(For review)Clearer messaging when working with Credential Guard blobs (

#193) * CredentialGuard blob handling
GhostPack · Sep 12, 2024 · 6ce9544 · 6ce9544
1 parent 351cb3b
commit 6ce9544
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/Rubeus/lib/Crypto.cs b/Rubeus/lib/Crypto.cs
@@ -124,6 +124,10 @@ public static byte[] KerberosDecrypt(Interop.KERB_ETYPE eType, int keyUsage, byt
         {
             Interop.KERB_ECRYPT pCSystem;
             IntPtr pCSystemPtr;
+
+            if (eType == Interop.KERB_ETYPE.credGuard_blob)
+                throw new ArgumentException("Cannot decrypt Credential Guard blobs");
+
 
             // locate the crypto system
             int status = Interop.CDLocateCSystem(eType, out pCSystemPtr);
@@ -163,6 +167,9 @@ public static byte[] KerberosEncrypt(Interop.KERB_ETYPE eType, int keyUsage, byt
             Interop.KERB_ECRYPT pCSystem;
             IntPtr pCSystemPtr;
 
+            if (eType == Interop.KERB_ETYPE.credGuard_blob)
+                throw new ArgumentException("Cannot encrypt Credential Guard blobs");
+
             // locate the crypto system
             int status = Interop.CDLocateCSystem(eType, out pCSystemPtr);
             pCSystem = (Interop.KERB_ECRYPT)Marshal.PtrToStructure(pCSystemPtr, typeof(Interop.KERB_ECRYPT));

diff --git a/Rubeus/lib/Interop.cs b/Rubeus/lib/Interop.cs
@@ -140,7 +140,8 @@ public enum KERB_ETYPE : Int32
             rc4_hmac = 23,
             rc4_hmac_exp = 24,
             subkey_keymaterial = 65,
-            old_exp = -135
+            old_exp = -135,
+            credGuard_blob = -180
         }
 
         [Flags]