KRB_FINISHED fields

gssMic

ASN1F_PACKET

<Checksum  |>

class scapy.layers.kerberos.KRB_GSSAPI_Token(_pkt, /, *, MechType=<ASN1_OID['Kerberos 5']>, innerToken=<KRB_InnerToken  root=<KRB_AP_REQ  |> |>)[source]

Bases: GSSAPI_BLOB

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_OID object>, <scapy.asn1fields.ASN1F_PACKET object>)>
aliastypes
fields_desc
KRB_GSSAPI_Token fields

MechType

ASN1F_OID

<ASN1_OID['Kerberos 5']>

innerToken

ASN1F_PACKET

<KRB_InnerToken  root=<KRB_AP_REQ  |> |>

class scapy.layers.kerberos.KRB_GSS_Delete_sec_context_RFC1964(_pkt, /, *, SGN_ALG=0, Filler=4294967295, SND_SEQ=b'', SGN_CKSUM=b'')[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            SGN ALG            |             FILLER            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |            SND SEQ            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |           SGN CKSUM           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |            padding            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

             Fig. KRB_GSS_Delete_sec_context_RFC1964              
KRB_GSS_Delete_sec_context_RFC1964 fields

SGN_ALG

LEShortEnumField

0

Filler

XLEIntField

4294967295

SND_SEQ

XStrFixedLenField

b''

SGN_CKSUM

PadField

b''

class scapy.layers.kerberos.KRB_GSS_EXT(_pkt, /, *, type=0, length=None, data=None)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                              TYPE                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                             LENGTH                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              DATA             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         Fig. KRB_GSS_EXT                         
KRB_GSS_EXT fields

type

IntEnumField

0

length

FieldLenField

None

data

MultipleTypeField (PacketField, XStrLenField)

b''

class scapy.layers.kerberos.KRB_GSS_MIC(_pkt, /, *, Flags=<Flag 0 ()>, Filler=b'\xff\xff\xff\xff\xff', SND_SEQ=0, SGN_CKSUM=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')[source]

Bases: Packet

aliastypes
default_payload_class(payload)[source]
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     FLAGS     |                     FILLER                    |
+-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |            SND SEQ            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |           SGN CKSUM           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         Fig. KRB_GSS_MIC                         
KRB_GSS_MIC fields

Flags

FlagsField

<Flag 0 ()>

Filler

XStrFixedLenField

b'\xff\xff\xff\xff\xff'

SND_SEQ

LongField

0

SGN_CKSUM

XStrField

b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

class scapy.layers.kerberos.KRB_GSS_MIC_RFC1964(_pkt, /, *, SGN_ALG=0, Filler=4294967295, SND_SEQ=b'', SGN_CKSUM=b'')[source]

Bases: Packet

aliastypes
default_payload_class(payload)[source]
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            SGN ALG            |             FILLER            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |            SND SEQ            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |           SGN CKSUM           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |            padding            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Fig. KRB_GSS_MIC_RFC1964                     
KRB_GSS_MIC_RFC1964 fields

SGN_ALG

LEShortEnumField

0

Filler

XLEIntField

4294967295

SND_SEQ

XStrFixedLenField

b''

SGN_CKSUM

PadField

b''

class scapy.layers.kerberos.KRB_GSS_Wrap(_pkt, /, *, Flags=<Flag 0 ()>, Filler=255, EC=0, RRC=0, SND_SEQ=0, Data=None)[source]

Bases: Packet

aliastypes
default_payload_class(payload)[source]
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     FLAGS     |     FILLER    |               EC              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              RRC              |            SND SEQ            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |              DATA             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        Fig. KRB_GSS_Wrap                         
KRB_GSS_Wrap fields

Flags

FlagsField

<Flag 0 ()>

Filler

XByteField

255

EC

ShortField

0

RRC

ShortField

0

SND_SEQ

LongField

0

Data

MultipleTypeField (XStrField, XStrLenField)

b''

class scapy.layers.kerberos.KRB_GSS_Wrap_RFC1964(_pkt, /, *, SGN_ALG=0, SEAL_ALG=0, Filler=65535, SND_SEQ=b'', SGN_CKSUM=b'', CONFOUNDER=b'')[source]

Bases: Packet

aliastypes
default_payload_class(payload)[source]
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            SGN ALG            |            SEAL ALG           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             FILLER            |            SND SEQ            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |           SGN CKSUM           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |            padding            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                           CONFOUNDER                          |
+                                                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Fig. KRB_GSS_Wrap_RFC1964                     
KRB_GSS_Wrap_RFC1964 fields

SGN_ALG

LEShortEnumField

0

SEAL_ALG

LEShortEnumField

0

Filler

XLEShortField

65535

SND_SEQ

XStrFixedLenField

b''

SGN_CKSUM

PadField

b''

CONFOUNDER

XStrFixedLenField

b''

class scapy.layers.kerberos.KRB_InnerToken(_pkt, /, *, TOK_ID=b'\x01\x00', root=<KRB_AP_REQ  |>)[source]

Bases: Packet

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             TOK ID            |              ROOT             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Fig. KRB_InnerToken                        
KRB_InnerToken fields

TOK_ID

StrFixedLenEnumField

b'\x01\x00'

root

PacketField

<KRB_AP_REQ  |>

guess_payload_class(payload)[source]
mysummary()[source]
class scapy.layers.kerberos.KRB_KDC_REQ_BODY(_pkt, /, *, kdcOptions=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, cname=None, realm=<ASN1_GENERAL_STRING['']>, sname=None, from_=None, till=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, rtime=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, nonce=0x0 <ASN1_INTEGER[0]>, etype=[], addresses=[], encAuthorizationData=None, additionalTickets=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_INTEGER object>, <ASN1F_SEQUENCE_OF etype>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
KRB_KDC_REQ_BODY fields

kdcOptions

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

cname

ASN1F_PACKET

None

realm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

sname

ASN1F_PACKET

None

from_

ASN1F_GENERALIZED_TIME

None

till

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

rtime

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

nonce

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

etype

ASN1F_SEQUENCE_OF

[]

addresses

ASN1F_SEQUENCE_OF

[]

encAuthorizationData

ASN1F_PACKET

None

additionalTickets

ASN1F_SEQUENCE_OF

[]

class scapy.layers.kerberos.KRB_PRIV(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x15 <ASN1_INTEGER[21]>, encPart=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_PRIV fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0x15 <ASN1_INTEGER[21]>

encPart

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_TGS_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xb <ASN1_INTEGER[11]>, padata=[], crealm=<ASN1_GENERAL_STRING['']>, cname=None, ticket=None, encPart=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_TGS_REP fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0xb <ASN1_INTEGER[11]>

padata

ASN1F_SEQUENCE_OF

[]

crealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

cname

ASN1F_PACKET

None

ticket

ASN1F_PACKET

None

encPart

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_TGS_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xc <ASN1_INTEGER[12]>, padata=[], reqBody=<KRB_KDC_REQ_BODY  |>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_TGS_REQ fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0xc <ASN1_INTEGER[12]>

padata

ASN1F_SEQUENCE_OF

[]

reqBody

ASN1F_PACKET

<KRB_KDC_REQ_BODY  |>

class scapy.layers.kerberos.KRB_TGT_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x11 <ASN1_INTEGER[17]>, ticket=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>
aliastypes
fields_desc
KRB_TGT_REP fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0x11 <ASN1_INTEGER[17]>

ticket

ASN1F_PACKET

None

class scapy.layers.kerberos.KRB_TGT_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x10 <ASN1_INTEGER[16]>, sname=None, realm=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
KRB_TGT_REQ fields

pvno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

msgType

ASN1F_enum_INTEGER

0x10 <ASN1_INTEGER[16]>

sname

ASN1F_PACKET

None

realm

ASN1F_GENERAL_STRING

None

class scapy.layers.kerberos.KRB_Ticket(_pkt, /, *, tktVno=0x5 <ASN1_INTEGER[5]>, realm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName  |>, encPart=<EncryptedData  |>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KRB_Ticket fields

tktVno

ASN1F_INTEGER

0x5 <ASN1_INTEGER[5]>

realm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

sname

ASN1F_PACKET

<PrincipalName  |>

encPart

ASN1F_PACKET

<EncryptedData  |>

getSPN()[source]
class scapy.layers.kerberos.Kerberos(_pkt, /, *, root=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
aliastypes
fields_desc
Kerberos fields

root

ASN1F_CHOICE

None

mysummary()[source]
class scapy.layers.kerberos.KerberosClient(self, debug: int = 0, store: int = 0, **kargs: Any)[source]

Bases: Automaton

BEGIN(*args: ATMT, **kargs: Any) NewStateRequested[source]
FINAL(*args: ATMT, **kargs: Any) NewStateRequested[source]
class MODE(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: IntEnum

AS_REQ = 0
GET_SALT = 2
TGS_REQ = 1
RES_AS_MODE[source]

alias of AS_Result

RES_TGS_MODE[source]

alias of TGS_Result

SENT_AP_REQ(*args: ATMT, **kargs: Any) NewStateRequested[source]
SENT_TGS_REQ(*args: ATMT, **kargs: Any) NewStateRequested[source]
actions: Dict[str, List[_StateWrapper]] = {'receive_as_rep': [<function KerberosClient.decrypt_as_rep>], 'receive_krb_error_as_req': [], 'receive_krb_error_tgs_req': [], 'receive_salt_mode': [], 'receive_tgs_rep': [<function KerberosClient.decrypt_tgs_rep>], 'retry_after_eof_in_apreq': [], 'should_send_as_req': [<function KerberosClient.send_as_req>], 'should_send_tgs_req': [<function KerberosClient.send_tgs_req>]}
as_req()[source]
breakpoints: Set[_StateWrapper]
conditions: Dict[str, List[_StateWrapper]] = {'BEGIN': [<function KerberosClient.should_send_as_req>, <function KerberosClient.should_send_tgs_req>], 'FINAL': [], 'SENT_AP_REQ': [], 'SENT_TGS_REQ': []}
decrypt_as_rep(pkt)[source]
decrypt_tgs_rep(pkt)[source]
eofs: Dict[str, _StateWrapper] = {'SENT_AP_REQ': <function KerberosClient.retry_after_eof_in_apreq>}
initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]
intercepted_packet: None | Packet
interception_points: Set[_StateWrapper]
ioevents: Dict[str, List[_StateWrapper]] = {'BEGIN': [], 'FINAL': [], 'SENT_AP_REQ': [], 'SENT_TGS_REQ': []}
ionames: List[str] = []
iosupersockets: List[SuperSocket] = []
listen_sock: SuperSocket | None
packets: PacketList
receive_as_rep(pkt)[source]
receive_krb_error_as_req(pkt)[source]
receive_krb_error_tgs_req(pkt)[source]
receive_salt_mode(pkt)[source]
receive_tgs_rep(pkt)[source]
recv_conditions: Dict[str, List[_StateWrapper]] = {'BEGIN': [], 'FINAL': [], 'SENT_AP_REQ': [<function KerberosClient.receive_salt_mode>, <function KerberosClient.receive_krb_error_as_req>, <function KerberosClient.receive_as_rep>], 'SENT_TGS_REQ': [<function KerberosClient.receive_krb_error_tgs_req>, <function KerberosClient.receive_tgs_rep>]}
retry_after_eof_in_apreq()[source]
send(pkt)[source]
send_as_req()[source]
send_sock: SuperSocket | None
send_tgs_req()[source]
should_send_as_req()[source]
should_send_tgs_req()[source]
states: Dict[str, _StateWrapper] = {'BEGIN': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'FINAL': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_AP_REQ': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_TGS_REQ': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}
stop_state: _StateWrapper | None = None
tgs_req()[source]
threadid: int | None
timeout: Dict[str, _TimerList] = {'BEGIN': [], 'FINAL': [], 'SENT_AP_REQ': [], 'SENT_TGS_REQ': []}
class scapy.layers.kerberos.KerberosSSP(ST=None, UPN=None, PASSWORD=None, U2U=False, KEY=None, SPN=None, TGT=None, DC_IP=None, REQUIRE_U2U=False, SKEY_TYPE=None, debug=0, **kwargs)[source]

Bases: SSP

The KerberosSSP

Client settings:

Parameters:
  • ST – the service ticket to use for access. If not provided, will be retrieved

  • SPN – the SPN of the service to use

  • UPN – The client UPN

  • DC_IP – (optional) is ST+KEY are not provided, will need to contact the KDC at this IP. If not provided, will perform dc locator.

  • TGT – (optional) pass a TGT to use to get the ST.

  • KEY – the session key associated with the ST if it is provided, OR the session key associated with the TGT OR the kerberos key associated with the UPN

  • PASSWORD – (optional) if a UPN is provided and not a KEY, this is the password of the UPN.

  • U2U – (optional) use U2U when requesting the ST.

Server settings:

Parameters:
  • SPN – the SPN of the service to use

  • KEY – the kerberos key to use to decrypt the AP-req

  • TGT – (optional) pass a TGT to use for U2U

  • DC_IP – (optional) if TGT is not provided, request one on the KDC at this IP using using the KEY when using U2U.

  • REQUIRE_U2U – (optional, default False) require U2U

class CONTEXT(IsAcceptor, req_flags=None)[source]

Bases: CONTEXT

IsAcceptor
KrbSessionKey
RecvSealKeyUsage
RecvSeqNum
RecvSignKeyUsage
STSessionKey
SendSealKeyUsage
SendSeqNum
SendSignKeyUsage
SeqNum
ServerHostname
SessionKey
U2U
clifailure()[source]
GSS_Accept_sec_context(Context: CONTEXT, val=None)[source]
GSS_GetMICEx(Context, msgs, qop_req=0)[source]

[MS-KILE] sect 3.4.5.6

  • AES: RFC4121 sect 4.2.6.1

GSS_Init_sec_context(Context: CONTEXT, val=None, req_flags: GSS_C_FLAGS | None = None)[source]
GSS_Passive(Context: CONTEXT, val=None)[source]
GSS_Passive_set_Direction(Context: CONTEXT, IsAcceptor=False)[source]
GSS_UnwrapEx(Context, msgs, signature)[source]

[MS-KILE] sect 3.4.5.5

  • AES: RFC4121 sect 4.2.6.2

  • HMAC-RC4: RFC4757 sect 7.3

GSS_VerifyMICEx(Context, msgs, signature)[source]

[MS-KILE] sect 3.4.5.7

  • AES: RFC4121 sect 4.2.6.1

GSS_WrapEx(Context, msgs, qop_req=0)[source]

[MS-KILE] sect 3.4.5.4

  • AES: RFC4121 sect 4.2.6.2 and [MS-KILE] sect 3.4.5.4.1

  • HMAC-RC4: RFC4757 sect 7.3 and [MS-KILE] sect 3.4.5.4.1

MaximumSignatureLength(Context: CONTEXT)[source]
class STATE(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: STATE

CLI_RCVD_APREP = 4
CLI_SENT_APREQ = 3
CLI_SENT_TGTREQ = 2
INIT = 1
SRV_SENT_APREP = 5
auth_type = 16
canMechListMIC(Context: CONTEXT)[source]
oid = '1.2.840.113554.1.2.2'
class scapy.layers.kerberos.KerberosTCPHeader(_pkt, /, *, len=None)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                              LEN                              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Fig. KerberosTCPHeader                      
KerberosTCPHeader fields

len

LenField

None

payload_guess

Possible sublayers: Kerberos

classmethod tcp_reassemble(data, *args, **kwargs)[source]
class scapy.layers.kerberos.Kpasswd(_pkt, /)[source]

Bases: Packet

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]
class scapy.layers.kerberos.KpasswdTCPHeader(_pkt, /, *, len=None)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                              LEN                              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Fig. KpasswdTCPHeader                       
KpasswdTCPHeader fields

len

LenField

None

payload_guess

Possible sublayers: Kpasswd

classmethod tcp_reassemble(data, *args, **kwargs)[source]
class scapy.layers.kerberos.KrbCredInfo(_pkt, /, *, key=<EncryptionKey  |>, prealm=None, pname=None, flags=None, authtime=None, starttime=None, endtime=None, renewTill=None, srealm=None, sname=None, caddr=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
KrbCredInfo fields

key

ASN1F_PACKET

<EncryptionKey  |>

prealm

ASN1F_GENERAL_STRING

None

pname

ASN1F_PACKET

None

flags

ASN1F_FLAGS

None

authtime

ASN1F_GENERALIZED_TIME

None

starttime

ASN1F_GENERALIZED_TIME

None

endtime

ASN1F_GENERALIZED_TIME

None

renewTill

ASN1F_GENERALIZED_TIME

None

srealm

ASN1F_GENERAL_STRING

None

sname

ASN1F_PACKET

None

caddr

ASN1F_SEQUENCE_OF

[]

class scapy.layers.kerberos.KrbFastArmor(_pkt, /, *, armorType=0x1 <ASN1_INTEGER[1]>, armorValue=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._KrbFastArmor_value_Field object>)>
aliastypes
fields_desc
KrbFastArmor fields

armorType

ASN1F_enum_INTEGER

0x1 <ASN1_INTEGER[1]>

armorValue

_KrbFastArmor_value_Field

<ASN1_STRING['']>

class scapy.layers.kerberos.KrbFastArmoredRep(_pkt, /, *, encFastRep=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>,)>,)>
aliastypes
fields_desc
KrbFastArmoredRep fields

encFastRep

ASN1F_PACKET

None

class scapy.layers.kerberos.KrbFastArmoredReq(_pkt, /, *, armor=<KrbFastArmor  |>, reqChecksum=<Checksum  |>, encFastReq=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
aliastypes
fields_desc
KrbFastArmoredReq fields

armor

ASN1F_PACKET

<KrbFastArmor  |>

reqChecksum

ASN1F_PACKET

<Checksum  |>

encFastReq

ASN1F_PACKET

None

class scapy.layers.kerberos.KrbFastFinished(_pkt, /, *, timestamp=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, usec=0x0 <ASN1_INTEGER[0]>, crealm=<ASN1_GENERAL_STRING['']>, cname=None, ticketChecksum=<Checksum  |>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>
aliastypes
fields_desc
KrbFastFinished fields

timestamp

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

usec

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

crealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

cname

ASN1F_PACKET

None

ticketChecksum

ASN1F_PACKET

<Checksum  |>

class scapy.layers.kerberos.KrbFastReq(_pkt, /, *, fastOptions=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, padata=[<PADATA  |>], reqBody=None)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>, <ASN1F_SEQUENCE_OF padata>, <scapy.asn1fields.ASN1F_PACKET object>)>
aliastypes
fields_desc
KrbFastReq fields

fastOptions

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

padata

ASN1F_SEQUENCE_OF

[<PADATA  |>]

reqBody

ASN1F_PACKET

None

class scapy.layers.kerberos.KrbFastResponse(_pkt, /, *, padata=[<PADATA  |>], stengthenKey=None, finished=<KrbFastFinished  ticketChecksum=<Checksum  |> |>, nonce=0x0 <ASN1_INTEGER[0]>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF padata>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_INTEGER object>)>
aliastypes
fields_desc
KrbFastResponse fields

padata

ASN1F_SEQUENCE_OF

[<PADATA  |>]

stengthenKey

ASN1F_PACKET

None

finished

ASN1F_PACKET

<KrbFastFinished  ticketChecksum=<Checksum  |> |>

nonce

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

class scapy.layers.kerberos.LSAP_TOKEN_INFO_INTEGRITY(_pkt, /, *, Flags=<Flag 0 ()>, TokenIL=8192, MachineID=b'')[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                             FLAGS                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                            TOKENIL                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                           MACHINEID                           |
+                                                               +
|                                                               |
+                                                               +
|                                                               |
+                                                               +
|                                                               |
+                                                               +
|                                                               |
+                                                               +
|                                                               |
+                                                               +
|                                                               |
+                                                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                  Fig. LSAP_TOKEN_INFO_INTEGRITY                  
LSAP_TOKEN_INFO_INTEGRITY fields

Flags

FlagsField

<Flag 0 ()>

TokenIL

LEIntEnumField

8192

MachineID

XStrFixedLenField

b''

class scapy.layers.kerberos.LastReqItem(_pkt, /, *, lrType=0x0 <ASN1_INTEGER[0]>, lrValue=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>)>
aliastypes
fields_desc
LastReqItem fields

lrType

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

lrValue

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

class scapy.layers.kerberos.MethodData(_pkt, /, *, seq=[<PADATA  |>])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE_OF seq>
aliastypes
fields_desc
MethodData fields

seq

ASN1F_SEQUENCE_OF

[<PADATA  |>]

class scapy.layers.kerberos.PADATA(_pkt, /, *, padataType=0x0 <ASN1_INTEGER[0]>, padataValue=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._PADATA_value_Field object>)>
aliastypes
fields_desc
PADATA fields

padataType

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

padataValue

_PADATA_value_Field

<ASN1_STRING['']>

class scapy.layers.kerberos.PA_AUTHENTICATION_SET(_pkt, /, *, elems=[<PA_AUTHENTICATION_SET_ELEM  |>])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE_OF elems>
aliastypes
fields_desc
PA_AUTHENTICATION_SET fields

elems

ASN1F_SEQUENCE_OF

[<PA_AUTHENTICATION_SET_ELEM  |>]

class scapy.layers.kerberos.PA_AUTHENTICATION_SET_ELEM(_pkt, /, *, paType=0x0 <ASN1_INTEGER[0]>, paHint=<ASN1_STRING['']>, paValue=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
PA_AUTHENTICATION_SET_ELEM fields

paType

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

paHint

ASN1F_STRING

<ASN1_STRING['']>

paValue

ASN1F_STRING

<ASN1_STRING['']>

class scapy.layers.kerberos.PA_ENC_TS_ENC(_pkt, /, *, patimestamp=20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, pausec=0x0 <ASN1_INTEGER[0]>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
PA_ENC_TS_ENC fields

patimestamp

ASN1F_GENERALIZED_TIME

20241006213857Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>

pausec

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

class scapy.layers.kerberos.PA_FOR_USER(_pkt, /, *, userName=<PrincipalName  |>, userRealm=<ASN1_GENERAL_STRING['']>, cksum=<Checksum  |>, authPackage=<ASN1_GENERAL_STRING['Kerberos']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>)>
aliastypes
fields_desc
PA_FOR_USER fields

userName

ASN1F_PACKET

<PrincipalName  |>

userRealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

cksum

ASN1F_PACKET

<Checksum  |>

authPackage

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['Kerberos']>

class scapy.layers.kerberos.PA_FX_FAST_REPLY(_pkt, /, *, armoredData=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
aliastypes
fields_desc
PA_FX_FAST_REPLY fields

armoredData

ASN1F_CHOICE

<ASN1_STRING['']>

class scapy.layers.kerberos.PA_FX_FAST_REQUEST(_pkt, /, *, armoredData=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
aliastypes
fields_desc
PA_FX_FAST_REQUEST fields

armoredData

ASN1F_CHOICE

<ASN1_STRING['']>

class scapy.layers.kerberos.PA_PAC_OPTIONS(_pkt, /, *, options=<ASN1_BIT_STRING[]=b'' (0 unused bit)>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>,)>
aliastypes
fields_desc
PA_PAC_OPTIONS fields

options

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

class scapy.layers.kerberos.PA_PAC_REQUEST(_pkt, /, *, includePac=True <ASN1_BOOLEAN[True]>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_BOOLEAN object>,)>
aliastypes
fields_desc
PA_PAC_REQUEST fields

includePac

ASN1F_BOOLEAN

True <ASN1_BOOLEAN[True]>

class scapy.layers.kerberos.PA_PK_AS_REP(_pkt, /, *, rep=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
aliastypes
fields_desc
PA_PK_AS_REP fields

rep

ASN1F_CHOICE

<ASN1_STRING['']>

class scapy.layers.kerberos.PA_PK_AS_REQ(_pkt, /, *, signedAuthpack=<ASN1_STRING['']>, trustedCertifiers=[<ExternalPrincipalIdentifier  |>], kdcPkId=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
PA_PK_AS_REQ fields

signedAuthpack

ASN1F_STRING

<ASN1_STRING['']>

trustedCertifiers

ASN1F_SEQUENCE_OF

[<ExternalPrincipalIdentifier  |>]

kdcPkId

ASN1F_STRING

<ASN1_STRING['']>

class scapy.layers.kerberos.PA_S4U_X509_USER(_pkt, /, *, userId=<S4UUserID  |>, checksum=<Checksum  |>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>
aliastypes
fields_desc
PA_S4U_X509_USER fields

userId

ASN1F_PACKET

<S4UUserID  |>

checksum

ASN1F_PACKET

<Checksum  |>

class scapy.layers.kerberos.PA_SUPPORTED_ENCTYPES(_pkt, /, *, flags=<Flag 0 ()>)[source]

Bases: Packet

aliastypes
fields_desc
Display RFC-like schema
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                             FLAGS                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Fig. PA_SUPPORTED_ENCTYPES                    
PA_SUPPORTED_ENCTYPES fields

flags

FlagsField

<Flag 0 ()>

class scapy.layers.kerberos.PrincipalName(_pkt, /, *, nameType=0x0 <ASN1_INTEGER[0]>, nameString=[])[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <ASN1F_SEQUENCE_OF nameString>)>
aliastypes
fields_desc
PrincipalName fields

nameType

ASN1F_enum_INTEGER

0x0 <ASN1_INTEGER[0]>

nameString

ASN1F_SEQUENCE_OF

[]

static fromSPN(spn: bytes)[source]
static fromUPN(upn: str)[source]
class scapy.layers.kerberos.S4UUserID(_pkt, /, *, nonce=0x0 <ASN1_INTEGER[0]>, cname=None, crealm=<ASN1_GENERAL_STRING['']>, subjectCertificate=None, options=<ASN1_BIT_STRING[]=b'' (0 unused bit)>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
aliastypes
fields_desc
S4UUserID fields

nonce

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

cname

ASN1F_PACKET

None

crealm

ASN1F_GENERAL_STRING

<ASN1_GENERAL_STRING['']>

subjectCertificate

ASN1F_STRING

None

options

ASN1F_FLAGS

<ASN1_BIT_STRING[]=b'' (0 unused bit)>

class scapy.layers.kerberos.TransitedEncoding(_pkt, /, *, trType=0x0 <ASN1_INTEGER[0]>, contents=<ASN1_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>
ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>)>
aliastypes
fields_desc
TransitedEncoding fields

trType

ASN1F_INTEGER

0x0 <ASN1_INTEGER[0]>

contents

ASN1F_STRING

<ASN1_STRING['']>

scapy.layers.kerberos.kpasswd(upn, targetupn=None, ip=None, password=None, newpassword=None, key=None, ticket=None, realm=None, ssp=None, setpassword=None, timeout=3, port=464, debug=0, **kwargs)[source]

Change a password using RFC3244’s Kerberos Set / Change Password.

Parameters:
  • upn – the UPN to use for authentication

  • targetupn – (optional) the UPN to change the password of. If not specified, same as upn.

  • ip – the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local).

  • key – (optional) pass the Key object.

  • ticket – (optional) a ticket to use. Either a TGT or ST for kadmin/changepw.

  • password – (optional) otherwise, pass the user’s password

  • realm – (optional) the realm to use. Otherwise use the one from UPN.

  • setpassword – (optional) use “Set Password” mechanism.

  • ssp – (optional) a Kerberos SSP for the service kadmin/changepw@REALM. If provided, you probably don’t need anything else. Otherwise built.

scapy.layers.kerberos.krb_as_and_tgs(upn, spn, ip=None, key=None, password=None, **kwargs)[source]

Kerberos AS-Req then TGS-Req

scapy.layers.kerberos.krb_as_req(upn, spn=None, ip=None, key=None, password=None, realm=None, host='WIN10', **kwargs)[source]

Kerberos AS-Req

Parameters:
  • upn – the user principal name formatted as “DOMAINuser”, “DOMAIN/user” or “user@DOMAIN

  • spn – (optional) the full service principal name. Defaults to “krbtgt/<realm>”

  • ip – the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local).

  • key – (optional) pass the Key object.

  • password – (optional) otherwise, pass the user’s password

  • realm – (optional) the realm to use. Otherwise use the one from UPN.

  • host – (optional) the host performing the AS-Req. WIN10 by default.

Returns:

returns a named tuple (asrep=<…>, sessionkey=<…>)

Example:

>>> # The KDC is on 192.168.122.17, we ask a TGT for user1
>>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1")

Equivalent:

>>> from scapy.libs.rfc3961 import Key, EncryptionType
>>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546
...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9"))
>>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key)
scapy.layers.kerberos.krb_get_salt(upn, ip=None, realm=None, host='WIN10', **kwargs)[source]

Kerberos AS-Req only to get the salt associated with the UPN.

scapy.layers.kerberos.krb_tgs_req(upn, spn, sessionkey, ticket, ip=None, renew=False, realm=None, additional_tickets=[], u2u=False, etypes=None, for_user=None, s4u2proxy=False, **kwargs)[source]

Kerberos TGS-Req

Parameters:
  • upn – the user principal name formatted as “DOMAINuser”, “DOMAIN/user” or “user@DOMAIN

  • spn – the full service principal name (e.g. “cifs/srv1”)

  • sessionkey – the session key retrieved from the tgt

  • ticket – the tgt ticket

  • ip – the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local).

  • renew – ask for renewal

  • realm – (optional) the realm to use. Otherwise use the one from SPN.

  • additional_tickets – (optional) a list of additional tickets to pass.

  • u2u – (optional) if specified, enable U2U and request the ticket to be signed using the session key from the first additional ticket.

  • etypes – array of EncryptionType values. By default: AES128, AES256, RC4, DES_MD5

  • for_user – a user principal name to request the ticket for. This is the S4U2Self extension.

Returns:

returns a named tuple (tgsrep=<…>, sessionkey=<…>)

Example:

>>> # The KDC is on 192.168.122.17, we ask a TGT for user1
>>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1")

Equivalent:

>>> from scapy.libs.rfc3961 import Key, EncryptionType
>>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546
...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9"))
>>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key)