Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use SHA1 for KRB ticket hashing

Browse source
This commit is contained in:
Benjamin Bannier 2024-05-17 15:11:19 +02:00
parent 2bfaab603d
commit 3d3793efc6
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/policy/protocols/krb/ticket-logging.zeek
View file

@ -8,7 +8,7 @@ redef record Info += {
## Hash of ticket used to authorize request/transaction
auth_ticket: string &log &optional;
## Hash of ticket returned by the KDC
new_ticket: string &log &optional;
new_ticket: string &log &optional;
};
event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
@ -17,17 +17,17 @@ event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
c$krb$request_type = "AP";
if ( ticket?$ciphertext )
c$krb$auth_ticket = md5_hash(ticket$ciphertext);
c$krb$auth_ticket = sha1_hash(ticket$ciphertext);
}
event krb_as_response(c: connection, msg: KDC_Response)
{
if ( msg$ticket?$ciphertext )
c$krb$new_ticket = md5_hash(msg$ticket$ciphertext);
c$krb$new_ticket = sha1_hash(msg$ticket$ciphertext);
}
event krb_tgs_response(c: connection, msg: KDC_Response)
{
if ( msg$ticket?$ciphertext )
c$krb$new_ticket = md5_hash(msg$ticket$ciphertext);
c$krb$new_ticket = sha1_hash(msg$ticket$ciphertext);
}

2
testing/btest/Baseline/scripts.policy.protocols.krb.ticket-logging/kerberos.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p request_type client service success error_msg from till cipher forwardable renewable client_cert_subject client_cert_fuid server_cert_subject server_cert_fuid auth_ticket new_ticket
#types time string addr port addr port string string string bool string time time string bool bool string string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.31 64889 192.168.1.32 88 TGS vladg/VLADG.NET krbtgt/VLADG.NET T - - 0.000000 aes256-cts-hmac-sha1-96 T F - - - - a09fbd89918320cc12a26d4f0c4e6aa2 396a9d9e8975cc5024a83c6e86101f06
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.31 64889 192.168.1.32 88 TGS vladg/VLADG.NET krbtgt/VLADG.NET T - - 0.000000 aes256-cts-hmac-sha1-96 T F - - - - a10ca75fba603b27b771c6e8c6b18b8e0c194819 54019758533d3b8421cd3ca39153a8653be33617
#close XXXX-XX-XX-XX-XX-XX