CoCalc -- inspect_ticket

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb
Views: ¹¹⁷⁸⁹
1
require 'rspec'
2

3
RSpec.shared_examples 'inspect ticket' do
4
  describe '#run' do
5
    context 'with no decryption key' do
6
      it 'displays the encrypted ticket' do
7
        subject.run
8
        expect(@output.join("\n")).to eq expected_encrypted_output
9
      end
10
    end
11

12
    context 'with the correct decryption key' do
13
      it 'displays the decrypted ticket' do
14
        subject.datastore[key_type] = key
15
        subject.run
16

17
        expect(@output.join("\n")).to eq expected_decrypted_output
18
      end
19
    end
20

21
    context 'with invalid key' do
22
      it 'warns the user the key is invalid' do
23
        subject.datastore[key_type] = invalid_key
24

25
        expect { subject.run }.to raise_error Msf::Auxiliary::Failed, invalid_key_error_msg
26
      end
27
    end
28

29
    context 'with both keys set' do
30
      it 'warns the user both keys may not be set' do
31
        subject.datastore['AES_KEY'] = aes_key
32
        subject.datastore['NTHASH'] = nthash
33
        error_msg = 'bad-config: NTHASH and AES_KEY may not both be set for inspecting a ticket'
34

35
        expect { subject.run }.to raise_error Msf::Auxiliary::Failed, error_msg
36
      end
37
    end
38
  end
39
end
40

41
RSpec.describe 'kerberos inspect ticket' do
42
  include_context 'Msf::UIDriver'
43
  include_context 'Msf::Simple::Framework#modules loading'
44

45
  let(:subject) do
46
    load_and_create_module(
47
      module_type: 'auxiliary',
48
      reference_name: 'admin/kerberos/inspect_ticket'
49
    )
50
  end
51

52
  before(:each) do
53
    subject.datastore['VERBOSE'] = false
54
    subject.datastore['AES_KEY'] = nil
55
    subject.datastore['NTHASH'] = nil
56
    subject.datastore['TICKET_PATH'] = ticket_path
57
    allow(driver).to receive(:input).and_return(driver_input)
58
    allow(driver).to receive(:output).and_return(driver_output)
59
    subject.init_ui(driver_input, driver_output)
60
  end
61

62
  let(:aes_key) { '4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326' }
63
  let(:nthash) { '88E4D9FABAECF3DEC18DD80905521B29' }
64
  let(:invalid_key) { 'invalid_key' }
65

66
  let(:ccache_aes) do
67
    # msf6 auxiliary(admin/kerberos/forge_ticket) > options
68
    #
69
    # Module options (auxiliary/admin/kerberos/forge_ticket):
70
    #
71
    #    Name        Current Setting                                                   Required  Description
72
    #    ----        ---------------                                                   --------  -----------
73
    #    AES_KEY     4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326  no        The krbtgt/service AES key
74
    #    DOMAIN      windomain.local                                                   yes       The Domain (upper case) Ex: DEMO.LOCAL
75
    #    DOMAIN_SID  S-1-5-21-3541430928-2051711210-1391384369                         yes       The Domain SID, Ex: S-1-5-21-1755879683-3641577184-3486455962
76
    #    DURATION    3650                                                              yes       Duration of the ticket in days
77
    #    NTHASH                                                                        no        The krbtgt/service nthash
78
    #    SPN         cifs/dc.windomain.local                                           no        The Service Principal Name (Only used for silver ticket)
79
    #    USER        Administrator                                                     yes       The Domain User
80
    #    USER_RID    500                                                               yes       The Domain User's relative identifier(RID)
81
    #
82
    #
83
    # View the full module info with the info, or info -d command.
84
    #
85
    # msf6 auxiliary(admin/kerberos/forge_ticket) > forge_silver
86
    #
87
    # [*] [2023.01.13-14:31:25] TGS MIT Credential Cache ticket saved to /Users/dwelch/.msf4/loot/20230113143125_default_unknown_mit.kerberos.cca_398641.bin
88
    # [*] Auxiliary module execution completed
89
    # msf6 auxiliary(admin/kerberos/forge_ticket) >
90

91
    "\x05\x04\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0f" \
92
    "\x57\x49\x4e\x44\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\x00" \
93
    "\x00\x00\x0d\x41\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72" \
94
    "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0f\x57\x49\x4e\x44" \
95
    "\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\x00\x00\x00\x0d\x41" \
96
    "\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72\x00\x00\x00\x01" \
97
    "\x00\x00\x00\x02\x00\x00\x00\x0f\x57\x49\x4e\x44\x4f\x4d\x41\x49" \
98
    "\x4e\x2e\x4c\x4f\x43\x41\x4c\x00\x00\x00\x04\x63\x69\x66\x73\x00" \
99
    "\x00\x00\x12\x64\x63\x2e\x77\x69\x6e\x64\x6f\x6d\x61\x69\x6e\x2e" \
100
    "\x6c\x6f\x63\x61\x6c\x00\x12\x00\x00\x00\x20\x30\x31\x36\x30\x31" \
101
    "\x30\x31\x30\x37\x65\x65\x30\x64\x36\x38\x38\x63\x39\x39\x61\x39" \
102
    "\x33\x38\x38\x36\x33\x34\x61\x65\x30\x34\x31\x63\xc1\x6b\x3d\x63" \
103
    "\xc1\x6b\x3d\x76\x8d\x6e\x3d\x76\x8d\x6e\x3d\x00\x50\xa0\x00\x00" \
104
    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xd2\x61\x82\x03\xce" \
105
    "\x30\x82\x03\xca\xa0\x03\x02\x01\x05\xa1\x11\x1b\x0f\x57\x49\x4e" \
106
    "\x44\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\xa2\x25\x30\x23" \
107
    "\xa0\x03\x02\x01\x01\xa1\x1c\x30\x1a\x1b\x04\x63\x69\x66\x73\x1b" \
108
    "\x12\x64\x63\x2e\x77\x69\x6e\x64\x6f\x6d\x61\x69\x6e\x2e\x6c\x6f" \
109
    "\x63\x61\x6c\xa3\x82\x03\x87\x30\x82\x03\x83\xa0\x03\x02\x01\x12" \
110
    "\xa1\x03\x02\x01\x02\xa2\x82\x03\x75\x04\x82\x03\x71\xec\x7a\xb2" \
111
    "\xbf\x57\x69\x55\x02\x0e\x1f\xf3\xeb\xdb\x0e\x37\x42\x67\x48\x62" \
112
    "\xbb\x63\x40\x9b\xc9\x70\x73\x03\x46\x8c\xdc\x4f\x4c\xcf\x8e\x66" \
113
    "\xf1\xd7\xad\x07\x68\x00\x5d\xec\xea\xe8\x0b\x79\x9c\x2e\x18\xac" \
114
    "\x40\x92\x0c\xf0\xcf\xdd\xaf\x4b\x9f\xf3\x3f\xcf\x59\x2e\xb3\x7b" \
115
    "\x99\x74\x80\x57\x8f\x74\xf2\xa1\xe6\xfc\x08\x60\x74\x30\xd2\x0b" \
116
    "\x7f\xfd\xd1\x4c\xa5\x1f\xb5\xd5\xe1\xfe\xa8\x62\xca\x5b\xf2\xad" \
117
    "\xd0\xbd\x1f\x2f\x8b\x60\xe0\xa6\x0a\xc7\xe7\xff\x08\xae\xb9\x2b" \
118
    "\xcd\xa9\x4a\xee\xd0\x68\x53\xa3\xed\xc4\xa0\x75\x3b\xc8\x0e\x6c" \
119
    "\x47\x90\x38\x92\xe7\x37\xa6\x27\xa4\x2e\xd6\x54\xa4\x9c\x30\xd6" \
120
    "\xf5\xea\x33\x68\x1c\x26\xea\x7e\xf8\x80\xe9\x94\x52\x2c\x68\xef" \
121
    "\x8f\x98\x6a\x32\xd1\xa2\x37\xd5\x44\xf5\x80\x64\x9b\x22\xe8\xb9" \
122
    "\x20\x4b\xf7\x00\x49\xbe\xab\x6f\xcb\x19\x59\x23\x80\xad\x86\x33" \
123
    "\xeb\x52\x0d\xbb\xf8\xf1\x9d\xd9\x7e\xfc\xf6\x88\x66\x24\x5d\xf0" \
124
    "\x40\xbf\x0e\x91\x17\x8b\x9e\x62\x34\xa5\x6e\x7d\x43\x7e\xcc\x4e" \
125
    "\xbf\x66\xab\x8b\xd0\xb1\x44\xa1\x7b\xe1\x89\x78\x38\xe3\xe1\x48" \
126
    "\x70\x4d\x1f\xfe\xc4\xb0\x5b\x70\x56\x66\xc2\x8f\x5e\x56\x3e\x2f" \
127
    "\x18\x95\x4b\x4c\x5a\x70\x06\x0b\xf6\x34\x7a\x2a\x27\x81\xa0\x96" \
128
    "\xc2\x06\x46\x29\x39\x38\xd9\x60\x56\xd3\x9d\x7f\x2a\x43\x66\x57" \
129
    "\xec\x93\x46\x19\x84\x16\x25\xd8\xc9\xa9\x37\xd8\xe5\xe1\xdd\x65" \
130
    "\x07\xc7\x35\xc3\x20\x10\x7a\x43\xf3\x71\x1f\x33\xdd\x1b\xd9\xac" \
131
    "\xb2\x85\xd7\x4f\xd0\x95\x1e\x76\x51\x47\x27\xa5\x4e\xf2\x23\x8a" \
132
    "\xbe\xae\xbd\x66\xbe\xeb\xca\x62\x49\x2b\x4e\xce\xa4\x1f\xfb\x89" \
133
    "\x0a\xe5\xa9\x8b\xfa\xd8\x6b\x12\x4d\x0b\xd3\x4e\xc9\x17\x49\x33" \
134
    "\xc1\xec\x1a\xa4\x99\xfa\xc3\xc1\x81\x82\x71\x07\x34\xe5\x6b\x87" \
135
    "\x88\x17\xce\x79\xa8\xb6\xbc\x70\x46\x4a\xc9\xcd\x7d\x93\xd8\xb5" \
136
    "\x69\x79\xa0\x89\x3c\x9e\xaa\xf2\x1d\x68\xb1\x63\xd0\xfb\x81\xff" \
137
    "\x1e\x77\xb7\xc9\x98\xaf\xe6\xe0\x02\xda\xd7\x88\x4f\xa7\xc6\x31" \
138
    "\xb1\x39\x65\xb4\x80\x36\x2a\x12\x08\xbb\x1e\xba\xd8\xcb\x97\x70" \
139
    "\xeb\xcc\x9b\x32\xfa\x4b\xd4\xa9\x50\x5d\x6a\xe2\x0f\x02\xa9\xd1" \
140
    "\x03\x59\x40\x4f\x79\xe7\x09\xf3\x6d\x57\x10\xfe\xff\x56\xff\xc1" \
141
    "\x4c\xb8\x47\xc1\x33\x1b\xc5\x84\x89\xbf\xc5\x60\x23\x1d\x62\xdc" \
142
    "\x07\x34\x24\x51\x6c\x60\x55\x3b\x30\xe3\x26\x7c\xcc\x73\x50\xee" \
143
    "\x27\xe8\xd4\xad\x1a\x9b\xfe\xb1\x66\xb5\xb6\x41\xc9\x9b\x1c\x33" \
144
    "\x17\x09\x38\x47\xf1\x2f\x9c\xdd\xbe\xc4\x0b\x61\x14\xf0\xbd\xe0" \
145
    "\xc3\xc2\x8c\x3e\x2b\x06\xe0\xf2\x74\x2e\xc1\x74\x19\x7c\x4c\xe8" \
146
    "\xf5\x45\x69\x40\xdd\xfb\xab\x0f\x8c\x0e\x21\x35\xcf\xc4\x73\x82" \
147
    "\x47\x47\xe1\xb8\x82\x3d\x87\x02\x5c\xb1\x47\xee\x51\x15\xda\xa6" \
148
    "\x92\xa8\x3e\x5b\x38\x61\x93\x6c\x87\x03\xe8\x68\x78\x19\x1d\xec" \
149
    "\x61\xe1\x03\x07\x98\xdd\xf7\xbc\x6e\x1f\x73\x79\xad\xb0\x4d\x99" \
150
    "\x39\x6d\xfa\xd6\xc2\x29\x4f\xa6\x4e\x60\x4a\x35\x09\x17\x1d\x9d" \
151
    "\x75\xaa\x5b\x27\x24\xec\xb0\x82\xee\x94\xe0\xb7\xdf\xbc\xc6\x16" \
152
    "\xf9\x11\x86\xe2\x09\xd3\xe6\x1b\x11\x57\x85\x22\x5e\x17\x71\x8f" \
153
    "\x7b\x25\xde\xbb\x03\x67\x05\xde\x3e\x24\x9f\x02\xe6\xab\xc3\xf8" \
154
    "\x3f\x3d\x0e\x64\x5b\x0a\xa3\xfe\x1c\x3c\x47\xb1\xce\x45\x3e\x83" \
155
    "\x71\xde\xd6\x6f\x35\xa7\xe1\x31\x5b\x65\x46\x58\x2d\xf0\xca\xc7" \
156
    "\x85\x0d\x42\x40\x09\xe0\x83\x8a\x86\x2c\xc4\xfc\xa8\x3d\x51\xc3" \
157
    "\x72\x00\x1d\x72\xe1\x65\x31\xe3\xf4\xd6\xe0\x37\x0a\x48\x24\xa5" \
158
    "\x02\xcc\x96\x9d\x9a\x81\x9e\xd9\xc6\x6c\x2d\xb2\x09\xac\x34\x17" \
159
    "\x57\xa8\x80\x89\x63\xfc\x03\xf7\xb6\x3c\x9f\x38\x95\xf0\x72\xff" \
160
    "\x4d\x79\xf0\x6e\x1f\x98\x20\x2f\x5d\xd2\xc9\xd1\xaa\x20\x35\xac" \
161
    "\x92\x5e\x62\x20\x29\x3d\xdf\xb1\x1b\xbd\x91\x40\x69\xae\xdf\xa6" \
162
    "\x78\x00\xbe\xcb\x26\xd7\x7a\xd4\xcf\x31\x55\xa8\xc4\x5d\xfa\x27" \
163
    "\xf5\x44\xc0\x2b\xb4\x94\x66\x78\xd6\xaa\x66\x6c\x05\xa4\x99\x3c" \
164
    "\x77\xdf\xd0\x26\x47\xb4\x40\x90\xae\x8a\x96\x02\xe0\xf3\x22\xf0" \
165
    "\x8d\xbb\x0d\x86\x5b\x0a\x7d\x7a\xee\x38\x45\xd3\x01\x46\x00\x00" \
166
    "\x00\x00"
167
  end
168

169
  let(:ccache_nthash) do
170
    # msf6 auxiliary(admin/kerberos/forge_ticket) > options
171
    #
172
    # Module options (auxiliary/admin/kerberos/forge_ticket):
173
    #
174
    #    Name        Current Setting                            Required  Description
175
    #    ----        ---------------                            --------  -----------
176
    #    AES_KEY                                                no        The krbtgt/service AES key
177
    #    DOMAIN      windomain.local                            yes       The Domain (upper case) Ex: DEMO.LOCAL
178
    #    DOMAIN_SID  S-1-5-21-3541430928-2051711210-1391384369  yes       The Domain SID, Ex: S-1-5-21-1755879683-3641577184-3486455962
179
    #    DURATION    3650                                       yes       Duration of the ticket in days
180
    #    NTHASH      88E4D9FABAECF3DEC18DD80905521B29           no        The krbtgt/service nthash
181
    #    SPN         cifs/dc.windomain.local                    no        The Service Principal Name (Only used for silver ticket)
182
    #    USER        Administrator                              yes       The Domain User
183
    #    USER_RID    500                                        yes       The Domain User's relative identifier(RID)
184
    #
185
    #
186
    # View the full module info with the info, or info -d command.
187
    #
188
    # msf6 auxiliary(admin/kerberos/forge_ticket) > forge_silver
189
    #
190
    # [*] [2023.01.13-14:36:39] TGS MIT Credential Cache ticket saved to /Users/dwelch/.msf4/loot/20230113143639_default_unknown_mit.kerberos.cca_476516.bin
191
    # [*] Auxiliary module execution completed
192

193
    "\x05\x04\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0f" \
194
    "\x57\x49\x4e\x44\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\x00" \
195
    "\x00\x00\x0d\x41\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72" \
196
    "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0f\x57\x49\x4e\x44" \
197
    "\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\x00\x00\x00\x0d\x41" \
198
    "\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72\x00\x00\x00\x01" \
199
    "\x00\x00\x00\x02\x00\x00\x00\x0f\x57\x49\x4e\x44\x4f\x4d\x41\x49" \
200
    "\x4e\x2e\x4c\x4f\x43\x41\x4c\x00\x00\x00\x04\x63\x69\x66\x73\x00" \
201
    "\x00\x00\x12\x64\x63\x2e\x77\x69\x6e\x64\x6f\x6d\x61\x69\x6e\x2e" \
202
    "\x6c\x6f\x63\x61\x6c\x00\x17\x00\x00\x00\x10\x66\x38\x37\x38\x64" \
203
    "\x64\x63\x36\x37\x38\x63\x37\x61\x64\x37\x66\x63\xc1\x6c\x77\x63" \
204
    "\xc1\x6c\x77\x76\x8d\x6f\x77\x76\x8d\x6f\x77\x00\x50\xa0\x00\x00" \
205
    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xce\x61\x82\x03\xca" \
206
    "\x30\x82\x03\xc6\xa0\x03\x02\x01\x05\xa1\x11\x1b\x0f\x57\x49\x4e" \
207
    "\x44\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\xa2\x25\x30\x23" \
208
    "\xa0\x03\x02\x01\x01\xa1\x1c\x30\x1a\x1b\x04\x63\x69\x66\x73\x1b" \
209
    "\x12\x64\x63\x2e\x77\x69\x6e\x64\x6f\x6d\x61\x69\x6e\x2e\x6c\x6f" \
210
    "\x63\x61\x6c\xa3\x82\x03\x83\x30\x82\x03\x7f\xa0\x03\x02\x01\x17" \
211
    "\xa1\x03\x02\x01\x02\xa2\x82\x03\x71\x04\x82\x03\x6d\x8f\x47\xbe" \
212
    "\x76\x3e\x3b\x6b\x9a\x85\x90\xc2\xbd\x0a\x62\x95\x3b\x6a\x93\xb9" \
213
    "\xab\x7f\xcd\xb4\x85\x9b\x48\x19\x85\xbd\xbb\xe3\xff\x21\xc0\x34" \
214
    "\xb3\x64\x72\xac\xad\x15\x88\x1f\x4d\xbb\xfd\x71\x4a\xc9\x2f\x89" \
215
    "\x4e\x9b\xf5\x73\x6f\xa3\x38\xdd\x33\x28\x4b\x0b\x0d\x20\xfc\x52" \
216
    "\x4c\x4b\xe5\xa5\xac\xe2\x06\xce\xa8\x0f\x56\x9e\x3f\xeb\x27\x10" \
217
    "\x59\x70\xd7\x78\x77\xd3\xad\x3c\xcd\x71\x19\x5d\x83\xbe\xbe\xc2" \
218
    "\x54\x7c\xd0\x38\x70\x7d\x8a\x7d\xb4\x10\x14\x06\x1d\xcb\x4c\xcf" \
219
    "\xe6\x80\xf3\xbe\x1a\xc8\xe5\xa0\x39\xff\xb1\x58\x93\x91\x4b\x8e" \
220
    "\x70\xff\x66\x70\x10\xe2\xfe\x15\xab\xf7\xb2\x31\x85\xa3\x67\xdb" \
221
    "\x8f\xc9\x8d\x43\x8e\x69\xf4\xf7\x4d\x3c\xfa\xf5\xad\xea\x3f\x8f" \
222
    "\x12\x4d\x95\x37\xee\x1a\x26\xcb\x60\xde\x00\x78\x7b\xe8\x89\xb6" \
223
    "\x25\x32\x39\x3a\xbf\xba\xb1\xd5\x14\xb0\x95\xc4\x1c\x37\xfa\x6d" \
224
    "\xbd\x5e\x2e\x9d\xdb\x3f\x23\x5c\xcf\xd3\xa6\xa5\xfa\xb8\xcf\x3c" \
225
    "\x16\x76\x0b\x57\xeb\x68\xa1\x72\x1b\xa7\x22\x82\xa0\xff\x79\xee" \
226
    "\xef\x7b\xa8\xe6\xe7\x6f\xcb\x47\xf8\x5b\x45\xcb\x0e\x40\x0b\x9b" \
227
    "\xd0\xe9\x98\xb4\x49\x4f\x9c\xf4\xbc\x34\xc1\x30\xf6\xb9\x79\xdc" \
228
    "\x51\x93\xda\xc4\x8e\x3a\xa5\xf3\xc9\x0e\x16\x7f\xf8\x1a\x5b\x24" \
229
    "\x2c\x45\xe6\xeb\xe5\x55\x3a\xfa\x6c\x79\x4f\x5e\x27\xe7\x94\x8b" \
230
    "\x2d\xeb\xde\x73\xe5\xc5\xaf\xdf\x24\x81\x5e\x62\x66\x33\xab\x7a" \
231
    "\x18\x6e\x64\xe5\xf5\x4c\x38\xc5\x2f\x92\x10\xea\x74\xaa\xe2\x9b" \
232
    "\x3d\x4a\xd3\xd1\x45\x9b\x8b\xe9\xd5\x83\x5d\x7a\x6c\x85\x12\x68" \
233
    "\x61\xfe\x16\xb2\x50\x26\x66\x09\x44\xcd\xf9\x5c\xff\xc4\x4a\x67" \
234
    "\xd1\x6a\x8b\xd5\xee\x81\x8f\xb2\xca\x0e\x23\x4b\x92\x6c\x62\x50" \
235
    "\x21\x6f\x70\x1c\x96\xd9\x9e\xb8\xf8\x0e\x06\x05\x53\x6b\x5b\x5c" \
236
    "\x0f\x04\xd8\x3a\xb0\x75\x73\x8f\x8a\x55\xa1\xf8\x56\x53\x96\x0e" \
237
    "\xe2\x84\x93\x3b\x5a\x05\xe2\x3f\x95\xc8\xb8\xfe\x29\xe9\x5f\x96" \
238
    "\xb6\x36\x30\xc0\x0a\x0a\x99\x23\xea\xff\xfb\xa4\x15\xe8\xfe\x1d" \
239
    "\xd1\xd4\x94\x49\x3b\x2a\x75\x2b\xdb\xae\xe4\x7b\x94\x61\x0b\xac" \
240
    "\x25\xfc\x0f\xd7\x6c\xc6\x5a\x4f\x8b\x7b\x5f\x77\x61\x3f\x24\xf2" \
241
    "\xe0\x77\xdd\x67\x7f\xac\xd8\x07\xaf\x68\x74\x5d\xa6\x4e\xec\x3f" \
242
    "\xa7\xff\x01\x73\x9a\x86\xaa\xb8\x8d\x11\x53\x77\xa1\xf2\xdb\xbe" \
243
    "\x5c\x75\xe4\x93\x52\x26\x95\xd6\x4e\x8a\x70\x7b\xca\xb2\xf3\x59" \
244
    "\x9c\xd3\x08\xb4\xe5\xcb\x64\x4d\x15\x30\x99\x6c\xe1\xed\x8e\xa3" \
245
    "\x06\x99\x30\x05\xa3\xd7\x43\x12\xeb\x2e\x46\xce\xca\x77\x7f\xba" \
246
    "\xe9\xad\x7b\xdd\x67\x0b\xb1\x15\x3b\x9c\x1a\xa6\x92\xd6\x9d\x59" \
247
    "\x1c\xe8\xed\x18\xbf\xf0\x11\xec\xa4\xa3\xce\x31\x43\xa8\x32\xb7" \
248
    "\x7f\x0a\xbd\x49\xe4\xd8\x45\x6f\x4d\x11\x2b\x24\x5f\x31\x8e\x90" \
249
    "\x41\x70\xf4\x0c\xa8\x1b\xd8\x70\xe4\x8b\x15\xf7\xe1\x58\x7d\xbe" \
250
    "\x0c\xcb\x52\x80\x72\xff\x24\xa8\xa6\xaf\x93\x8d\xb2\xcc\xe3\x16" \
251
    "\x43\x1c\x3a\xcc\xe5\x32\x4d\xc5\x4f\x82\x41\xdf\x64\x0c\xe8\xb1" \
252
    "\xb3\xf9\x6e\x5d\xa4\x90\x22\x24\x99\x65\x22\x4b\xc1\x37\xee\xa4" \
253
    "\x3d\x35\xaf\x62\x78\x75\xe7\x68\x65\xb4\xa0\x24\x3b\xeb\x0c\x4a" \
254
    "\x5e\x8e\xf1\x29\x34\xc5\x73\x01\x7b\xd9\x36\xed\x90\xa9\x90\xdb" \
255
    "\x4a\xef\xb4\x2f\xc3\x9a\xd7\xb2\x4e\x1e\x1a\x68\xb1\x45\x8d\x98" \
256
    "\x6f\x1f\x88\x67\x06\x4e\x2e\x92\x33\x92\x8b\x5e\xab\xaa\x57\x19" \
257
    "\xb9\x77\xe1\x3a\xdb\xc1\x66\xa5\xad\xaa\xbb\x6c\x47\xa8\xab\xd5" \
258
    "\xe7\x65\xe3\xcf\xa2\xaf\x7d\xcb\x8e\xcd\x63\x4c\x6a\x5d\x47\x8e" \
259
    "\xc8\x90\x93\x31\x70\x00\x50\xe4\x41\x31\xc0\xe4\x6d\x5b\x95\x49" \
260
    "\x8f\x89\xb5\xb4\xea\xc9\x60\xc4\x3a\x4a\x16\x69\x3c\x29\x7a\xd9" \
261
    "\xf4\xff\x84\xb0\xfa\xa9\xaa\xac\x47\xb1\xa4\x98\x64\xe4\xc3\xaa" \
262
    "\x26\x10\x9c\x38\x8f\x60\xeb\x29\xfa\x15\xe7\x4b\xe4\x39\xb4\xed" \
263
    "\x13\x87\x4b\x91\x8f\x89\xbe\x0c\x01\x13\x19\xf7\xef\xbc\x93\x23" \
264
    "\xfc\xea\x3c\xb3\xd7\xbc\x0e\x00\xb5\xa7\xbf\x06\x73\xad\x5b\x79" \
265
    "\x12\x17\x17\x3f\xc2\x80\x6a\x0f\x69\xb0\x12\x49\x56\xc2\xe3\xbd" \
266
    "\x69\x77\x82\x75\x30\xa3\xc7\x96\x06\xee\x00\x00\x00\x00"
267
  end
268

269
  # Identical to `:ccache_aes` but converted to kirbi file format (via `admin/kerberos/ticket_converter`)
270
  let(:kirbi_aes) do
271
    "\x76\x82\x04\xf5\x30\x82\x04\xf1\xa0\x03\x02\x01\x05\xa1\x03\x02" \
272
    "\x01\x16\xa2\x82\x03\xd6\x30\x82\x03\xd2\x61\x82\x03\xce\x30\x82" \
273
    "\x03\xca\xa0\x03\x02\x01\x05\xa1\x11\x1b\x0f\x57\x49\x4e\x44\x4f" \
274
    "\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\xa2\x25\x30\x23\xa0\x03" \
275
    "\x02\x01\x01\xa1\x1c\x30\x1a\x1b\x04\x63\x69\x66\x73\x1b\x12\x64" \
276
    "\x63\x2e\x77\x69\x6e\x64\x6f\x6d\x61\x69\x6e\x2e\x6c\x6f\x63\x61" \
277
    "\x6c\xa3\x82\x03\x87\x30\x82\x03\x83\xa0\x03\x02\x01\x12\xa1\x03" \
278
    "\x02\x01\x02\xa2\x82\x03\x75\x04\x82\x03\x71\xec\x7a\xb2\xbf\x57" \
279
    "\x69\x55\x02\x0e\x1f\xf3\xeb\xdb\x0e\x37\x42\x67\x48\x62\xbb\x63" \
280
    "\x40\x9b\xc9\x70\x73\x03\x46\x8c\xdc\x4f\x4c\xcf\x8e\x66\xf1\xd7" \
281
    "\xad\x07\x68\x00\x5d\xec\xea\xe8\x0b\x79\x9c\x2e\x18\xac\x40\x92" \
282
    "\x0c\xf0\xcf\xdd\xaf\x4b\x9f\xf3\x3f\xcf\x59\x2e\xb3\x7b\x99\x74" \
283
    "\x80\x57\x8f\x74\xf2\xa1\xe6\xfc\x08\x60\x74\x30\xd2\x0b\x7f\xfd" \
284
    "\xd1\x4c\xa5\x1f\xb5\xd5\xe1\xfe\xa8\x62\xca\x5b\xf2\xad\xd0\xbd" \
285
    "\x1f\x2f\x8b\x60\xe0\xa6\x0a\xc7\xe7\xff\x08\xae\xb9\x2b\xcd\xa9" \
286
    "\x4a\xee\xd0\x68\x53\xa3\xed\xc4\xa0\x75\x3b\xc8\x0e\x6c\x47\x90" \
287
    "\x38\x92\xe7\x37\xa6\x27\xa4\x2e\xd6\x54\xa4\x9c\x30\xd6\xf5\xea" \
288
    "\x33\x68\x1c\x26\xea\x7e\xf8\x80\xe9\x94\x52\x2c\x68\xef\x8f\x98" \
289
    "\x6a\x32\xd1\xa2\x37\xd5\x44\xf5\x80\x64\x9b\x22\xe8\xb9\x20\x4b" \
290
    "\xf7\x00\x49\xbe\xab\x6f\xcb\x19\x59\x23\x80\xad\x86\x33\xeb\x52" \
291
    "\x0d\xbb\xf8\xf1\x9d\xd9\x7e\xfc\xf6\x88\x66\x24\x5d\xf0\x40\xbf" \
292
    "\x0e\x91\x17\x8b\x9e\x62\x34\xa5\x6e\x7d\x43\x7e\xcc\x4e\xbf\x66" \
293
    "\xab\x8b\xd0\xb1\x44\xa1\x7b\xe1\x89\x78\x38\xe3\xe1\x48\x70\x4d" \
294
    "\x1f\xfe\xc4\xb0\x5b\x70\x56\x66\xc2\x8f\x5e\x56\x3e\x2f\x18\x95" \
295
    "\x4b\x4c\x5a\x70\x06\x0b\xf6\x34\x7a\x2a\x27\x81\xa0\x96\xc2\x06" \
296
    "\x46\x29\x39\x38\xd9\x60\x56\xd3\x9d\x7f\x2a\x43\x66\x57\xec\x93" \
297
    "\x46\x19\x84\x16\x25\xd8\xc9\xa9\x37\xd8\xe5\xe1\xdd\x65\x07\xc7" \
298
    "\x35\xc3\x20\x10\x7a\x43\xf3\x71\x1f\x33\xdd\x1b\xd9\xac\xb2\x85" \
299
    "\xd7\x4f\xd0\x95\x1e\x76\x51\x47\x27\xa5\x4e\xf2\x23\x8a\xbe\xae" \
300
    "\xbd\x66\xbe\xeb\xca\x62\x49\x2b\x4e\xce\xa4\x1f\xfb\x89\x0a\xe5" \
301
    "\xa9\x8b\xfa\xd8\x6b\x12\x4d\x0b\xd3\x4e\xc9\x17\x49\x33\xc1\xec" \
302
    "\x1a\xa4\x99\xfa\xc3\xc1\x81\x82\x71\x07\x34\xe5\x6b\x87\x88\x17" \
303
    "\xce\x79\xa8\xb6\xbc\x70\x46\x4a\xc9\xcd\x7d\x93\xd8\xb5\x69\x79" \
304
    "\xa0\x89\x3c\x9e\xaa\xf2\x1d\x68\xb1\x63\xd0\xfb\x81\xff\x1e\x77" \
305
    "\xb7\xc9\x98\xaf\xe6\xe0\x02\xda\xd7\x88\x4f\xa7\xc6\x31\xb1\x39" \
306
    "\x65\xb4\x80\x36\x2a\x12\x08\xbb\x1e\xba\xd8\xcb\x97\x70\xeb\xcc" \
307
    "\x9b\x32\xfa\x4b\xd4\xa9\x50\x5d\x6a\xe2\x0f\x02\xa9\xd1\x03\x59" \
308
    "\x40\x4f\x79\xe7\x09\xf3\x6d\x57\x10\xfe\xff\x56\xff\xc1\x4c\xb8" \
309
    "\x47\xc1\x33\x1b\xc5\x84\x89\xbf\xc5\x60\x23\x1d\x62\xdc\x07\x34" \
310
    "\x24\x51\x6c\x60\x55\x3b\x30\xe3\x26\x7c\xcc\x73\x50\xee\x27\xe8" \
311
    "\xd4\xad\x1a\x9b\xfe\xb1\x66\xb5\xb6\x41\xc9\x9b\x1c\x33\x17\x09" \
312
    "\x38\x47\xf1\x2f\x9c\xdd\xbe\xc4\x0b\x61\x14\xf0\xbd\xe0\xc3\xc2" \
313
    "\x8c\x3e\x2b\x06\xe0\xf2\x74\x2e\xc1\x74\x19\x7c\x4c\xe8\xf5\x45" \
314
    "\x69\x40\xdd\xfb\xab\x0f\x8c\x0e\x21\x35\xcf\xc4\x73\x82\x47\x47" \
315
    "\xe1\xb8\x82\x3d\x87\x02\x5c\xb1\x47\xee\x51\x15\xda\xa6\x92\xa8" \
316
    "\x3e\x5b\x38\x61\x93\x6c\x87\x03\xe8\x68\x78\x19\x1d\xec\x61\xe1" \
317
    "\x03\x07\x98\xdd\xf7\xbc\x6e\x1f\x73\x79\xad\xb0\x4d\x99\x39\x6d" \
318
    "\xfa\xd6\xc2\x29\x4f\xa6\x4e\x60\x4a\x35\x09\x17\x1d\x9d\x75\xaa" \
319
    "\x5b\x27\x24\xec\xb0\x82\xee\x94\xe0\xb7\xdf\xbc\xc6\x16\xf9\x11" \
320
    "\x86\xe2\x09\xd3\xe6\x1b\x11\x57\x85\x22\x5e\x17\x71\x8f\x7b\x25" \
321
    "\xde\xbb\x03\x67\x05\xde\x3e\x24\x9f\x02\xe6\xab\xc3\xf8\x3f\x3d" \
322
    "\x0e\x64\x5b\x0a\xa3\xfe\x1c\x3c\x47\xb1\xce\x45\x3e\x83\x71\xde" \
323
    "\xd6\x6f\x35\xa7\xe1\x31\x5b\x65\x46\x58\x2d\xf0\xca\xc7\x85\x0d" \
324
    "\x42\x40\x09\xe0\x83\x8a\x86\x2c\xc4\xfc\xa8\x3d\x51\xc3\x72\x00" \
325
    "\x1d\x72\xe1\x65\x31\xe3\xf4\xd6\xe0\x37\x0a\x48\x24\xa5\x02\xcc" \
326
    "\x96\x9d\x9a\x81\x9e\xd9\xc6\x6c\x2d\xb2\x09\xac\x34\x17\x57\xa8" \
327
    "\x80\x89\x63\xfc\x03\xf7\xb6\x3c\x9f\x38\x95\xf0\x72\xff\x4d\x79" \
328
    "\xf0\x6e\x1f\x98\x20\x2f\x5d\xd2\xc9\xd1\xaa\x20\x35\xac\x92\x5e" \
329
    "\x62\x20\x29\x3d\xdf\xb1\x1b\xbd\x91\x40\x69\xae\xdf\xa6\x78\x00" \
330
    "\xbe\xcb\x26\xd7\x7a\xd4\xcf\x31\x55\xa8\xc4\x5d\xfa\x27\xf5\x44" \
331
    "\xc0\x2b\xb4\x94\x66\x78\xd6\xaa\x66\x6c\x05\xa4\x99\x3c\x77\xdf" \
332
    "\xd0\x26\x47\xb4\x40\x90\xae\x8a\x96\x02\xe0\xf3\x22\xf0\x8d\xbb" \
333
    "\x0d\x86\x5b\x0a\x7d\x7a\xee\x38\x45\xd3\x01\x46\xa3\x82\x01\x09" \
334
    "\x30\x82\x01\x05\xa0\x03\x02\x01\x12\xa2\x81\xfd\x04\x81\xfa\x7d" \
335
    "\x81\xf7\x30\x81\xf4\xa0\x81\xf1\x30\x81\xee\x30\x81\xeb\xa0\x2b" \
336
    "\x30\x29\xa0\x03\x02\x01\x12\xa1\x22\x04\x20\x30\x31\x36\x30\x31" \
337
    "\x30\x31\x30\x37\x65\x65\x30\x64\x36\x38\x38\x63\x39\x39\x61\x39" \
338
    "\x33\x38\x38\x36\x33\x34\x61\x65\x30\x34\x31\xa1\x11\x1b\x0f\x57" \
339
    "\x49\x4e\x44\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\xa2\x1a" \
340
    "\x30\x18\xa0\x03\x02\x01\x01\xa1\x11\x30\x0f\x1b\x0d\x41\x64\x6d" \
341
    "\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72\xa3\x07\x03\x05\x00\x50" \
342
    "\xa0\x00\x00\xa4\x11\x18\x0f\x32\x30\x32\x33\x30\x31\x31\x33\x31" \
343
    "\x34\x33\x31\x32\x35\x5a\xa5\x11\x18\x0f\x32\x30\x32\x33\x30\x31" \
344
    "\x31\x33\x31\x34\x33\x31\x32\x35\x5a\xa6\x11\x18\x0f\x32\x30\x33" \
345
    "\x33\x30\x31\x31\x30\x31\x34\x33\x31\x32\x35\x5a\xa7\x11\x18\x0f" \
346
    "\x32\x30\x33\x33\x30\x31\x31\x30\x31\x34\x33\x31\x32\x35\x5a\xa8" \
347
    "\x11\x1b\x0f\x57\x49\x4e\x44\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43" \
348
    "\x41\x4c\xa9\x25\x30\x23\xa0\x03\x02\x01\x01\xa1\x1c\x30\x1a\x1b" \
349
    "\x04\x63\x69\x66\x73\x1b\x12\x64\x63\x2e\x77\x69\x6e\x64\x6f\x6d" \
350
    "\x61\x69\x6e\x2e\x6c\x6f\x63\x61\x6c"
351
  end
352

353
  # Identical to `:ccache_nthash` but converted to kirbi file format (via `admin/kerberos/ticket_converter`)
354
  let(:kirbi_nthash) do
355
    "\x76\x82\x04\xdf\x30\x82\x04\xdb\xa0\x03\x02\x01\x05\xa1\x03\x02" \
356
    "\x01\x16\xa2\x82\x03\xd2\x30\x82\x03\xce\x61\x82\x03\xca\x30\x82" \
357
    "\x03\xc6\xa0\x03\x02\x01\x05\xa1\x11\x1b\x0f\x57\x49\x4e\x44\x4f" \
358
    "\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\xa2\x25\x30\x23\xa0\x03" \
359
    "\x02\x01\x01\xa1\x1c\x30\x1a\x1b\x04\x63\x69\x66\x73\x1b\x12\x64" \
360
    "\x63\x2e\x77\x69\x6e\x64\x6f\x6d\x61\x69\x6e\x2e\x6c\x6f\x63\x61" \
361
    "\x6c\xa3\x82\x03\x83\x30\x82\x03\x7f\xa0\x03\x02\x01\x17\xa1\x03" \
362
    "\x02\x01\x02\xa2\x82\x03\x71\x04\x82\x03\x6d\x8f\x47\xbe\x76\x3e" \
363
    "\x3b\x6b\x9a\x85\x90\xc2\xbd\x0a\x62\x95\x3b\x6a\x93\xb9\xab\x7f" \
364
    "\xcd\xb4\x85\x9b\x48\x19\x85\xbd\xbb\xe3\xff\x21\xc0\x34\xb3\x64" \
365
    "\x72\xac\xad\x15\x88\x1f\x4d\xbb\xfd\x71\x4a\xc9\x2f\x89\x4e\x9b" \
366
    "\xf5\x73\x6f\xa3\x38\xdd\x33\x28\x4b\x0b\x0d\x20\xfc\x52\x4c\x4b" \
367
    "\xe5\xa5\xac\xe2\x06\xce\xa8\x0f\x56\x9e\x3f\xeb\x27\x10\x59\x70" \
368
    "\xd7\x78\x77\xd3\xad\x3c\xcd\x71\x19\x5d\x83\xbe\xbe\xc2\x54\x7c" \
369
    "\xd0\x38\x70\x7d\x8a\x7d\xb4\x10\x14\x06\x1d\xcb\x4c\xcf\xe6\x80" \
370
    "\xf3\xbe\x1a\xc8\xe5\xa0\x39\xff\xb1\x58\x93\x91\x4b\x8e\x70\xff" \
371
    "\x66\x70\x10\xe2\xfe\x15\xab\xf7\xb2\x31\x85\xa3\x67\xdb\x8f\xc9" \
372
    "\x8d\x43\x8e\x69\xf4\xf7\x4d\x3c\xfa\xf5\xad\xea\x3f\x8f\x12\x4d" \
373
    "\x95\x37\xee\x1a\x26\xcb\x60\xde\x00\x78\x7b\xe8\x89\xb6\x25\x32" \
374
    "\x39\x3a\xbf\xba\xb1\xd5\x14\xb0\x95\xc4\x1c\x37\xfa\x6d\xbd\x5e" \
375
    "\x2e\x9d\xdb\x3f\x23\x5c\xcf\xd3\xa6\xa5\xfa\xb8\xcf\x3c\x16\x76" \
376
    "\x0b\x57\xeb\x68\xa1\x72\x1b\xa7\x22\x82\xa0\xff\x79\xee\xef\x7b" \
377
    "\xa8\xe6\xe7\x6f\xcb\x47\xf8\x5b\x45\xcb\x0e\x40\x0b\x9b\xd0\xe9" \
378
    "\x98\xb4\x49\x4f\x9c\xf4\xbc\x34\xc1\x30\xf6\xb9\x79\xdc\x51\x93" \
379
    "\xda\xc4\x8e\x3a\xa5\xf3\xc9\x0e\x16\x7f\xf8\x1a\x5b\x24\x2c\x45" \
380
    "\xe6\xeb\xe5\x55\x3a\xfa\x6c\x79\x4f\x5e\x27\xe7\x94\x8b\x2d\xeb" \
381
    "\xde\x73\xe5\xc5\xaf\xdf\x24\x81\x5e\x62\x66\x33\xab\x7a\x18\x6e" \
382
    "\x64\xe5\xf5\x4c\x38\xc5\x2f\x92\x10\xea\x74\xaa\xe2\x9b\x3d\x4a" \
383
    "\xd3\xd1\x45\x9b\x8b\xe9\xd5\x83\x5d\x7a\x6c\x85\x12\x68\x61\xfe" \
384
    "\x16\xb2\x50\x26\x66\x09\x44\xcd\xf9\x5c\xff\xc4\x4a\x67\xd1\x6a" \
385
    "\x8b\xd5\xee\x81\x8f\xb2\xca\x0e\x23\x4b\x92\x6c\x62\x50\x21\x6f" \
386
    "\x70\x1c\x96\xd9\x9e\xb8\xf8\x0e\x06\x05\x53\x6b\x5b\x5c\x0f\x04" \
387
    "\xd8\x3a\xb0\x75\x73\x8f\x8a\x55\xa1\xf8\x56\x53\x96\x0e\xe2\x84" \
388
    "\x93\x3b\x5a\x05\xe2\x3f\x95\xc8\xb8\xfe\x29\xe9\x5f\x96\xb6\x36" \
389
    "\x30\xc0\x0a\x0a\x99\x23\xea\xff\xfb\xa4\x15\xe8\xfe\x1d\xd1\xd4" \
390
    "\x94\x49\x3b\x2a\x75\x2b\xdb\xae\xe4\x7b\x94\x61\x0b\xac\x25\xfc" \
391
    "\x0f\xd7\x6c\xc6\x5a\x4f\x8b\x7b\x5f\x77\x61\x3f\x24\xf2\xe0\x77" \
392
    "\xdd\x67\x7f\xac\xd8\x07\xaf\x68\x74\x5d\xa6\x4e\xec\x3f\xa7\xff" \
393
    "\x01\x73\x9a\x86\xaa\xb8\x8d\x11\x53\x77\xa1\xf2\xdb\xbe\x5c\x75" \
394
    "\xe4\x93\x52\x26\x95\xd6\x4e\x8a\x70\x7b\xca\xb2\xf3\x59\x9c\xd3" \
395
    "\x08\xb4\xe5\xcb\x64\x4d\x15\x30\x99\x6c\xe1\xed\x8e\xa3\x06\x99" \
396
    "\x30\x05\xa3\xd7\x43\x12\xeb\x2e\x46\xce\xca\x77\x7f\xba\xe9\xad" \
397
    "\x7b\xdd\x67\x0b\xb1\x15\x3b\x9c\x1a\xa6\x92\xd6\x9d\x59\x1c\xe8" \
398
    "\xed\x18\xbf\xf0\x11\xec\xa4\xa3\xce\x31\x43\xa8\x32\xb7\x7f\x0a" \
399
    "\xbd\x49\xe4\xd8\x45\x6f\x4d\x11\x2b\x24\x5f\x31\x8e\x90\x41\x70" \
400
    "\xf4\x0c\xa8\x1b\xd8\x70\xe4\x8b\x15\xf7\xe1\x58\x7d\xbe\x0c\xcb" \
401
    "\x52\x80\x72\xff\x24\xa8\xa6\xaf\x93\x8d\xb2\xcc\xe3\x16\x43\x1c" \
402
    "\x3a\xcc\xe5\x32\x4d\xc5\x4f\x82\x41\xdf\x64\x0c\xe8\xb1\xb3\xf9" \
403
    "\x6e\x5d\xa4\x90\x22\x24\x99\x65\x22\x4b\xc1\x37\xee\xa4\x3d\x35" \
404
    "\xaf\x62\x78\x75\xe7\x68\x65\xb4\xa0\x24\x3b\xeb\x0c\x4a\x5e\x8e" \
405
    "\xf1\x29\x34\xc5\x73\x01\x7b\xd9\x36\xed\x90\xa9\x90\xdb\x4a\xef" \
406
    "\xb4\x2f\xc3\x9a\xd7\xb2\x4e\x1e\x1a\x68\xb1\x45\x8d\x98\x6f\x1f" \
407
    "\x88\x67\x06\x4e\x2e\x92\x33\x92\x8b\x5e\xab\xaa\x57\x19\xb9\x77" \
408
    "\xe1\x3a\xdb\xc1\x66\xa5\xad\xaa\xbb\x6c\x47\xa8\xab\xd5\xe7\x65" \
409
    "\xe3\xcf\xa2\xaf\x7d\xcb\x8e\xcd\x63\x4c\x6a\x5d\x47\x8e\xc8\x90" \
410
    "\x93\x31\x70\x00\x50\xe4\x41\x31\xc0\xe4\x6d\x5b\x95\x49\x8f\x89" \
411
    "\xb5\xb4\xea\xc9\x60\xc4\x3a\x4a\x16\x69\x3c\x29\x7a\xd9\xf4\xff" \
412
    "\x84\xb0\xfa\xa9\xaa\xac\x47\xb1\xa4\x98\x64\xe4\xc3\xaa\x26\x10" \
413
    "\x9c\x38\x8f\x60\xeb\x29\xfa\x15\xe7\x4b\xe4\x39\xb4\xed\x13\x87" \
414
    "\x4b\x91\x8f\x89\xbe\x0c\x01\x13\x19\xf7\xef\xbc\x93\x23\xfc\xea" \
415
    "\x3c\xb3\xd7\xbc\x0e\x00\xb5\xa7\xbf\x06\x73\xad\x5b\x79\x12\x17" \
416
    "\x17\x3f\xc2\x80\x6a\x0f\x69\xb0\x12\x49\x56\xc2\xe3\xbd\x69\x77" \
417
    "\x82\x75\x30\xa3\xc7\x96\x06\xee\xa3\x81\xf8\x30\x81\xf5\xa0\x03" \
418
    "\x02\x01\x17\xa2\x81\xed\x04\x81\xea\x7d\x81\xe7\x30\x81\xe4\xa0" \
419
    "\x81\xe1\x30\x81\xde\x30\x81\xdb\xa0\x1b\x30\x19\xa0\x03\x02\x01" \
420
    "\x17\xa1\x12\x04\x10\x66\x38\x37\x38\x64\x64\x63\x36\x37\x38\x63" \
421
    "\x37\x61\x64\x37\x66\xa1\x11\x1b\x0f\x57\x49\x4e\x44\x4f\x4d\x41" \
422
    "\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\xa2\x1a\x30\x18\xa0\x03\x02\x01" \
423
    "\x01\xa1\x11\x30\x0f\x1b\x0d\x41\x64\x6d\x69\x6e\x69\x73\x74\x72" \
424
    "\x61\x74\x6f\x72\xa3\x07\x03\x05\x00\x50\xa0\x00\x00\xa4\x11\x18" \
425
    "\x0f\x32\x30\x32\x33\x30\x31\x31\x33\x31\x34\x33\x36\x33\x39\x5a" \
426
    "\xa5\x11\x18\x0f\x32\x30\x32\x33\x30\x31\x31\x33\x31\x34\x33\x36" \
427
    "\x33\x39\x5a\xa6\x11\x18\x0f\x32\x30\x33\x33\x30\x31\x31\x30\x31" \
428
    "\x34\x33\x36\x33\x39\x5a\xa7\x11\x18\x0f\x32\x30\x33\x33\x30\x31" \
429
    "\x31\x30\x31\x34\x33\x36\x33\x39\x5a\xa8\x11\x1b\x0f\x57\x49\x4e" \
430
    "\x44\x4f\x4d\x41\x49\x4e\x2e\x4c\x4f\x43\x41\x4c\xa9\x25\x30\x23" \
431
    "\xa0\x03\x02\x01\x01\xa1\x1c\x30\x1a\x1b\x04\x63\x69\x66\x73\x1b" \
432
    "\x12\x64\x63\x2e\x77\x69\x6e\x64\x6f\x6d\x61\x69\x6e\x2e\x6c\x6f" \
433
    "\x63\x61\x6c"
434
  end
435

436
  let(:ccache_file_aes) do
437
    ccache_file = Tempfile.new('ccache_aes')
438
    File.binwrite(ccache_file.path, ccache_aes)
439
    ccache_file
440
  end
441

442
  let(:ccache_file_nthash) do
443
    ccache_file = Tempfile.new('ccache_nthash')
444
    File.binwrite(ccache_file.path, ccache_nthash)
445
    ccache_file
446
  end
447

448
  let(:kirbi_file_aes) do
449
    kirbi_file = Tempfile.new('kirbi_aes')
450
    File.binwrite(kirbi_file.path, kirbi_aes)
451
    kirbi_file
452
  end
453

454
  let(:kirbi_file_nthash) do
455
    kirbi_file = Tempfile.new('kirbi_nthash')
456
    File.binwrite(kirbi_file.path, kirbi_nthash)
457
    kirbi_file
458
  end
459

460
  let(:expected_decrypted_aes_output) do
461
    expected_output = ["#{file_format} File:#{ticket_path}"]
462
    expected_output << <<~EOF.chomp
463
      Primary Principal: Administrator@WINDOMAIN.LOCAL
464
      Ccache version: 4
465

466
      Creds: 1
467
        Credential[0]:
468
          Server: cifs/dc.windomain.local@WINDOMAIN.LOCAL
469
          Client: Administrator@WINDOMAIN.LOCAL
470
          Ticket etype: 18 (AES256)
471
          Key: 3031363031303130376565306436383863393961393338383633346165303431
472
          Subkey: false
473
          Ticket Length: 978
474
          Ticket Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
475
          Addresses: 0
476
          Authdatas: 0
477
          Times:
478
            Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
479
            Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
480
            End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
481
            Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
482
          Ticket:
483
            Ticket Version Number: 5
484
            Realm: WINDOMAIN.LOCAL
485
            Server Name: cifs/dc.windomain.local
486
            Encrypted Ticket Part:
487
              Ticket etype: 18 (AES256)
488
              Key Version Number: 2
489
              Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326):
490
                Times:
491
                  Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
492
                  Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
493
                  End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
494
                  Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
495
                Client Addresses: 0
496
                Transited: tr_type: 0, Contents: ""
497
                Client Name: 'Administrator'
498
                Client Realm: 'WINDOMAIN.LOCAL'
499
                Ticket etype: 18 (AES256)
500
                Session Key: 3031363031303130376565306436383863393961393338383633346165303431
501
                Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
502
                PAC:
503
                  Validation Info:
504
                    Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
505
                    Logoff Time: Never Expires (inf)
506
                    Kick Off Time: Never Expires (inf)
507
                    Password Last Set: No Time Set (0)
508
                    Password Can Change: No Time Set (0)
509
                    Password Must Change: Never Expires (inf)
510
                    Logon Count: 0
511
                    Bad Password Count: 0
512
                    User ID: 500
513
                    Primary Group ID: 513
514
                    User Flags: 0
515
                      .... .... .... .... ..0. .... .... .... Used Lmv2 Auth And Ntlmv2 Session Key: The USED_LMV2_AUTH_AND_NTLMV2_SESSION_KEY bit is NOT SET
516
                      .... .... .... .... ...0 .... .... .... Used Lmv2 Auth And Session Key: The USED_LMV2_AUTH_AND_SESSION_KEY bit is NOT SET
517
                      .... .... .... .... .... 0... .... .... Used Ntlmv2 Auth And Session Key: The USED_NTLMV2_AUTH_AND_SESSION_KEY bit is NOT SET
518
                      .... .... .... .... .... .0.. .... .... Profile Path Populated: The PROFILE_PATH_POPULATED bit is NOT SET
519
                      .... .... .... .... .... ..0. .... .... Resource Group Ids: The RESOURCE_GROUP_IDS bit is NOT SET
520
                      .... .... .... .... .... ...0 .... .... Accepts Ntlmv2: The ACCEPTS_NTLMV2 bit is NOT SET
521
                      .... .... .... .... .... .... 0... .... Machine Account: The MACHINE_ACCOUNT bit is NOT SET
522
                      .... .... .... .... .... .... .0.. .... Sub Authentication: The SUB_AUTHENTICATION bit is NOT SET
523
                      .... .... .... .... .... .... ..0. .... Extra Sids: The EXTRA_SIDS bit is NOT SET
524
                      .... .... .... .... .... .... .... 0... Lan Manager: The LAN_MANAGER bit is NOT SET
525
                      .... .... .... .... .... .... .... ..0. No Encryption: The NO_ENCRYPTION bit is NOT SET
526
                      .... .... .... .... .... .... .... ...0 Guest: The GUEST bit is NOT SET
527
                    User Session Key: 00000000000000000000000000000000
528
                    User Account Control: 528
529
                      .... .... ..0. .... .... .... .... .... Use Aes Keys: The USE_AES_KEYS bit is NOT SET
530
                      .... .... ...0 .... .... .... .... .... Partial Secrets Account: The PARTIAL_SECRETS_ACCOUNT bit is NOT SET
531
                      .... .... .... 0... .... .... .... .... No Auth Data Required: The NO_AUTH_DATA_REQUIRED bit is NOT SET
532
                      .... .... .... .0.. .... .... .... .... Trusted To Authenticate For Delegation: The TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION bit is NOT SET
533
                      .... .... .... ..0. .... .... .... .... Password Expired: The PASSWORD_EXPIRED bit is NOT SET
534
                      .... .... .... ...0 .... .... .... .... Dont Require Preauth: The DONT_REQUIRE_PREAUTH bit is NOT SET
535
                      .... .... .... .... 0... .... .... .... Use Des Key Only: The USE_DES_KEY_ONLY bit is NOT SET
536
                      .... .... .... .... .0.. .... .... .... Not Delegated: The NOT_DELEGATED bit is NOT SET
537
                      .... .... .... .... ..0. .... .... .... Trusted For Delegation: The TRUSTED_FOR_DELEGATION bit is NOT SET
538
                      .... .... .... .... ...0 .... .... .... Smartcard Required: The SMARTCARD_REQUIRED bit is NOT SET
539
                      .... .... .... .... .... 0... .... .... Encrypted Test Password Allowed: The ENCRYPTED_TEST_PASSWORD_ALLOWED bit is NOT SET
540
                      .... .... .... .... .... .0.. .... .... Account Auto Lock: The ACCOUNT_AUTO_LOCK bit is NOT SET
541
                      .... .... .... .... .... ..1. .... .... Dont Expire Password: The DONT_EXPIRE_PASSWORD bit is SET
542
                      .... .... .... .... .... ...0 .... .... Server Trust Account: The SERVER_TRUST_ACCOUNT bit is NOT SET
543
                      .... .... .... .... .... .... 0... .... Workstation Trust Account: The WORKSTATION_TRUST_ACCOUNT bit is NOT SET
544
                      .... .... .... .... .... .... .0.. .... Interdomain Trust Account: The INTERDOMAIN_TRUST_ACCOUNT bit is NOT SET
545
                      .... .... .... .... .... .... ..0. .... Mns Logon Account: The MNS_LOGON_ACCOUNT bit is NOT SET
546
                      .... .... .... .... .... .... ...1 .... Normal Account: The NORMAL_ACCOUNT bit is SET
547
                      .... .... .... .... .... .... .... 0... Temp Duplicate Account: The TEMP_DUPLICATE_ACCOUNT bit is NOT SET
548
                      .... .... .... .... .... .... .... .0.. Password Not Required: The PASSWORD_NOT_REQUIRED bit is NOT SET
549
                      .... .... .... .... .... .... .... ..0. Home Directory Required: The HOME_DIRECTORY_REQUIRED bit is NOT SET
550
                      .... .... .... .... .... .... .... ...0 Account Disabled: The ACCOUNT_DISABLED bit is NOT SET
551
                    Sub Auth Status: 0
552
                    Last Successful Interactive Logon: No Time Set (0)
553
                    Last Failed Interactive Logon: No Time Set (0)
554
                    Failed Interactive Logon Count: 0
555
                    Extra SID Count: 0
556
                    Resource Group Count: 0
557
                    Group Count: 5
558
                    Group IDs:
559
                      Relative ID: 513
560
                      Attributes: 7
561
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
562
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
563
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
564
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
565
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
566
                      Relative ID: 512
567
                      Attributes: 7
568
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
569
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
570
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
571
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
572
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
573
                      Relative ID: 520
574
                      Attributes: 7
575
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
576
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
577
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
578
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
579
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
580
                      Relative ID: 518
581
                      Attributes: 7
582
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
583
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
584
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
585
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
586
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
587
                      Relative ID: 519
588
                      Attributes: 7
589
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
590
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
591
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
592
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
593
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
594
                    Logon Domain ID: S-1-5-21-3541430928-2051711210-1391384369
595
                    Effective Name: 'Administrator'
596
                    Full Name: ''
597
                    Logon Script: ''
598
                    Profile Path: ''
599
                    Home Directory: ''
600
                    Home Directory Drive: ''
601
                    Logon Server: ''
602
                    Logon Domain Name: 'WINDOMAIN.LOCAL'
603
                  Client Info:
604
                    Name: 'Administrator'
605
                    Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
606
                  Pac Server Checksum:
607
                    Signature: 81a20da731b3b9bdd2e756dc
608
                  Pac Privilege Server Checksum:
609
                    Signature: e552ba92ad312755d89ebcc7
610
    EOF
611
    expected_output.join("\n")
612
  end
613

614
  let(:expected_encrypted_aes_output) do
615
    expected_output = ['No decryption key provided proceeding without decryption.']
616
    expected_output << "#{file_format} File:#{ticket_path}"
617
    expected_output << <<~EOF.chomp
618
      Primary Principal: Administrator@WINDOMAIN.LOCAL
619
      Ccache version: 4
620

621
      Creds: 1
622
        Credential[0]:
623
          Server: cifs/dc.windomain.local@WINDOMAIN.LOCAL
624
          Client: Administrator@WINDOMAIN.LOCAL
625
          Ticket etype: 18 (AES256)
626
          Key: 3031363031303130376565306436383863393961393338383633346165303431
627
          Subkey: false
628
          Ticket Length: 978
629
          Ticket Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
630
          Addresses: 0
631
          Authdatas: 0
632
          Times:
633
            Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
634
            Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time}
635
            End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
636
            Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time}
637
          Ticket:
638
            Ticket Version Number: 5
639
            Realm: WINDOMAIN.LOCAL
640
            Server Name: cifs/dc.windomain.local
641
            Encrypted Ticket Part:
642
              Ticket etype: 18 (AES256)
643
              Key Version Number: 2
644
              Cipher:
645
                7Hqyv1dpVQIOH/Pr2w43QmdIYrtjQJvJcHMDRozcT0zPjmbx160HaABd7OroC3mcLhisQJIM8M/dr0uf8z/PWS6ze5l0gFePdPKh5vwIYHQw0gt//dFMpR+11eH+qGLKW/Kt0L0fL4tg4KYKx+f/CK65K82pSu7QaFOj7cSgdTvIDmxHkDiS5zemJ6Qu1lSknDDW9eozaBwm6n74gOmUUixo74+YajLRojfVRPWAZJsi6LkgS/cASb6rb8sZWSOArYYz61INu/jxndl+/PaIZiRd8EC/DpEXi55iNKVufUN+zE6/ZquL0LFEoXvhiXg44+FIcE0f/sSwW3BWZsKPXlY+LxiVS0xacAYL9jR6KieBoJbCBkYpOTjZYFbTnX8qQ2ZX7JNGGYQWJdjJqTfY5eHdZQfHNcMgEHpD83EfM90b2ayyhddP0JUedlFHJ6VO8iOKvq69Zr7rymJJK07OpB/7iQrlqYv62GsSTQvTTskXSTPB7BqkmfrDwYGCcQc05WuHiBfOeai2vHBGSsnNfZPYtWl5oIk8nqryHWixY9D7gf8ed7fJmK/m4ALa14hPp8YxsTlltIA2KhIIux662MuXcOvMmzL6S9SpUF1q4g8CqdEDWUBPeecJ821XEP7/Vv/BTLhHwTMbxYSJv8VgIx1i3Ac0JFFsYFU7MOMmfMxzUO4n6NStGpv+sWa1tkHJmxwzFwk4R/EvnN2+xAthFPC94MPCjD4rBuDydC7BdBl8TOj1RWlA3furD4wOITXPxHOCR0fhuII9hwJcsUfuURXappKoPls4YZNshwPoaHgZHexh4QMHmN33vG4fc3mtsE2ZOW361sIpT6ZOYEo1CRcdnXWqWyck7LCC7pTgt9+8xhb5EYbiCdPmGxFXhSJeF3GPeyXeuwNnBd4+JJ8C5qvD+D89DmRbCqP+HDxHsc5FPoNx3tZvNafhMVtlRlgt8MrHhQ1CQAngg4qGLMT8qD1Rw3IAHXLhZTHj9NbgNwpIJKUCzJadmoGe2cZsLbIJrDQXV6iAiWP8A/e2PJ84lfBy/0158G4fmCAvXdLJ0aogNaySXmIgKT3fsRu9kUBprt+meAC+yybXetTPMVWoxF36J/VEwCu0lGZ41qpmbAWkmTx339AmR7RAkK6KlgLg8yLwjbsNhlsKfXruOEXTAUY=
646
    EOF
647
    expected_output.join("\n")
648
  end
649

650
  let(:expected_decrypted_nthash_output) do
651
    expected_output = ["#{file_format} File:#{ticket_path}"]
652
    expected_output << <<~EOF.chomp
653
      Primary Principal: Administrator@WINDOMAIN.LOCAL
654
      Ccache version: 4
655

656
      Creds: 1
657
        Credential[0]:
658
          Server: cifs/dc.windomain.local@WINDOMAIN.LOCAL
659
          Client: Administrator@WINDOMAIN.LOCAL
660
          Ticket etype: 23 (RC4_HMAC)
661
          Key: 66383738646463363738633761643766
662
          Subkey: false
663
          Ticket Length: 974
664
          Ticket Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
665
          Addresses: 0
666
          Authdatas: 0
667
          Times:
668
            Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
669
            Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
670
            End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
671
            Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
672
          Ticket:
673
            Ticket Version Number: 5
674
            Realm: WINDOMAIN.LOCAL
675
            Server Name: cifs/dc.windomain.local
676
            Encrypted Ticket Part:
677
              Ticket etype: 23 (RC4_HMAC)
678
              Key Version Number: 2
679
              Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29):
680
                Times:
681
                  Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
682
                  Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
683
                  End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
684
                  Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
685
                Client Addresses: 0
686
                Transited: tr_type: 0, Contents: ""
687
                Client Name: 'Administrator'
688
                Client Realm: 'WINDOMAIN.LOCAL'
689
                Ticket etype: 23 (RC4_HMAC)
690
                Session Key: 66383738646463363738633761643766
691
                Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
692
                PAC:
693
                  Validation Info:
694
                    Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
695
                    Logoff Time: Never Expires (inf)
696
                    Kick Off Time: Never Expires (inf)
697
                    Password Last Set: No Time Set (0)
698
                    Password Can Change: No Time Set (0)
699
                    Password Must Change: Never Expires (inf)
700
                    Logon Count: 0
701
                    Bad Password Count: 0
702
                    User ID: 500
703
                    Primary Group ID: 513
704
                    User Flags: 0
705
                      .... .... .... .... ..0. .... .... .... Used Lmv2 Auth And Ntlmv2 Session Key: The USED_LMV2_AUTH_AND_NTLMV2_SESSION_KEY bit is NOT SET
706
                      .... .... .... .... ...0 .... .... .... Used Lmv2 Auth And Session Key: The USED_LMV2_AUTH_AND_SESSION_KEY bit is NOT SET
707
                      .... .... .... .... .... 0... .... .... Used Ntlmv2 Auth And Session Key: The USED_NTLMV2_AUTH_AND_SESSION_KEY bit is NOT SET
708
                      .... .... .... .... .... .0.. .... .... Profile Path Populated: The PROFILE_PATH_POPULATED bit is NOT SET
709
                      .... .... .... .... .... ..0. .... .... Resource Group Ids: The RESOURCE_GROUP_IDS bit is NOT SET
710
                      .... .... .... .... .... ...0 .... .... Accepts Ntlmv2: The ACCEPTS_NTLMV2 bit is NOT SET
711
                      .... .... .... .... .... .... 0... .... Machine Account: The MACHINE_ACCOUNT bit is NOT SET
712
                      .... .... .... .... .... .... .0.. .... Sub Authentication: The SUB_AUTHENTICATION bit is NOT SET
713
                      .... .... .... .... .... .... ..0. .... Extra Sids: The EXTRA_SIDS bit is NOT SET
714
                      .... .... .... .... .... .... .... 0... Lan Manager: The LAN_MANAGER bit is NOT SET
715
                      .... .... .... .... .... .... .... ..0. No Encryption: The NO_ENCRYPTION bit is NOT SET
716
                      .... .... .... .... .... .... .... ...0 Guest: The GUEST bit is NOT SET
717
                    User Session Key: 00000000000000000000000000000000
718
                    User Account Control: 528
719
                      .... .... ..0. .... .... .... .... .... Use Aes Keys: The USE_AES_KEYS bit is NOT SET
720
                      .... .... ...0 .... .... .... .... .... Partial Secrets Account: The PARTIAL_SECRETS_ACCOUNT bit is NOT SET
721
                      .... .... .... 0... .... .... .... .... No Auth Data Required: The NO_AUTH_DATA_REQUIRED bit is NOT SET
722
                      .... .... .... .0.. .... .... .... .... Trusted To Authenticate For Delegation: The TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION bit is NOT SET
723
                      .... .... .... ..0. .... .... .... .... Password Expired: The PASSWORD_EXPIRED bit is NOT SET
724
                      .... .... .... ...0 .... .... .... .... Dont Require Preauth: The DONT_REQUIRE_PREAUTH bit is NOT SET
725
                      .... .... .... .... 0... .... .... .... Use Des Key Only: The USE_DES_KEY_ONLY bit is NOT SET
726
                      .... .... .... .... .0.. .... .... .... Not Delegated: The NOT_DELEGATED bit is NOT SET
727
                      .... .... .... .... ..0. .... .... .... Trusted For Delegation: The TRUSTED_FOR_DELEGATION bit is NOT SET
728
                      .... .... .... .... ...0 .... .... .... Smartcard Required: The SMARTCARD_REQUIRED bit is NOT SET
729
                      .... .... .... .... .... 0... .... .... Encrypted Test Password Allowed: The ENCRYPTED_TEST_PASSWORD_ALLOWED bit is NOT SET
730
                      .... .... .... .... .... .0.. .... .... Account Auto Lock: The ACCOUNT_AUTO_LOCK bit is NOT SET
731
                      .... .... .... .... .... ..1. .... .... Dont Expire Password: The DONT_EXPIRE_PASSWORD bit is SET
732
                      .... .... .... .... .... ...0 .... .... Server Trust Account: The SERVER_TRUST_ACCOUNT bit is NOT SET
733
                      .... .... .... .... .... .... 0... .... Workstation Trust Account: The WORKSTATION_TRUST_ACCOUNT bit is NOT SET
734
                      .... .... .... .... .... .... .0.. .... Interdomain Trust Account: The INTERDOMAIN_TRUST_ACCOUNT bit is NOT SET
735
                      .... .... .... .... .... .... ..0. .... Mns Logon Account: The MNS_LOGON_ACCOUNT bit is NOT SET
736
                      .... .... .... .... .... .... ...1 .... Normal Account: The NORMAL_ACCOUNT bit is SET
737
                      .... .... .... .... .... .... .... 0... Temp Duplicate Account: The TEMP_DUPLICATE_ACCOUNT bit is NOT SET
738
                      .... .... .... .... .... .... .... .0.. Password Not Required: The PASSWORD_NOT_REQUIRED bit is NOT SET
739
                      .... .... .... .... .... .... .... ..0. Home Directory Required: The HOME_DIRECTORY_REQUIRED bit is NOT SET
740
                      .... .... .... .... .... .... .... ...0 Account Disabled: The ACCOUNT_DISABLED bit is NOT SET
741
                    Sub Auth Status: 0
742
                    Last Successful Interactive Logon: No Time Set (0)
743
                    Last Failed Interactive Logon: No Time Set (0)
744
                    Failed Interactive Logon Count: 0
745
                    Extra SID Count: 0
746
                    Resource Group Count: 0
747
                    Group Count: 5
748
                    Group IDs:
749
                      Relative ID: 513
750
                      Attributes: 7
751
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
752
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
753
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
754
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
755
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
756
                      Relative ID: 512
757
                      Attributes: 7
758
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
759
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
760
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
761
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
762
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
763
                      Relative ID: 520
764
                      Attributes: 7
765
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
766
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
767
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
768
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
769
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
770
                      Relative ID: 518
771
                      Attributes: 7
772
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
773
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
774
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
775
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
776
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
777
                      Relative ID: 519
778
                      Attributes: 7
779
                        ..0. .... .... .... .... .... .... .... Resource: The RESOURCE bit is NOT SET
780
                        .... .... .... .... .... .... .... 0... Owner: The OWNER bit is NOT SET
781
                        .... .... .... .... .... .... .... .1.. Enabled: The ENABLED bit is SET
782
                        .... .... .... .... .... .... .... ..1. Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
783
                        .... .... .... .... .... .... .... ...1 Mandatory: The MANDATORY bit is SET
784
                    Logon Domain ID: S-1-5-21-3541430928-2051711210-1391384369
785
                    Effective Name: 'Administrator'
786
                    Full Name: ''
787
                    Logon Script: ''
788
                    Profile Path: ''
789
                    Home Directory: ''
790
                    Home Directory Drive: ''
791
                    Logon Server: ''
792
                    Logon Domain Name: 'WINDOMAIN.LOCAL'
793
                  Client Info:
794
                    Name: 'Administrator'
795
                    Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
796
                  Pac Server Checksum:
797
                    Signature: 1a038d8dd257a7d9b875280259ab0e4a
798
                  Pac Privilege Server Checksum:
799
                    Signature: 2f3a9e1e4fa7d3823dcb7edbdaaa8385
800
    EOF
801
    expected_output.join("\n")
802
  end
803

804
  let(:expected_encrypted_nthash_output) do
805
    expected_output = ['No decryption key provided proceeding without decryption.']
806
    expected_output << "#{file_format} File:#{ticket_path}"
807
    expected_output << <<~EOF.chomp
808
      Primary Principal: Administrator@WINDOMAIN.LOCAL
809
      Ccache version: 4
810

811
      Creds: 1
812
        Credential[0]:
813
          Server: cifs/dc.windomain.local@WINDOMAIN.LOCAL
814
          Client: Administrator@WINDOMAIN.LOCAL
815
          Ticket etype: 23 (RC4_HMAC)
816
          Key: 66383738646463363738633761643766
817
          Subkey: false
818
          Ticket Length: 974
819
          Ticket Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT)
820
          Addresses: 0
821
          Authdatas: 0
822
          Times:
823
            Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
824
            Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time}
825
            End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
826
            Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time}
827
          Ticket:
828
            Ticket Version Number: 5
829
            Realm: WINDOMAIN.LOCAL
830
            Server Name: cifs/dc.windomain.local
831
            Encrypted Ticket Part:
832
              Ticket etype: 23 (RC4_HMAC)
833
              Key Version Number: 2
834
              Cipher:
835
                j0e+dj47a5qFkMK9CmKVO2qTuat/zbSFm0gZhb274/8hwDSzZHKsrRWIH027/XFKyS+JTpv1c2+jON0zKEsLDSD8UkxL5aWs4gbOqA9Wnj/rJxBZcNd4d9OtPM1xGV2Dvr7CVHzQOHB9in20EBQGHctMz+aA874ayOWgOf+xWJORS45w/2ZwEOL+Fav3sjGFo2fbj8mNQ45p9PdNPPr1reo/jxJNlTfuGibLYN4AeHvoibYlMjk6v7qx1RSwlcQcN/ptvV4unds/I1zP06al+rjPPBZ2C1fraKFyG6cigqD/ee7ve6jm52/LR/hbRcsOQAub0OmYtElPnPS8NMEw9rl53FGT2sSOOqXzyQ4Wf/gaWyQsRebr5VU6+mx5T14n55SLLevec+XFr98kgV5iZjOrehhuZOX1TDjFL5IQ6nSq4ps9StPRRZuL6dWDXXpshRJoYf4WslAmZglEzflc/8RKZ9Fqi9XugY+yyg4jS5JsYlAhb3AcltmeuPgOBgVTa1tcDwTYOrB1c4+KVaH4VlOWDuKEkztaBeI/lci4/inpX5a2NjDACgqZI+r/+6QV6P4d0dSUSTsqdSvbruR7lGELrCX8D9dsxlpPi3tfd2E/JPLgd91nf6zYB69odF2mTuw/p/8Bc5qGqriNEVN3ofLbvlx15JNSJpXWTopwe8qy81mc0wi05ctkTRUwmWzh7Y6jBpkwBaPXQxLrLkbOynd/uumte91nC7EVO5wappLWnVkc6O0Yv/AR7KSjzjFDqDK3fwq9SeTYRW9NESskXzGOkEFw9AyoG9hw5IsV9+FYfb4My1KAcv8kqKavk42yzOMWQxw6zOUyTcVPgkHfZAzosbP5bl2kkCIkmWUiS8E37qQ9Na9ieHXnaGW0oCQ76wxKXo7xKTTFcwF72TbtkKmQ20rvtC/DmteyTh4aaLFFjZhvH4hnBk4ukjOSi16rqlcZuXfhOtvBZqWtqrtsR6ir1edl48+ir33Ljs1jTGpdR47IkJMxcABQ5EExwORtW5VJj4m1tOrJYMQ6ShZpPCl62fT/hLD6qaqsR7GkmGTkw6omEJw4j2DrKfoV50vkObTtE4dLkY+JvgwBExn377yTI/zqPLPXvA4Atae/BnOtW3kSFxc/woBqD2mwEklWwuO9aXeCdTCjx5YG7g==
836
    EOF
837
    expected_output.join("\n")
838
  end
839

840
  context 'with ccache (aes key)' do
841
    let(:ticket_path) { ccache_file_aes.path }
842
    let(:file_format) { 'Credentials cache:' }
843
    let(:key_type) { 'AES_KEY' }
844
    let(:key) { aes_key }
845
    let(:invalid_key_error_msg) { "bad-config: AES key length was #{invalid_key.size}. It should be 32 or 64" }
846
    let(:expected_decrypted_output) { expected_decrypted_aes_output }
847
    let(:expected_encrypted_output) { expected_encrypted_aes_output }
848

849
    it_behaves_like 'inspect ticket'
850
  end
851

852
  context 'with kirbi (aes key)' do
853
    let(:ticket_path) { kirbi_file_aes.path }
854
    let(:file_format) { 'Kirbi' }
855
    let(:key_type) { 'AES_KEY' }
856
    let(:key) { aes_key }
857
    let(:invalid_key_error_msg) { "bad-config: AES key length was #{invalid_key.size}. It should be 32 or 64" }
858
    let(:expected_decrypted_output) { expected_decrypted_aes_output }
859
    let(:expected_encrypted_output) { expected_encrypted_aes_output }
860

861
    it_behaves_like 'inspect ticket'
862
  end
863

864
  context 'with ccache (nthash)' do
865
    let(:ticket_path) { ccache_file_nthash.path }
866
    let(:file_format) { 'Credentials cache:' }
867
    let(:key_type) { 'NTHASH' }
868
    let(:key) { nthash }
869
    let(:invalid_key_error_msg) { "bad-config: NTHASH length was #{invalid_key.size}. It should be 32" }
870
    let(:expected_decrypted_output) { expected_decrypted_nthash_output }
871
    let(:expected_encrypted_output) { expected_encrypted_nthash_output }
872

873
    it_behaves_like 'inspect ticket'
874
  end
875

876
  context 'with kirbi (nthash)' do
877
    let(:ticket_path) { kirbi_file_nthash.path }
878
    let(:file_format) { 'Kirbi' }
879
    let(:key_type) { 'NTHASH' }
880
    let(:key) { nthash }
881
    let(:invalid_key_error_msg) { "bad-config: NTHASH length was #{invalid_key.size}. It should be 32" }
882
    let(:expected_decrypted_output) { expected_decrypted_nthash_output }
883
    let(:expected_encrypted_output) { expected_encrypted_nthash_output }
884

885
    it_behaves_like 'inspect ticket'
886
  end
887
end
888

889
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
