scapy.modules.ticketer

Create/Edit Kerberos ticket using Scapy

See https://scapy.readthedocs.io/en/latest/layers/kerberos.html

class scapy.modules.ticketer.CCAddress(_pkt, /, *, addrtype=0, address=<CCCountedOctetString |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCAddress'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortEnumField (CCAddress).addrtype>, <PacketField (CCAddress).address>]

guess_payload_class(payload)[source]

class scapy.modules.ticketer.CCAuthData(_pkt, /, *, authtype=0, authdata=<CCCountedOctetString |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCAuthData'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortEnumField (CCAuthData).authtype>, <PacketField (CCAuthData).authdata>]

guess_payload_class(payload)[source]

class scapy.modules.ticketer.CCCountedOctetString(_pkt, /, *, length=None, data=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCCountedOctetString'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FieldLenField (CCCountedOctetString).length>, <StrLenField (CCCountedOctetString).data>]

guess_payload_class(payload)[source]

class scapy.modules.ticketer.CCCredential(_pkt, /, *, client=<CCPrincipal realm=<CCCountedOctetString |> |>, server=<CCPrincipal realm=<CCCountedOctetString |> |>, keyblock=<CCKeyBlock |>, authtime=None, starttime=None, endtime=None, renew_till=None, is_skey=0, ticket_flags=<Flag 0 ()>, num_address=None, addrs=[], num_authdata=None, authdata=[], ticket=<CCCountedOctetString |>, second_ticket=<CCCountedOctetString |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCCredential'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<PacketField (CCCredential).client>, <PacketField (CCCredential).server>, <PacketField (CCCredential).keyblock>, <UTCTimeField (CCCredential).authtime>, <UTCTimeField (CCCredential).starttime>, <UTCTimeField (CCCredential).endtime>, <UTCTimeField (CCCredential).renew_till>, <ByteField (CCCredential).is_skey>, <FlagsField (CCCredential).ticket_flags>, <FieldLenField (CCCredential).num_address>, <PacketListField (CCCredential).addrs>, <FieldLenField (CCCredential).num_authdata>, <PacketListField (CCCredential).authdata>, <PacketField (CCCredential).ticket>, <PacketField (CCCredential).second_ticket>]

guess_payload_class(payload)[source]

is_xcacheconf()[source]

set_from_krb(tkt, clientpart, sessionkey, kdcrep)[source]

class scapy.modules.ticketer.CCDeltaTime(_pkt, /, *, time_offset=0, usec_offset=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCDeltaTime'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<IntField (CCDeltaTime).time_offset>, <IntField (CCDeltaTime).usec_offset>]

guess_payload_class(payload)[source]

class scapy.modules.ticketer.CCHeader(_pkt, /, *, tag=1, taglen=8, tagdata=<CCDeltaTime |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCHeader'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortEnumField (CCHeader).tag>, <ShortField (CCHeader).taglen>, <PacketField (CCHeader).tagdata>]

guess_payload_class(payload)[source]

class scapy.modules.ticketer.CCKeyBlock(_pkt, /, *, keytype=0, etype=0, keylen=None, keyvalue=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCKeyBlock'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortEnumField (CCKeyBlock).keytype>, <ShortField (CCKeyBlock).etype>, <FieldLenField (CCKeyBlock).keylen>, <StrLenField (CCKeyBlock).keyvalue>]

guess_payload_class(payload)[source]

toKey()[source]

class scapy.modules.ticketer.CCPrincipal(_pkt, /, *, name_type=0, num_components=None, realm=<CCCountedOctetString |>, components=[])[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCPrincipal'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<IntEnumField (CCPrincipal).name_type>, <FieldLenField (CCPrincipal).num_components>, <PacketField (CCPrincipal).realm>, <PacketListField (CCPrincipal).components>]

guess_payload_class(payload)[source]

toPN()[source]

class scapy.modules.ticketer.CCache(_pkt, /, *, file_format_version=1284, headerlen=0, headers=[], primary_principal=<CCPrincipal realm=<CCCountedOctetString |> |>, credentials=[])[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.CCache'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortField (CCache).file_format_version>, <ShortField (CCache).headerlen>, <PacketListField (CCache).headers>, <PacketField (CCache).primary_principal>, <PacketListField (CCache).credentials>]

class scapy.modules.ticketer.KTCountedOctetString(_pkt, /, *, length=None, data=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.KTCountedOctetString'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FieldLenField (KTCountedOctetString).length>, <StrLenField (KTCountedOctetString).data>]

guess_payload_class(payload)[source]

class scapy.modules.ticketer.KTKeyBlock(_pkt, /, *, keytype=0, keylen=None, keyvalue=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.KTKeyBlock'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortEnumField (KTKeyBlock).keytype>, <FieldLenField (KTKeyBlock).keylen>, <StrLenField (KTKeyBlock).keyvalue>]

guess_payload_class(payload)[source]

toKey()[source]

class scapy.modules.ticketer.Keytab(_pkt, /, *, file_format_version=1282, entries=[])[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.Keytab'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortField (Keytab).file_format_version>, <PacketListField (Keytab).entries>]

class scapy.modules.ticketer.KeytabEntry(_pkt, /, *, size=None, num_components=None, realm=<KTCountedOctetString |>, components=[], name_type=0, timestamp=None, vno8=0, key=<KTKeyBlock |>, vno=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.modules.ticketer.KeytabEntry'>, <class 'scapy.packet.Packet'>]

extract_padding(s: bytes) → Tuple[bytes, bytes][source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<IntField (KeytabEntry).size>, <FieldLenField (KeytabEntry).num_components>, <PacketField (KeytabEntry).realm>, <PacketListField (KeytabEntry).components>, <scapy.fields.ConditionalField object>, <UTCTimeField (KeytabEntry).timestamp>, <ByteField (KeytabEntry).vno8>, <scapy.fields.MayEnd object>, <scapy.fields.ConditionalField object>]

getPrincipal()[source]

post_build(p: bytes, pay: bytes) → bytes[source]

property versionNumber

class scapy.modules.ticketer.ScrollFrame(parent)[source]

Bases: Frame

onCanvasConfigure(event)[source]: Reset the canvas window to encompass inner frame when required

onEnter(event)[source]

onFrameConfigure(event)[source]: Reset the scroll region to encompass the inner frame

onLeave(event)[source]

onMouseWheel(event)[source]

class scapy.modules.ticketer.Ticketer[source]

Bases: object

add_cred(principal, mapupn=None, password=None, salt=None, key=None, etypes=None, kvno=None)[source]: Add a credential to the Keytab.

create_ticket(**kwargs)[source]: Create a Kerberos ticket

dec_ticket(i, key=None, hash=None)[source]: Get the decrypted ticket by credentials ID

edit_ticket(i, key=None, hash=None)[source]: Edit a Kerberos ticket using the GUI

enumerate_tickets()[source]: Enumerate through the tickets in the ccache

export_krb(i)[source]: Export a full ticket, session key, UPN and SPN.

get_cred(principal, etype=None)[source]: Get credential from the Keytab by principal.

get_krb_xcacheopts(i: int)[source]: Get the X-CACHECONF config for a credential

import_krb(res, key=None, hash=None, _inplace=None)[source]

Import the result of krb_[tgs/as]_req or a Ticket into the CCache.

Parameters:

obj – a KRB_Ticket object or a AS_REP/TGS_REP object
sessionkey – the session key that comes along the ticket

iter_tickets()[source]: Iterate through the tickets in the ccache

kpasswdset(i, targetupn=None, newpassword=None)[source]

Use kpasswd in ‘Set Password’ mode to set the password of an account.

Parameters:: i – the TGT to use.

open_ccache(fname)[source]: Load from CCache file

open_keytab(fname)[source]: Load from Keytab file

remove_cred(principal, etype=None)[source]: Remove a credential from the Keytab by principal.

remove_krb(i)[source]

Remove a ticket from the store.

Parameters:: i – the ticket to remove.

renew(i, ip=None, additional_tickets=[], **kwargs)[source]

Renew a Kerberos TGT or a TS from the local CCache using a TGS-REQ

Parameters:: i – the ticket/sessionkey to renew.

request_st(i, spn, ip=None, renew=False, realm=None, additional_tickets=None, fast=False, armor_with=None, for_user=None, s4u2proxy=None, **kwargs)[source]

Request a Kerberos TS and add it to the local CCache using another ticket.

Parameters:

i – the index of the ticket/sessionkey to use in the TGS request.
spn – the SPN to request a ticket for.
armor_with – the index of the ticket/sessionkey to armor this request.
s4u2proxy – if an index, the index of the additional ticket to send along a S4U2PROXY request. If True, it will use additional_tickets as usual.
for_user – if provided, requests S4U2SELF for that user.

See krb_tgs_req() for the the other parameters.

request_tgt(upn=None, ip=None, key=None, password=None, realm=None, fast=False, armor_with=None, spn=None, x509=None, x509key=None, p12=None, **kwargs)[source]

Request a Kerberos TGT and add it to the local CCache

See krb_as_req() for the full documentation.

resign_ticket(i, hash=None, kdc_hash=None)[source]

Resign a ticket from CCache

Parameters:

hash – the hash to use to compute the Server Signature
kdc_hash – the hash to use to compute the KDC signature (if None, not recomputed unless its a TGT where is uses hash)

save_ccache(fname=None, i=None)[source]

Save ccache into file

Parameters:

fname – if provided, save to a specific file.
i – if provided, only save the ticket n°i.

save_keytab(fname=None)[source]

Save keytab into file

Parameters:: fname – if provided, save to a specific file.

set_krb_xcacheconf(i: int, key: str, value: str)[source]: Set a X-CACHECONF config for a credential

set_primary(i)[source]: Set the primary (=default) credential to the credential n°1

show(utc=False)[source]: Show the content of a CCache

ssp(i, **kwargs)[source]

Create a KerberosSSP from a ticket or from the keystore.

Parameters:: i – index of the ticket to use from ccache (client) OR SPN of the key to use from the keystore (server)

update_ticket(i, decTkt, resign=False, hash=None, kdc_hash=None)[source]: Update a decrypted ticket by credentials ID