From 8992c955b491d5613c1763f13ce9cf520de6fcf5 Mon Sep 17 00:00:00 2001
From: Ashley Donaldson <smashery@gmail.com>
Date: Mon, 4 Sep 2023 10:12:57 +1000
Subject: [PATCH] Prioritise kerberos scanning over RC4, to get more easily
 crackable hash. Fall back to defaults.

---
 .../framework/login_scanner/kerberos.rb       | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/lib/metasploit/framework/login_scanner/kerberos.rb b/lib/metasploit/framework/login_scanner/kerberos.rb
index 4df45409967d..e6ae39cc8cf8 100644
--- a/lib/metasploit/framework/login_scanner/kerberos.rb
+++ b/lib/metasploit/framework/login_scanner/kerberos.rb
@@ -23,12 +23,22 @@ def attempt_login(credential)
           }
 
           begin
-            res = send_request_tgt(
-              server_name: server_name,
-              client_name: credential.public,
-              password: credential.private,
-              realm: credential.realm
-            )
+            begin
+              res = send_request_tgt(
+                server_name: server_name,
+                client_name: credential.public,
+                password: credential.private,
+                realm: credential.realm,
+                offered_etypes: [Rex::Proto::Kerberos::Crypto::Encryption::RC4_HMAC]
+              )
+            rescue Rex::Proto::Kerberos::Model::Error::KerberosEncryptionNotSupported => e
+              # RC4 likely disabled - let's try again with our full complement of default etypes
+              res = send_request_tgt(
+                server_name: server_name,
+                client_name: credential.public,
+                password: credential.private,
+                realm: credential.realm)
+            end
 
             result_options = result_options.merge(
               {