scapy.layers.kerberos
Kerberos V5
Implements parts of:
Kerberos Network Authentication Service (V5): RFC4120
Kerberos Version 5 GSS-API: RFC1964, RFC4121
Kerberos Pre-Authentication: RFC6113 (FAST)
Kerberos Principal Name Canonicalization and Cross-Realm Referrals: RFC6806
Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols: RFC3244
PKINIT and its extensions: RFC4556, RFC8070, RFC8636 and [MS-PKCA]
User to User Kerberos Authentication: draft-ietf-cat-user2user-03
Public Key Cryptography Based User-to-User Authentication (PKU2U): draft-zhu-pku2u-09
Initial and Pass Through Authentication Using Kerberos V5 (IAKERB): draft-ietf-kitten-iakerb-03
Kerberos Protocol Extensions: [MS-KILE]
Kerberos Protocol Extensions: Service for User: [MS-SFU]
Kerberos Key Distribution Center Proxy Protocol: [MS-KKDCP]
Note
You will find more complete documentation for this layer over at Kerberos
Example decryption:
>>> from scapy.libs.rfc3961 import Key, EncryptionType
>>> pkt = Ether(hex_bytes("525400695813525400216c2b08004500015da71840008006dc\
83c0a87a9cc0a87a11c209005854f6ab2392c25bd650182014b6e00000000001316a8201\
2d30820129a103020105a20302010aa3633061304ca103020102a24504433041a0030201\
12a23a043848484decb01c9b62a1cabfbc3f2d1ed85aa5e093ba8358a8cea34d4393af93\
bf211e274fa58e814878db9f0d7a28d94e7327660db4f3704b3011a10402020080a20904\
073005a0030101ffa481b73081b4a00703050040810010a1123010a003020101a1093007\
1b0577696e3124a20e1b0c444f4d41494e2e4c4f43414ca321301fa003020102a1183016\
1b066b72627467741b0c444f4d41494e2e4c4f43414ca511180f32303337303931333032\
343830355aa611180f32303337303931333032343830355aa7060204701cc5d1a8153013\
0201120201110201170201180202ff79020103a91d301b3019a003020114a11204105749\
4e31202020202020202020202020"))
>>> enc = pkt[Kerberos].root.padata[0].padataValue
>>> k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23a\
e87127a819d42e69b5e22de0ddc63da80096d"))
>>> enc.decrypt(k)
- scapy.layers.kerberos.ADMANDATORYFORKDC[source]
alias of
AuthorizationData
- class scapy.layers.kerberos.AD_AND_OR(_pkt, /, *, conditionCount=0x0 <ASN1_INTEGER[0]>, elements=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.AD_AND_OR'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- scapy.layers.kerberos.AD_IF_RELEVANT[source]
alias of
AuthorizationData
- class scapy.layers.kerberos.AD_KDCIssued(_pkt, /, *, adChecksum=<Checksum |>, iRealm=<ASN1_GENERAL_STRING['']>, iSname=None, elements=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.AD_KDCIssued'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.ASN1_Class_KRB[source]
Bases:
ASN1_Class- AP_REP = <ASN1Tag AP_REP[111]>
- AP_REQ = <ASN1Tag AP_REQ[110]>
- AS_REP = <ASN1Tag AS_REP[107]>
- AS_REQ = <ASN1Tag AS_REQ[106]>
- Authenticator = <ASN1Tag Authenticator[98]>
- CRED = <ASN1Tag CRED[118]>
- ERROR = <ASN1Tag ERROR[126]>
- EncAPRepPart = <ASN1Tag EncAPRepPart[123]>
- EncASRepPart = <ASN1Tag EncASRepPart[121]>
- EncKrbCredPart = <ASN1Tag EncKrbCredPart[125]>
- EncKrbPrivPart = <ASN1Tag EncKrbPrivPart[124]>
- EncTGSRepPart = <ASN1Tag EncTGSRepPart[122]>
- EncTicketPart = <ASN1Tag EncTicketPart[99]>
- PRIV = <ASN1Tag PRIV[117]>
- TGS_REP = <ASN1Tag TGS_REP[109]>
- TGS_REQ = <ASN1Tag TGS_REQ[108]>
- Ticket = <ASN1Tag Ticket[97]>
- Token = <ASN1Tag Token[96]>
- name = 'Kerberos'
- class scapy.layers.kerberos.AuthorizationData(_pkt, /, *, seq=[<AuthorizationDataItem |>])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF seq>
- aliastypes = [<class 'scapy.layers.kerberos.AuthorizationData'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.AuthorizationDataItem(_pkt, /, *, adType=0x0 <ASN1_INTEGER[0]>, adData=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._AuthorizationData_value_Field object>)>
- aliastypes = [<class 'scapy.layers.kerberos.AuthorizationDataItem'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.ChangePasswdData(_pkt, /, *, newpasswd=<ASN1_STRING[<ASN1_STRING['']>]>, targname=None, targrealm=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.ChangePasswdData'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.Checksum(_pkt, /, *, cksumtype=0x0 <ASN1_INTEGER[0]>, checksum=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._Checksum_Field object>)>
- aliastypes = [<class 'scapy.layers.kerberos.Checksum'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._Checksum_Field object>]
- class scapy.layers.kerberos.DHRepInfo(_pkt, /, *, dhSignedData=<ASN1_STRING[b'0\x0b\x06\t*\x86H\x86\xf7\r\x01\x07\x02']>, serverDHNonce=<ASN1_STRING['']>, kdf=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING_ENCAPS object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.DHRepInfo'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.ETYPE_INFO(_pkt, /, *, seq=[<ETYPE_INFO_ENTRY |>])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF seq>
- aliastypes = [<class 'scapy.layers.kerberos.ETYPE_INFO'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.ETYPE_INFO2(_pkt, /, *, seq=[<ETYPE_INFO_ENTRY2 |>])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF seq>
- aliastypes = [<class 'scapy.layers.kerberos.ETYPE_INFO2'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.ETYPE_INFO_ENTRY(_pkt, /, *, etype=0x1 <ASN1_INTEGER[1]>, salt=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.ETYPE_INFO_ENTRY'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.ETYPE_INFO_ENTRY2(_pkt, /, *, etype=0x1 <ASN1_INTEGER[1]>, salt=<ASN1_GENERAL_STRING['']>, s2kparams=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.ETYPE_INFO_ENTRY2'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.EncAPRepPart(_pkt, /, *, ctime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, cusec=0x0 <ASN1_INTEGER[0]>, subkey=None, seqNumber=0x0 <ASN1_INTEGER[0]>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.EncAPRepPart'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.EncASRepPart(_pkt, /, *, key=None, lastReq=[], nonce=0x0 <ASN1_INTEGER[0]>, keyExpiration=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, flags=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, authtime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, starttime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, endtime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, renewTill=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, srealm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName |>, caddr=[], encryptedPaData=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF lastReq>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.EncASRepPart'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF lastReq>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF caddr>, <ASN1F_SEQUENCE_OF encryptedPaData>]
- class scapy.layers.kerberos.EncKeyPack(_pkt, /, *, encKeyPack=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <scapy.asn1fields.ASN1F_STRING object>
- aliastypes = [<class 'scapy.layers.kerberos.EncKeyPack'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.EncKrbCredPart(_pkt, /, *, ticketInfo=[<KrbCredInfo key=<EncryptionKey |> |>], nonce=None, timestamp=None, usec=None, sAddress=None, cAddress=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF ticketInfo>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.EncKrbCredPart'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ASN1F_SEQUENCE_OF ticketInfo>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>]
- class scapy.layers.kerberos.EncKrbPrivPart(_pkt, /, *, userData=<ASN1_STRING[<ASN1_STRING['']>]>, timestamp=None, usec=None, seqNumber=None, sAddress=None, cAddress=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.EncKrbPrivPart'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>]
- class scapy.layers.kerberos.EncTGSRepPart(_pkt, /, *, key=None, lastReq=[], nonce=0x0 <ASN1_INTEGER[0]>, keyExpiration=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, flags=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, authtime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, starttime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, endtime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, renewTill=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, srealm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName |>, caddr=[], encryptedPaData=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF lastReq>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.EncTGSRepPart'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF lastReq>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF caddr>, <ASN1F_SEQUENCE_OF encryptedPaData>]
- class scapy.layers.kerberos.EncTicketPart(_pkt, /, *, flags=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, key=<EncryptionKey |>, crealm=<ASN1_GENERAL_STRING['']>, cname=<PrincipalName |>, transited=<TransitedEncoding |>, authtime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, starttime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, endtime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, renewTill=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, addresses=[], authorizationData=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.EncTicketPart'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <ASN1F_SEQUENCE_OF addresses>, <scapy.asn1fields.ASN1F_PACKET object>]
- class scapy.layers.kerberos.EncryptedData(_pkt, /, *, etype=0x17 <ASN1_INTEGER[23]>, kvno=None, cipher=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_STRING object>)>
- aliastypes = [<class 'scapy.layers.kerberos.EncryptedData'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- decrypt(key, key_usage_number=None, cls=None)[source]
Decrypt and return the data contained in cipher.
- Parameters:
key – the key to use for decryption
key_usage_number – (optional) specify the key usage number. Guessed otherwise
cls – (optional) the class of the decrypted payload Guessed otherwise (or bytes)
- encrypt(key, text, confounder=None, key_usage_number=None)[source]
Encrypt text and set it into cipher.
- Parameters:
key – the key to use for encryption
text – the bytes value to encode
confounder – (optional) specify the confounder bytes. Random otherwise
key_usage_number – (optional) specify the key usage number. Guessed otherwise
- class scapy.layers.kerberos.EncryptionKey(_pkt, /, *, keytype=0x0 <ASN1_INTEGER[0]>, keyvalue=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>)>
- aliastypes = [<class 'scapy.layers.kerberos.EncryptionKey'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.ExternalPrincipalIdentifier(_pkt, /, *, subjectName=None, issuerAndSerialNumber=None, subjectKeyIdentifier=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.ExternalPrincipalIdentifier'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.HostAddress(_pkt, /, *, addrType=0x0 <ASN1_INTEGER[0]>, address=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>)>
- aliastypes = [<class 'scapy.layers.kerberos.HostAddress'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.IAKERB_HEADER(_pkt, /, *, targetRealm=<ASN1_GENERAL_STRING['']>, cookie=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.IAKERB_HEADER'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KDCDHKeyInfo(_pkt, /, *, subjectPublicKey=<ASN1_BIT_STRING[0000001000...0100000000]=b'\x02\x01\x00' (0 unused bit)>, nonce=0x0 <ASN1_INTEGER[0]>, dhKeyExpiration=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_BIT_STRING_ENCAPS object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KDCDHKeyInfo'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KDC_PROXY_MESSAGE(_pkt, /, *, kerbMessage=<ASN1_STRING['']>, targetDomain=None, dclocatorHint=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.layers.kerberos._KerbMessage_Field object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KDC_PROXY_MESSAGE'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KDFAlgorithmId(_pkt, /, *, kdfId=<ASN1_OID['.']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_OID object>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KDFAlgorithmId'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_AD_LOGIN_ALIAS(_pkt, /, *, loginAliases=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF loginAliases>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_AD_LOGIN_ALIAS'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_AD_RESTRICTION_ENTRY(_pkt, /, *, restrictionType=0x0 <ASN1_INTEGER[0]>, restriction=<ASN1_STRING[b'']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._KerbAdRestrictionEntry_Field object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_AD_RESTRICTION_ENTRY'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_AUTH_DATA_AP_OPTIONS(_pkt, /, *, apOptions=<Flag 16384 (KERB_AP_OPTIONS_CBT)>)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KERB_AUTH_DATA_AP_OPTIONS'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_AUTH_DATA_CLIENT_TARGET(_pkt, /, *, spn=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KERB_AUTH_DATA_CLIENT_TARGET'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_DMSA_KEY_PACKAGE(_pkt, /, *, currentKeys=[], previousKeys=[], expirationInterval=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, fetchInterval=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF currentKeys>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_DMSA_KEY_PACKAGE'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_ERROR_DATA(_pkt, /, *, dataType=0x2 <ASN1_INTEGER[2]>, dataValue=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_ERROR_DATA'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_ERROR_UNK(_pkt, /, *, dataType=0x0 <ASN1_INTEGER[0]>, dataValue=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_ERROR_UNK'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_EXT_ERROR(_pkt, /, *, status=0, reserved=0, flags=1)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KERB_EXT_ERROR'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_KEY_LIST_REP(_pkt, /, *, keys=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF keys>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_KEY_LIST_REP'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_KEY_LIST_REQ(_pkt, /, *, keytypes=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF keytypes>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_KEY_LIST_REQ'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KERB_SUPERSEDED_BY_USER(_pkt, /, *, name=None, realm=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KERB_SUPERSEDED_BY_USER'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KPASSWD_REP(_pkt, /, *, len=None, pvno=1, apreplen=None, aprep=<KRB_AP_REP |>, krbpriv=<KRB_PRIV |>, error=<KRB_ERROR sname=<PrincipalName |> |>)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KPASSWD_REP'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KPASSWD_REQ(_pkt, /, *, len=None, pvno=65408, apreqlen=None, apreq=<KRB_AP_REQ |>, krbpriv=<KRB_PRIV |>, error=<KRB_ERROR sname=<PrincipalName |> |>)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KPASSWD_REQ'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KPasswdRepData(_pkt, /, *, resultCode=0, resultString=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KPasswdRepData'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_AP_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xf <ASN1_INTEGER[15]>, encPart=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_AP_REP'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_AP_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xe <ASN1_INTEGER[14]>, apOptions=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, ticket=None, authenticator=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_AP_REQ'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_AS_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xb <ASN1_INTEGER[11]>, padata=[], crealm=<ASN1_GENERAL_STRING['']>, cname=None, ticket=None, encPart=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_AS_REP'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <ASN1F_SEQUENCE_OF padata>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>]
- class scapy.layers.kerberos.KRB_AS_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xa <ASN1_INTEGER[10]>, padata=[], reqBody=<KRB_KDC_REQ_BODY |>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_AS_REQ'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_AuthPack(_pkt, /, *, pkAuthenticator=<KRB_PKAuthenticator |>, clientPublicValue=<X509_SubjectPublicKeyInfo |>, supportedCMSTypes=None, clientDHNonce=None, supportedKDFs=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_AuthPack'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_Authenticator(_pkt, /, *, authenticatorPvno=0x5 <ASN1_INTEGER[5]>, crealm=<ASN1_GENERAL_STRING['']>, cname=None, cksum=None, cusec=0x0 <ASN1_INTEGER[0]>, ctime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, subkey=None, seqNumber=0x0 <ASN1_INTEGER[0]>, encAuthorizationData=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_Authenticator'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>]
- class scapy.layers.kerberos.KRB_AuthenticatorChecksum(_pkt, /, *, Lgth=None, Bnd=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', Flags=<Flag 0 ()>, DlgOpt=1, Dlgth=None, Deleg=<KRB_CRED tickets=[<KRB_Ticket sname=<PrincipalName |> encPart=<EncryptedData |> |>] |>, Exts=[<KRB_GSS_EXT |>])[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_AuthenticatorChecksum'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FieldLenField (KRB_AuthenticatorChecksum).Lgth>, <XStrLenField (KRB_AuthenticatorChecksum).Bnd>, <FlagsField (KRB_AuthenticatorChecksum).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <PacketListField (KRB_AuthenticatorChecksum).Exts>]
- class scapy.layers.kerberos.KRB_CRED(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x16 <ASN1_INTEGER[22]>, tickets=[<KRB_Ticket sname=<PrincipalName |> encPart=<EncryptedData |> |>], encPart=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <ASN1F_SEQUENCE_OF tickets>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_CRED'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_ERROR(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x1e <ASN1_INTEGER[30]>, ctime=None, cusec=None, stime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, susec=0x0 <ASN1_INTEGER[0]>, errorCode=0x0 <ASN1_INTEGER[0]>, crealm=None, cname=None, realm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName |>, eText=<ASN1_GENERAL_STRING['']>, eData=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_ERROR'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.layers.kerberos._KRBERROR_data_Field object>]
- class scapy.layers.kerberos.KRB_FINISHED(_pkt, /, *, gssMic=<Checksum |>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_FINISHED'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_GSSAPI_Token(_pkt, /, *, MechType=<ASN1_OID['Kerberos 5']>, innerToken=<KRB_InnerToken root=<KRB_AP_REQ |> |>)[source]
Bases:
GSSAPI_BLOB- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_OID object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_GSSAPI_Token'>, <class 'scapy.layers.gssapi.GSSAPI_BLOB'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_GSS_Delete_sec_context_RFC1964(_pkt, /, *, SGN_ALG=0, Filler=4294967295, SND_SEQ=b'', SGN_CKSUM=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_GSS_Delete_sec_context_RFC1964'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEShortEnumField (KRB_GSS_MIC_RFC1964,KRB_GSS_Delete_sec_context_RFC1964).SGN_ALG>, <XLEIntField (KRB_GSS_MIC_RFC1964,KRB_GSS_Delete_sec_context_RFC1964).Filler>, <XStrFixedLenField (KRB_GSS_MIC_RFC1964,KRB_GSS_Delete_sec_context_RFC1964).SND_SEQ>, <scapy.fields.PadField object>]
- class scapy.layers.kerberos.KRB_GSS_EXT(_pkt, /, *, type=0, length=None, data=None)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_GSS_EXT'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_GSS_MIC(_pkt, /, *, Flags=<Flag 0 ()>, Filler=b'\xff\xff\xff\xff\xff', SND_SEQ=0, SGN_CKSUM=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_GSS_MIC'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_GSS_MIC_RFC1964(_pkt, /, *, SGN_ALG=0, Filler=4294967295, SND_SEQ=b'', SGN_CKSUM=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_GSS_MIC_RFC1964'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEShortEnumField (KRB_GSS_MIC_RFC1964,KRB_GSS_Delete_sec_context_RFC1964).SGN_ALG>, <XLEIntField (KRB_GSS_MIC_RFC1964,KRB_GSS_Delete_sec_context_RFC1964).Filler>, <XStrFixedLenField (KRB_GSS_MIC_RFC1964,KRB_GSS_Delete_sec_context_RFC1964).SND_SEQ>, <scapy.fields.PadField object>]
- class scapy.layers.kerberos.KRB_GSS_Wrap(_pkt, /, *, Flags=<Flag 0 ()>, Filler=255, EC=0, RRC=0, SND_SEQ=0, Data=None)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_GSS_Wrap'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_GSS_Wrap_RFC1964(_pkt, /, *, SGN_ALG=0, SEAL_ALG=0, Filler=65535, SND_SEQ=b'', SGN_CKSUM=b'', CONFOUNDER=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_GSS_Wrap_RFC1964'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEShortEnumField (KRB_GSS_Wrap_RFC1964).SGN_ALG>, <LEShortEnumField (KRB_GSS_Wrap_RFC1964).SEAL_ALG>, <XLEShortField (KRB_GSS_Wrap_RFC1964).Filler>, <XStrFixedLenField (KRB_GSS_Wrap_RFC1964).SND_SEQ>, <scapy.fields.PadField object>, <XStrFixedLenField (KRB_GSS_Wrap_RFC1964).CONFOUNDER>]
- class scapy.layers.kerberos.KRB_InnerToken(_pkt, /, *, TOK_ID=b'\x01\x00', root=<KRB_AP_REQ |>)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KRB_InnerToken'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_KDC_REQ_BODY(_pkt, /, *, kdcOptions=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, cname=None, realm=<ASN1_GENERAL_STRING['']>, sname=None, from_=None, till=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, rtime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, nonce=0x0 <ASN1_INTEGER[0]>, etype=[], addresses=[], encAuthorizationData=None, additionalTickets=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_INTEGER object>, <ASN1F_SEQUENCE_OF etype>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_KDC_REQ_BODY'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <ASN1F_SEQUENCE_OF etype>, <ASN1F_SEQUENCE_OF addresses>, <scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF additionalTickets>]
- class scapy.layers.kerberos.KRB_PKAuthenticator(_pkt, /, *, cusec=0x0 <ASN1_INTEGER[0]>, ctime=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, nonce=0x0 <ASN1_INTEGER[0]>, paChecksum=<ASN1_STRING['']>, freshnessToken=None, paChecksum2=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_PKAuthenticator'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>]
- class scapy.layers.kerberos.KRB_PRIV(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x15 <ASN1_INTEGER[21]>, encPart=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_PRIV'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_TGS_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xb <ASN1_INTEGER[11]>, padata=[], crealm=<ASN1_GENERAL_STRING['']>, cname=None, ticket=None, encPart=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_TGS_REP'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <ASN1F_SEQUENCE_OF padata>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>]
- class scapy.layers.kerberos.KRB_TGS_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0xc <ASN1_INTEGER[12]>, padata=[], reqBody=<KRB_KDC_REQ_BODY |>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_TGS_REQ'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_TGT_REP(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x11 <ASN1_INTEGER[17]>, ticket=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_TGT_REP'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_TGT_REQ(_pkt, /, *, pvno=0x5 <ASN1_INTEGER[5]>, msgType=0x10 <ASN1_INTEGER[16]>, sname=None, realm=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_TGT_REQ'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KRB_Ticket(_pkt, /, *, tktVno=0x5 <ASN1_INTEGER[5]>, realm=<ASN1_GENERAL_STRING['']>, sname=<PrincipalName |>, encPart=<EncryptedData |>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KRB_Ticket'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KdcProxySocket(url, targetDomain, dclocatorHint=None, no_check_certificate=False, **kwargs)[source]
Bases:
SuperSocketThis is a wrapper of a HTTP_Client that does KKDCP proxying, disguised as a SuperSocket to be compatible with the rest of the KerberosClient.
- class scapy.layers.kerberos.Kerberos(_pkt, /, *, root=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
- aliastypes = [<class 'scapy.layers.kerberos.Kerberos'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KerberosClient(self, debug: int = 0, store: int = 0, session: Any = None, **kargs: Any)[source]
Bases:
AutomatonImplementation of a Kerberos client.
Prefer to use the
krb_as_reqandkrb_tgs_reqfunctions which wrap this client.Common parameters:
- Parameters:
mode – the mode to use for the client (default: AS_REQ).
ip – the IP of the DC (default: discovered by dclocator)
upn – the UPN of the client.
canonicalize – request the UPN to be canonicalized.
password – the password of the client.
key – the Key of the client (instead of the password)
realm – the realm of the domain. (default: from the UPN)
host – the name of the host doing the request
port – the Kerberos port (default 88)
timeout – timeout of each request (default 5)
Advanced common parameters:
- Parameters:
kdc_proxy – specify a KDC proxy url
kdc_proxy_no_check_certificate – do not check the KDC proxy certificate
fast – use FAST armoring
armor_ticket – an external ticket to use for armoring
armor_ticket_upn – the UPN of the client of the armoring ticket
armor_ticket_skey – the session Key object of the armoring ticket
etypes – specify the list of encryption types to support
dhashes – specify the list of supported digest algorithms for PKINIT (defaults to [“sha1”, “sha256”, “sha384”, “sha512”])
AS-REQ only:
- Parameters:
x509 – a X509 certificate to use for PKINIT AS_REQ or S4U2Proxy
x509key – the private key of the X509 certificate (in an AS_REQ)
ca – the CA list that verifies the peer (KDC) certificate. Typically only the ROOT CA is required.
p12 – (optional) use a pfx/p12 instead of x509 and x509key. In this case, ‘password’ is the password of the p12.
pkinit_kex_method – (advanced) whether to use the DIFFIE-HELLMAN method or the Certificate based one for PKINIT.
TGS-REQ only:
- Parameters:
spn – the SPN to request in a TGS-REQ
ticket – the existing ticket to use in a TGS-REQ
renew – sets the Renew flag in a TGS-REQ
additional_tickets – in U2U or S4U2Proxy, the additional tickets
u2u – sets the U2U flag
for_user – the UPN of another user in TGS-REQ, to do a S4U2Self
s4u2proxy – sets the S4U2Proxy flag
dmsa – sets the ‘unconditional delegation’ mode for DMSA TGT retrieval
- BEGIN(*args: ATMT, **kargs: Any) NewStateRequested[source]
- FINAL(*args: ATMT, **kargs: Any) NewStateRequested[source]
- SENT_AS_REQ(*args: ATMT, **kargs: Any) NewStateRequested[source]
- SENT_TGS_REQ(*args: ATMT, **kargs: Any) NewStateRequested[source]
- actions: Dict[str, List[_StateWrapper]] = {'receive_as_rep': [<function KerberosClient.decrypt_as_rep>], 'receive_krb_error_as_req': [], 'receive_krb_error_tgs_req': [], 'receive_salt_mode': [], 'receive_tgs_rep': [<function KerberosClient.decrypt_tgs_rep>], 'retry_after_eof_in_apreq': [], 'should_send_as_req': [<function KerberosClient.send_as_req>], 'should_send_tgs_req': [<function KerberosClient.send_tgs_req>]}
- conditions: Dict[str, List[_StateWrapper]] = {'BEGIN': [<function KerberosClient.should_send_as_req>, <function KerberosClient.should_send_tgs_req>], 'FINAL': [], 'SENT_AS_REQ': [], 'SENT_TGS_REQ': []}
- eofs: Dict[str, _StateWrapper] = {'SENT_AS_REQ': <function KerberosClient.retry_after_eof_in_apreq>}
- initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]
- ioevents: Dict[str, List[_StateWrapper]] = {'BEGIN': [], 'FINAL': [], 'SENT_AS_REQ': [], 'SENT_TGS_REQ': []}
- ionames: List[str] = []
- iosupersockets: List[SuperSocket] = []
- recv_conditions: Dict[str, List[_StateWrapper]] = {'BEGIN': [], 'FINAL': [], 'SENT_AS_REQ': [<function KerberosClient.receive_salt_mode>, <function KerberosClient.receive_krb_error_as_req>, <function KerberosClient.receive_as_rep>], 'SENT_TGS_REQ': [<function KerberosClient.receive_krb_error_tgs_req>, <function KerberosClient.receive_tgs_rep>]}
- states: Dict[str, _StateWrapper] = {'BEGIN': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'FINAL': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_AS_REQ': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_TGS_REQ': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}
- stop_state: _StateWrapper | None = None
- timeout: Dict[str, _TimerList] = {'BEGIN': [], 'FINAL': [], 'SENT_AS_REQ': [], 'SENT_TGS_REQ': []}
- class scapy.layers.kerberos.KerberosSSP(ST=None, UPN=None, PASSWORD=None, U2U=False, KEY=None, SPN=None, TGT=None, DC_IP=None, SKEY_TYPE=None, debug=0, **kwargs)[source]
Bases:
SSPThe KerberosSSP
Client settings:
- Parameters:
ST – the service ticket to use for access. If not provided, will be retrieved
SPN – the SPN of the service to use. If not provided, will use the target_name provided in the GSS_Init_sec_context
UPN – The client UPN
DC_IP – (optional) is ST+KEY are not provided, will need to contact the KDC at this IP. If not provided, will perform dc locator.
TGT – (optional) pass a TGT to use to get the ST.
KEY – the session key associated with the ST if it is provided, OR the session key associated with the TGT OR the kerberos key associated with the UPN
PASSWORD – (optional) if a UPN is provided and not a KEY, this is the password of the UPN.
U2U – (optional) use U2U when requesting the ST.
Server settings:
- Parameters:
SPN – the SPN of the service to use.
KEY – the kerberos key to use to decrypt the AP-req
UPN – (optional) the UPN, if used in U2U mode.
TGT – (optional) pass a TGT to use for U2U.
DC_IP – (optional) if TGT is not provided, request one on the KDC at this IP using using the KEY when using U2U.
- class CONTEXT(IsAcceptor, req_flags=None)[source]
Bases:
CONTEXT- IsAcceptor
- KrbSessionKey
- PAC
- RecvSealKeyUsage
- RecvSeqNum
- RecvSignKeyUsage
- ST
- STSessionKey
- SendSealKeyUsage
- SendSeqNum
- SendSignKeyUsage
- SeqNum
- ServerHostname
- SessionKey
- U2U
- UPN
- GSS_Accept_sec_context(Context: CONTEXT, input_token=None, req_flags: GSS_S_FLAGS | None = <GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS: 268435456>, chan_bindings: GssChannelBindings = b'\x00')[source]
- GSS_Init_sec_context(Context: CONTEXT, input_token=None, target_name: str | None = None, req_flags: GSS_C_FLAGS | None = None, chan_bindings: GssChannelBindings = b'\x00')[source]
- GSS_Passive(Context: CONTEXT, input_token=None, req_flags: GSS_S_FLAGS | None = <GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS: 268435456>)[source]
- GSS_UnwrapEx(Context, msgs, signature)[source]
[MS-KILE] sect 3.4.5.5
AES: RFC4121 sect 4.2.6.2
HMAC-RC4: RFC4757 sect 7.3
- GSS_WrapEx(Context, msgs, qop_req: GSS_QOP_REQ_FLAGS = 0)[source]
[MS-KILE] sect 3.4.5.4
AES: RFC4121 sect 4.2.6.2 and [MS-KILE] sect 3.4.5.4.1
HMAC-RC4: RFC4757 sect 7.3 and [MS-KILE] sect 3.4.5.4.1
- class STATE(*values)[source]
Bases:
STATE- CLI_RCVD_APREP = 4
- CLI_SENT_APREQ = 3
- CLI_SENT_TGTREQ = 2
- FAILED = -1
- INIT = 1
- SRV_SENT_APREP = 5
- auth_type = 16
- class scapy.layers.kerberos.KerberosTCPHeader(_pkt, /, *, len=None)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KerberosTCPHeader'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LenField (KerberosTCPHeader).len>]
- class scapy.layers.kerberos.Kpasswd(_pkt, /)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.Kpasswd'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KpasswdTCPHeader(_pkt, /, *, len=None)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.KpasswdTCPHeader'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LenField (KpasswdTCPHeader).len>]
- class scapy.layers.kerberos.KrbCredInfo(_pkt, /, *, key=<EncryptionKey |>, prealm=None, pname=None, flags=None, authtime=None, starttime=None, endtime=None, renewTill=None, srealm=None, sname=None, caddr=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KrbCredInfo'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_FLAGS object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <ASN1F_SEQUENCE_OF caddr>]
- class scapy.layers.kerberos.KrbFastArmor(_pkt, /, *, armorType=0x1 <ASN1_INTEGER[1]>, armorValue=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._KrbFastArmor_value_Field object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KrbFastArmor'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KrbFastArmoredRep(_pkt, /, *, encFastRep=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>,)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KrbFastArmoredRep'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KrbFastArmoredReq(_pkt, /, *, armor=None, reqChecksum=<Checksum |>, encFastReq=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>,)>
- aliastypes = [<class 'scapy.layers.kerberos.KrbFastArmoredReq'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KrbFastFinished(_pkt, /, *, timestamp=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, usec=0x0 <ASN1_INTEGER[0]>, crealm=<ASN1_GENERAL_STRING['']>, cname=None, ticketChecksum=<Checksum |>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KrbFastFinished'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KrbFastReq(_pkt, /, *, fastOptions=<ASN1_BIT_STRING[]=b'' (0 unused bit)>, padata=[<PADATA |>], reqBody=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>, <ASN1F_SEQUENCE_OF padata>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KrbFastReq'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.KrbFastResponse(_pkt, /, *, padata=[<PADATA |>], strengthenKey=None, finished=<KrbFastFinished ticketChecksum=<Checksum |> |>, nonce=0x0 <ASN1_INTEGER[0]>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF padata>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_INTEGER object>)>
- aliastypes = [<class 'scapy.layers.kerberos.KrbFastResponse'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.LSAP_TOKEN_INFO_INTEGRITY(_pkt, /, *, Flags=<Flag 0 ()>, TokenIL=8192, MachineID=b'', PermanentMachineID=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.LSAP_TOKEN_INFO_INTEGRITY'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.LastReqItem(_pkt, /, *, lrType=0x0 <ASN1_INTEGER[0]>, lrValue=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_GENERALIZED_TIME object>)>
- aliastypes = [<class 'scapy.layers.kerberos.LastReqItem'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.MethodData(_pkt, /, *, seq=[<PADATA |>])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF seq>
- aliastypes = [<class 'scapy.layers.kerberos.MethodData'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PAChecksum2(_pkt, /, *, checksum=<ASN1_STRING['']>, algorithmIdentifier=<X509_AlgorithmIdentifier |>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.PAChecksum2'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PADATA(_pkt, /, *, padataType=0x0 <ASN1_INTEGER[0]>, padataValue=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <scapy.layers.kerberos._PADATA_value_Field object>)>
- aliastypes = [<class 'scapy.layers.kerberos.PADATA'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_AUTHENTICATION_SET(_pkt, /, *, elems=[<PA_AUTHENTICATION_SET_ELEM |>])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF elems>
- aliastypes = [<class 'scapy.layers.kerberos.PA_AUTHENTICATION_SET'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_AUTHENTICATION_SET_ELEM(_pkt, /, *, paType=0x0 <ASN1_INTEGER[0]>, paHint=<ASN1_STRING['']>, paValue=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.PA_AUTHENTICATION_SET_ELEM'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_ENC_TS_ENC(_pkt, /, *, patimestamp=20260612194507Z [invalid generalized time] <ASN1_GENERALIZED_TIME[<GeneralizedTime>]>, pausec=0x0 <ASN1_INTEGER[0]>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_GENERALIZED_TIME object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.PA_ENC_TS_ENC'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_FOR_USER(_pkt, /, *, userName=<PrincipalName |>, userRealm=<ASN1_GENERAL_STRING['']>, cksum=<Checksum |>, authPackage=<ASN1_GENERAL_STRING['Kerberos']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>)>
- aliastypes = [<class 'scapy.layers.kerberos.PA_FOR_USER'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_FX_FAST_REPLY(_pkt, /, *, armoredData=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
- aliastypes = [<class 'scapy.layers.kerberos.PA_FX_FAST_REPLY'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_FX_FAST_REQUEST(_pkt, /, *, armoredData=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
- aliastypes = [<class 'scapy.layers.kerberos.PA_FX_FAST_REQUEST'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_PAC_OPTIONS(_pkt, /, *, options=<ASN1_BIT_STRING[]=b'' (0 unused bit)>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_FLAGS object>,)>
- aliastypes = [<class 'scapy.layers.kerberos.PA_PAC_OPTIONS'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_PAC_REQUEST(_pkt, /, *, includePac=True <ASN1_BOOLEAN[True]>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_BOOLEAN object>,)>
- aliastypes = [<class 'scapy.layers.kerberos.PA_PAC_REQUEST'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_PK_AS_REP(_pkt, /, *, rep=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <scapy.asn1fields.ASN1F_CHOICE object>
- aliastypes = [<class 'scapy.layers.kerberos.PA_PK_AS_REP'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_PK_AS_REQ(_pkt, /, *, signedAuthpack=<ASN1_STRING[b'0\x0b\x06\t*\x86H\x86\xf7\r\x01\x07\x02']>, trustedCertifiers=None, kdcPkId=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_STRING_ENCAPS object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.PA_PK_AS_REQ'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_S4U_X509_USER(_pkt, /, *, userId=<S4UUserID |>, checksum=<Checksum |>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_PACKET object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes = [<class 'scapy.layers.kerberos.PA_S4U_X509_USER'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PA_SUPPORTED_ENCTYPES(_pkt, /, *, flags=<Flag 0 ()>)[source]
Bases:
Packet- aliastypes = [<class 'scapy.layers.kerberos.PA_SUPPORTED_ENCTYPES'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.PKINIT_KEX_METHOD(*values)[source]
Bases:
IntEnum- DIFFIE_HELLMAN = 1
- PUBLIC_KEY = 2
- class scapy.layers.kerberos.PrincipalName(_pkt, /, *, nameType=0x0 <ASN1_INTEGER[0]>, nameString=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_enum_INTEGER object>, <ASN1F_SEQUENCE_OF nameString>)>
- aliastypes = [<class 'scapy.layers.kerberos.PrincipalName'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_enum_INTEGER object>, <ASN1F_SEQUENCE_OF nameString>]
- class scapy.layers.kerberos.S4UUserID(_pkt, /, *, nonce=0x0 <ASN1_INTEGER[0]>, cname=None, crealm=<ASN1_GENERAL_STRING['']>, subjectCertificate=None, options=<ASN1_BIT_STRING[]=b'' (0 unused bit)>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_GENERAL_STRING object>, <scapy.asn1fields.ASN1F_optional object>, <scapy.asn1fields.ASN1F_optional object>)>
- aliastypes = [<class 'scapy.layers.kerberos.S4UUserID'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.TD_CMS_DIGEST_ALGORITHMS(_pkt, /, *, seq=[])[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE_OF seq>
- aliastypes = [<class 'scapy.layers.kerberos.TD_CMS_DIGEST_ALGORITHMS'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- class scapy.layers.kerberos.TransitedEncoding(_pkt, /, *, trType=0x0 <ASN1_INTEGER[0]>, contents=<ASN1_STRING['']>)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_INTEGER object>, <scapy.asn1fields.ASN1F_STRING object>)>
- aliastypes = [<class 'scapy.layers.kerberos.TransitedEncoding'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]
- scapy.layers.kerberos.kpasswd(upn, targetupn=None, ip=None, password=None, newpassword=None, key=None, ticket=None, realm=None, ssp=None, setpassword=None, timeout=3, port=464, debug=0, **kwargs)[source]
Change a password using RFC3244’s Kerberos Set / Change Password.
- Parameters:
upn – the UPN to use for authentication
targetupn – (optional) the UPN to change the password of. If not specified, same as upn.
ip – the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local).
key – (optional) pass the Key object.
ticket – (optional) a ticket to use. Either a TGT or ST for kadmin/changepw.
password – (optional) otherwise, pass the user’s password
realm – (optional) the realm to use. Otherwise use the one from UPN.
setpassword – (optional) use “Set Password” mechanism.
ssp – (optional) a Kerberos SSP for the service kadmin/changepw@REALM. If provided, you probably don’t need anything else. Otherwise built.
- scapy.layers.kerberos.krb_as_and_tgs(upn, spn, ip=None, key=None, password=None, **kwargs)[source]
Kerberos AS-Req then TGS-Req
- scapy.layers.kerberos.krb_as_req(upn: str | None = None, spn: str | None = None, ip: str | None = None, key: Key | None = None, password: str | None = None, realm: str | None = None, host: str = 'WIN10', p12: str | None = None, x509: str | Cert | None = None, x509key: str | PrivKey | None = None, **kwargs)[source]
Kerberos AS-Req
- Parameters:
upn – the user principal name formatted as “DOMAINuser”, “DOMAIN/user” or “user@DOMAIN”
spn – (optional) the full service principal name. Defaults to “krbtgt/<realm>”
ip – the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local).
key – (optional) pass the Key object.
password – (optional) otherwise, pass the user’s password
x509 – (optional) pass a x509 certificate for PKINIT.
x509key – (optional) pass the private key of the x509 certificate for PKINIT.
p12 – (optional) use a pfx/p12 instead of x509 and x509key. In this case, ‘password’ is the password of the p12.
realm – (optional) the realm to use. Otherwise use the one from UPN.
host – (optional) the host performing the AS-Req. WIN10 by default.
- Returns:
returns a named tuple (asrep=<…>, sessionkey=<…>)
Example:
>>> # The KDC is found via DC Locator, we ask a TGT for user1 >>> krb_as_req("user1@DOMAIN.LOCAL", password="Password1")
Equivalent:
>>> from scapy.libs.rfc3961 import Key, EncryptionType >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) >>> krb_as_req("user1@DOMAIN.LOCAL", ip="192.168.122.17", key=key)
Example using PKINIT with a p12 (“password” is the password of the p12):
>>> krb_as_req(p12="./store.p12", realm="DOMAIN.LOCAL", password="password")
- scapy.layers.kerberos.krb_get_salt(upn, ip=None, realm=None, host='WIN10', **kwargs)[source]
Kerberos AS-Req only to get the salt associated with the UPN.
- scapy.layers.kerberos.krb_tgs_req(upn, spn, sessionkey, ticket, ip=None, renew=False, realm=None, additional_tickets=[], u2u=False, etypes=None, for_user=None, s4u2proxy=False, **kwargs)[source]
Kerberos TGS-Req
- Parameters:
upn – the user principal name formatted as “DOMAINuser”, “DOMAIN/user” or “user@DOMAIN”
spn – the full service principal name (e.g. “cifs/srv1”)
sessionkey – the session key retrieved from the tgt
ticket – the tgt ticket
ip – the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local).
renew – ask for renewal
realm – (optional) the realm to use. Otherwise use the one from SPN.
additional_tickets – (optional) a list of additional tickets to pass.
u2u – (optional) if specified, enable U2U and request the ticket to be signed using the session key from the first additional ticket.
etypes – array of EncryptionType values. By default: AES128, AES256, RC4, DES_MD5
for_user – a user principal name to request the ticket for. This is the S4U2Self extension.
- Returns:
returns a named tuple (tgsrep=<…>, sessionkey=<…>)
Example:
>>> # The KDC is on 192.168.122.17, we ask a TGT for user1 >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1")
Equivalent:
>>> from scapy.libs.rfc3961 import Key, EncryptionType >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key)