From ff0f5c4b00b5a64dfca7c35f3e4b6b30900ff929 Mon Sep 17 00:00:00 2001
From: Julien Rische <jrische@redhat.com>
Date: Tue, 9 Jan 2024 19:20:26 +0100
Subject: [PATCH] Add support for RFC8009 etypes in getST

---
 examples/getST.py           | 275 ++++++++++++++++++++++--------------
 impacket/krb5/kerberosv5.py |  62 +++++---
 2 files changed, 214 insertions(+), 123 deletions(-)

diff --git a/examples/getST.py b/examples/getST.py
index fc49527ffe..bd97790fed 100755
--- a/examples/getST.py
+++ b/examples/getST.py
@@ -8,7 +8,7 @@
 # for more information.
 #
 # Description:
-#   Given a password, hash, aesKey or TGT in ccache, it will request a Service Ticket and save it as ccache
+#   Given a password, hash, aesKey, aesSha2Key or TGT in ccache, it will request a Service Ticket and save it as ccache
 #   If the account has constrained delegation (with protocol transition) privileges you will be able to use
 #   the -impersonate switch to request the ticket on behalf other user (it will use S4U2Self/S4U2Proxy to
 #   request the ticket.)
@@ -54,16 +54,32 @@
 from impacket.examples import logger
 from impacket.examples.utils import parse_credentials
 from impacket.krb5 import constants
-from impacket.krb5.asn1 import AP_REQ, AS_REP, TGS_REQ, Authenticator, TGS_REP, seq_set, seq_set_iter, PA_FOR_USER_ENC, \
+from impacket.krb5.asn1 import AP_REQ, AS_REP, TGS_REQ, Authenticator, TGS_REP, seq_set, seq_set_iter, PA_S4U_X509_USER, S4UUserID, \
     Ticket as TicketAsn1, EncTGSRepPart, PA_PAC_OPTIONS, EncTicketPart
 from impacket.krb5.ccache import CCache
-from impacket.krb5.crypto import Key, _enctype_table, _HMACMD5, _AES256_SHA1_CTS, Enctype
+from impacket.krb5.crypto import Key, _enctype_table, make_checksum, string_to_key, Enctype
 from impacket.krb5.constants import TicketFlags, encodeFlags
 from impacket.krb5.kerberosv5 import getKerberosTGS, getKerberosTGT, sendReceive
 from impacket.krb5.types import Principal, KerberosTime, Ticket
 from impacket.ntlm import compute_nthash
 from impacket.winregistry import hexdump
 
+def cksumtype_for_enctype(enctype):
+    options = {
+        Enctype.DES_MD4: constants.ChecksumTypes.rsa_md4_des.value,
+        Enctype.DES_MD5: constants.ChecksumTypes.rsa_md5_des.value,
+        Enctype.DES3: constants.ChecksumTypes.hmac_sha1_des3_kd.value,
+        Enctype.RC4: constants.ChecksumTypes.hmac_md5.value,
+        Enctype.AES128_SHA1: constants.ChecksumTypes.hmac_sha1_96_aes128.value,
+        Enctype.AES256_SHA1: constants.ChecksumTypes.hmac_sha1_96_aes256.value,
+        Enctype.AES128_SHA256: constants.ChecksumTypes.hmac_sha256_128_aes128.value,
+        Enctype.AES256_SHA384: constants.ChecksumTypes.hmac_sha384_192_aes256.value
+    }
+
+    if enctype not in options:
+        raise ValueError('No checksum type for enctype %d' % enctype)
+    return options[enctype]
+
 
 class GETST:
     def __init__(self, target, password, domain, options):
@@ -73,6 +89,7 @@ def __init__(self, target, password, domain, options):
         self.__lmhash = ''
         self.__nthash = ''
         self.__aesKey = options.aesKey
+        self.__aesSha2Key = options.aesSha2Key
         self.__options = options
         self.__kdcHost = options.dc_ip
         self.__force_forwardable = options.force_forwardable
@@ -88,7 +105,7 @@ def saveTicket(self, ticket, sessionKey):
         ccache.fromTGS(ticket, sessionKey, sessionKey)
         ccache.saveFile(self.__saveFileName + '.ccache')
 
-    def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost, additional_ticket_path):
+    def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, aesSha2Key, kdcHost, additional_ticket_path):
         if not os.path.isfile(additional_ticket_path):
             logging.error("Ticket %s doesn't exist" % additional_ticket_path)
             exit(0)
@@ -118,6 +135,11 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey
                         aesKey = unhexlify(aesKey)
                     except TypeError:
                         pass
+                if isinstance(aesSha2Key, str):
+                    try:
+                        aesSha2Key = unhexlify(aesSha2Key)
+                    except TypeError:
+                        pass
 
                 # Compute NTHash and AESKey if they're not provided in arguments
                 if self.__password != '' and self.__domain != '' and self.__user != '':
@@ -128,10 +150,16 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey
                             print(hexlify(nthash).decode())
                     if not aesKey:
                         salt = self.__domain.upper() + self.__user
-                        aesKey = _AES256_SHA1_CTS.string_to_key(self.__password, salt, params=None).contents
+                        aesSha2Key = string_to_key(Enctype.AES256_SHA1, self.__password, salt, params=None).contents
                         if logging.getLogger().level == logging.DEBUG:
                             logging.debug('AESKey')
                             print(hexlify(aesKey).decode())
+                    if not aesSha2Key:
+                        salt = self.__domain.upper() + self.__user
+                        aesSha2Key = string_to_key(Enctype.AES256_SHA384, self.__password, salt, params=None).contents
+                        if logging.getLogger().level == logging.DEBUG:
+                            logging.debug('AESSHA2Key')
+                            print(hexlify(aesSha2Key).decode())
 
                 # Get the encrypted ticket returned in the TGS. It's encrypted with one of our keys
                 cipherText = tgs['ticket']['enc-part']['cipher']
@@ -141,8 +169,10 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey
                 newCipher = _enctype_table[int(tgs['ticket']['enc-part']['etype'])]
                 if newCipher.enctype == Enctype.RC4:
                     key = Key(newCipher.enctype, nthash)
-                else:
+                elif newCipher.enctype in (Enctype.AES128_SHA1, Enctype.AES256_SHA1):
                     key = Key(newCipher.enctype, aesKey)
+                else:
+                    key = Key(newCipher.enctype, aesSha2Key)
 
                 # Decrypt and decode the ticket
                 # Key Usage 2
@@ -266,10 +296,7 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey
             reqBody['nonce'] = random.getrandbits(31)
             seq_set_iter(reqBody, 'etype',
                          (
-                             int(constants.EncryptionTypes.rc4_hmac.value),
-                             int(constants.EncryptionTypes.des3_cbc_sha1_kd.value),
-                             int(constants.EncryptionTypes.des_cbc_md5.value),
-                             int(cipher.enctype)
+                             int(cipher.enctype),
                          )
                          )
             message = encoder.encode(tgsReq)
@@ -295,12 +322,21 @@ def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey
 
             return r, cipher, sessionKey, newSessionKey
 
-    def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost):
+    def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, aesSha2Key, kdcHost):
         decodedTGT = decoder.decode(tgt, asn1Spec=AS_REP())[0]
         # Extract the ticket from the TGT
         ticket = Ticket()
         ticket.from_asn1(decodedTGT['ticket'])
 
+        nonce = random.getrandbits(31)
+
+        tgsReq = TGS_REQ()
+
+        tgsReq['pvno'] = 5
+        tgsReq['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REQ.value)
+
+        tgsReq['padata'] = noValue
+
         apReq = AP_REQ()
         apReq['pvno'] = 5
         apReq['msg-type'] = int(constants.ApplicationTagNumbers.AP_REQ.value)
@@ -309,6 +345,27 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
         apReq['ap-options'] = constants.encodeFlags(opts)
         seq_set(apReq, 'ticket', ticket.to_asn1)
 
+        reqBody = seq_set(tgsReq, 'req-body')
+
+        opts = list()
+        opts.append(constants.KDCOptions.forwardable.value)
+        opts.append(constants.KDCOptions.renewable.value)
+        opts.append(constants.KDCOptions.canonicalize.value)
+
+        reqBody['kdc-options'] = constants.encodeFlags(opts)
+
+        serverName = Principal(self.__user, type=constants.PrincipalNameType.NT_UNKNOWN.value)
+
+        seq_set(reqBody, 'sname', serverName.components_to_asn1)
+        reqBody['realm'] = str(decodedTGT['crealm'])
+
+        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+
+        reqBody['till'] = KerberosTime.to_asn1(now)
+        reqBody['nonce'] = nonce
+        seq_set_iter(reqBody, 'etype',
+                     (int(cipher.enctype),))
+
         authenticator = Authenticator()
         authenticator['authenticator-vno'] = 5
         authenticator['crealm'] = str(decodedTGT['crealm'])
@@ -318,6 +375,19 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
 
         seq_set(authenticator, 'cname', clientName.components_to_asn1)
 
+        reqBodyEncCksumType = cksumtype_for_enctype(cipher.enctype)
+
+        reqBodyEnc = encoder.encode(reqBody)[2:]
+        reqBodyEncCksum = make_checksum(reqBodyEncCksumType, sessionKey, 6, reqBodyEnc)
+
+        if logging.getLogger().level == logging.DEBUG:
+            logging.debug('KDC-REQ-BODY checksum')
+            hexdump(reqBodyEncCksum)
+
+        authenticator['cksum'] = noValue
+        authenticator['cksum']['cksumtype'] = int(reqBodyEncCksumType)
+        authenticator['cksum']['checksum'] = reqBodyEncCksum
+
         now = datetime.datetime.utcnow()
         authenticator['cusec'] = now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)
@@ -341,12 +411,6 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
 
         encodedApReq = encoder.encode(apReq)
 
-        tgsReq = TGS_REQ()
-
-        tgsReq['pvno'] = 5
-        tgsReq['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REQ.value)
-
-        tgsReq['padata'] = noValue
         tgsReq['padata'][0] = noValue
         tgsReq['padata'][0]['padata-type'] = int(constants.PreAuthenticationDataTypes.PA_TGS_REQ.value)
         tgsReq['padata'][0]['padata-value'] = encodedApReq
@@ -356,61 +420,34 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
         # identified to the KDC by the user's name and realm.
         clientName = Principal(self.__options.impersonate, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
 
-        S4UByteArray = struct.pack('<I', constants.PrincipalNameType.NT_PRINCIPAL.value)
-        S4UByteArray += b(self.__options.impersonate) + b(self.__domain) + b'Kerberos'
-
-        if logging.getLogger().level == logging.DEBUG:
-            logging.debug('S4UByteArray')
-            hexdump(S4UByteArray)
+        s4uUserId = S4UUserID()
+        s4uUserId['nonce'] = nonce
+        seq_set(s4uUserId, 'cname', clientName.components_to_asn1)
+        s4uUserId['crealm'] = self.__domain
 
-        # Finally cksum is computed by calling the KERB_CHECKSUM_HMAC_MD5 hash
-        # with the following three parameters: the session key of the TGT of
-        # the service performing the S4U2Self request, the message type value
-        # of 17, and the byte array S4UByteArray.
-        checkSum = _HMACMD5.checksum(sessionKey, 17, S4UByteArray)
+        s4uUserIdEncCksumType = cksumtype_for_enctype(cipher.enctype)
 
-        if logging.getLogger().level == logging.DEBUG:
-            logging.debug('CheckSum')
-            hexdump(checkSum)
+        s4uUserIdEnc = encoder.encode(s4uUserId)
+        s4uUserIdEncCksum = make_checksum(s4uUserIdEncCksumType, sessionKey, 26, s4uUserIdEnc)
 
-        paForUserEnc = PA_FOR_USER_ENC()
-        seq_set(paForUserEnc, 'userName', clientName.components_to_asn1)
-        paForUserEnc['userRealm'] = self.__domain
-        paForUserEnc['cksum'] = noValue
-        paForUserEnc['cksum']['cksumtype'] = int(constants.ChecksumTypes.hmac_md5.value)
-        paForUserEnc['cksum']['checksum'] = checkSum
-        paForUserEnc['auth-package'] = 'Kerberos'
+        paS4uX509User = PA_S4U_X509_USER()
+        paS4uX509User['user-id'] = noValue
+        paS4uX509User['user-id']['nonce'] = nonce
+        seq_set(paS4uX509User['user-id'], 'cname', clientName.components_to_asn1)
+        paS4uX509User['user-id']['crealm'] = self.__domain
+        paS4uX509User['checksum'] = noValue
+        paS4uX509User['checksum']['cksumtype'] = int(s4uUserIdEncCksumType)
+        paS4uX509User['checksum']['checksum'] = s4uUserIdEncCksum
 
         if logging.getLogger().level == logging.DEBUG:
-            logging.debug('PA_FOR_USER_ENC')
-            print(paForUserEnc.prettyPrint())
-
-        encodedPaForUserEnc = encoder.encode(paForUserEnc)
+            logging.debug('PA-S4U-X509-USER')
+            print(paS4uX509User.prettyPrint())
+            logging.debug('PA-S4U-X509-USER (hexdump)')
+            hexdump(encoder.encode(paS4uX509User))
 
         tgsReq['padata'][1] = noValue
-        tgsReq['padata'][1]['padata-type'] = int(constants.PreAuthenticationDataTypes.PA_FOR_USER.value)
-        tgsReq['padata'][1]['padata-value'] = encodedPaForUserEnc
-
-        reqBody = seq_set(tgsReq, 'req-body')
-
-        opts = list()
-        opts.append(constants.KDCOptions.forwardable.value)
-        opts.append(constants.KDCOptions.renewable.value)
-        opts.append(constants.KDCOptions.canonicalize.value)
-
-        reqBody['kdc-options'] = constants.encodeFlags(opts)
-
-        serverName = Principal(self.__user, type=constants.PrincipalNameType.NT_UNKNOWN.value)
-
-        seq_set(reqBody, 'sname', serverName.components_to_asn1)
-        reqBody['realm'] = str(decodedTGT['crealm'])
-
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
-
-        reqBody['till'] = KerberosTime.to_asn1(now)
-        reqBody['nonce'] = random.getrandbits(31)
-        seq_set_iter(reqBody, 'etype',
-                     (int(cipher.enctype), int(constants.EncryptionTypes.rc4_hmac.value)))
+        tgsReq['padata'][1]['padata-type'] = int(constants.PreAuthenticationDataTypes.PA_S4U_X509_USER.value)
+        tgsReq['padata'][1]['padata-value'] = encoder.encode(paS4uX509User)
 
         if logging.getLogger().level == logging.DEBUG:
             logging.debug('Final TGS')
@@ -439,6 +476,11 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
                     aesKey = unhexlify(aesKey)
                 except TypeError:
                     pass
+            if isinstance(aesSha2Key, str):
+                try:
+                    aesSha2Key = unhexlify(aesSha2Key)
+                except TypeError:
+                    pass
 
             # Compute NTHash and AESKey if they're not provided in arguments
             if self.__password != '' and self.__domain != '' and self.__user != '':
@@ -449,10 +491,16 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
                         print(hexlify(nthash).decode())
                 if not aesKey:
                     salt = self.__domain.upper() + self.__user
-                    aesKey = _AES256_SHA1_CTS.string_to_key(self.__password, salt, params=None).contents
+                    aesKey = string_to_key(Enctype.AES256_SHA1, self.__password, salt, params=None).contents
                     if logging.getLogger().level == logging.DEBUG:
                         logging.debug('AESKey')
                         print(hexlify(aesKey).decode())
+                if not aesSha2Key:
+                    salt = self.__domain.upper() + self.__user
+                    aesSha2Key = string_to_key(Enctype.AES256_SHA384, self.__password, salt, params=None).contents
+                    if logging.getLogger().level == logging.DEBUG:
+                        logging.debug('AESSHA2Key')
+                        print(hexlify(aesSha2Key).decode())
 
             # Get the encrypted ticket returned in the TGS. It's encrypted with one of our keys
             cipherText = tgs['ticket']['enc-part']['cipher']
@@ -462,8 +510,10 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
             newCipher = _enctype_table[int(tgs['ticket']['enc-part']['etype'])]
             if newCipher.enctype == Enctype.RC4:
                 key = Key(newCipher.enctype, nthash)
-            else:
+            elif newCipher.enctype in (Enctype.AES128_SHA1, Enctype.AES256_SHA1):
                 key = Key(newCipher.enctype, aesKey)
+            else:
+                key = Key(newCipher.enctype, aesSha2Key)
 
             # Decrypt and decode the ticket
             # Key Usage 2
@@ -533,6 +583,44 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
         authenticator['cusec'] = now.microsecond
         authenticator['ctime'] = KerberosTime.to_asn1(now)
 
+        tgsReq = TGS_REQ()
+
+        reqBody = seq_set(tgsReq, 'req-body')
+
+        opts = list()
+        # This specified we're doing S4U
+        opts.append(constants.KDCOptions.cname_in_addl_tkt.value)
+        opts.append(constants.KDCOptions.canonicalize.value)
+        opts.append(constants.KDCOptions.forwardable.value)
+        opts.append(constants.KDCOptions.renewable.value)
+
+        reqBody['kdc-options'] = constants.encodeFlags(opts)
+        service2 = Principal(self.__options.spn, type=constants.PrincipalNameType.NT_SRV_INST.value)
+        seq_set(reqBody, 'sname', service2.components_to_asn1)
+        reqBody['realm'] = self.__domain
+
+        myTicket = ticket.to_asn1(TicketAsn1())
+        seq_set_iter(reqBody, 'additional-tickets', (myTicket,))
+
+        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+
+        reqBody['till'] = KerberosTime.to_asn1(now)
+        reqBody['nonce'] = random.getrandbits(31)
+        seq_set_iter(reqBody, 'etype', (int(cipher.enctype), ))
+
+        reqBodyEncCksumType = cksumtype_for_enctype(cipher.enctype)
+
+        reqBodyEnc = encoder.encode(reqBody)[4:]
+        reqBodyEncCksum = make_checksum(reqBodyEncCksumType, sessionKey, 6, reqBodyEnc)
+
+        if logging.getLogger().level == logging.DEBUG:
+            logging.debug('KDC-REQ-BODY checksum')
+            hexdump(reqBodyEncCksum)
+
+        authenticator['cksum'] = noValue
+        authenticator['cksum']['cksumtype'] = int(reqBodyEncCksumType)
+        authenticator['cksum']['checksum'] = reqBodyEncCksum
+
         encodedAuthenticator = encoder.encode(authenticator)
 
         # Key Usage 7
@@ -547,8 +635,6 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
 
         encodedApReq = encoder.encode(apReq)
 
-        tgsReq = TGS_REQ()
-
         tgsReq['pvno'] = 5
         tgsReq['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REQ.value)
         tgsReq['padata'] = noValue
@@ -564,35 +650,6 @@ def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost)
         tgsReq['padata'][1]['padata-type'] = constants.PreAuthenticationDataTypes.PA_PAC_OPTIONS.value
         tgsReq['padata'][1]['padata-value'] = encoder.encode(paPacOptions)
 
-        reqBody = seq_set(tgsReq, 'req-body')
-
-        opts = list()
-        # This specified we're doing S4U
-        opts.append(constants.KDCOptions.cname_in_addl_tkt.value)
-        opts.append(constants.KDCOptions.canonicalize.value)
-        opts.append(constants.KDCOptions.forwardable.value)
-        opts.append(constants.KDCOptions.renewable.value)
-
-        reqBody['kdc-options'] = constants.encodeFlags(opts)
-        service2 = Principal(self.__options.spn, type=constants.PrincipalNameType.NT_SRV_INST.value)
-        seq_set(reqBody, 'sname', service2.components_to_asn1)
-        reqBody['realm'] = self.__domain
-
-        myTicket = ticket.to_asn1(TicketAsn1())
-        seq_set_iter(reqBody, 'additional-tickets', (myTicket,))
-
-        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
-
-        reqBody['till'] = KerberosTime.to_asn1(now)
-        reqBody['nonce'] = random.getrandbits(31)
-        seq_set_iter(reqBody, 'etype',
-                     (
-                         int(constants.EncryptionTypes.rc4_hmac.value),
-                         int(constants.EncryptionTypes.des3_cbc_sha1_kd.value),
-                         int(constants.EncryptionTypes.des_cbc_md5.value),
-                         int(cipher.enctype)
-                     )
-                     )
         message = encoder.encode(tgsReq)
 
         logging.info('\tRequesting S4U2Proxy')
@@ -634,6 +691,7 @@ def run(self):
             tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, self.__password, self.__domain,
                                                                     unhexlify(self.__lmhash), unhexlify(self.__nthash),
                                                                     self.__aesKey,
+                                                                    self.__aesSha2Key,
                                                                     self.__kdcHost)
 
         # Ok, we have valid TGT, let's try to get a service ticket
@@ -650,9 +708,9 @@ def run(self):
                 # Editing below to pass hashes for decryption
                 if self.__additional_ticket is not None:
                     tgs, cipher, oldSessionKey, sessionKey = self.doS4U2ProxyWithAdditionalTicket(tgt, cipher, oldSessionKey, sessionKey, unhexlify(self.__nthash), self.__aesKey,
-                                                                                                  self.__kdcHost, self.__additional_ticket)
+                                                                                                  self.__aesSha2Key, self.__kdcHost, self.__additional_ticket)
                 else:
-                    tgs, cipher, oldSessionKey, sessionKey = self.doS4U(tgt, cipher, oldSessionKey, sessionKey, unhexlify(self.__nthash), self.__aesKey, self.__kdcHost)
+                    tgs, cipher, oldSessionKey, sessionKey = self.doS4U(tgt, cipher, oldSessionKey, sessionKey, unhexlify(self.__nthash), self.__aesKey, self.__aesSha2Key, self.__kdcHost)
             except Exception as e:
                 logging.debug("Exception", exc_info=True)
                 logging.error(str(e))
@@ -670,7 +728,7 @@ def run(self):
 if __name__ == '__main__':
     print(version.BANNER)
 
-    parser = argparse.ArgumentParser(add_help=True, description="Given a password, hash or aesKey, it will request a "
+    parser = argparse.ArgumentParser(add_help=True, description="Given a password, hash, aesKey or aesSha2Key, it will request a "
                                                                 "Service Ticket and save it as ccache")
     parser.add_argument('identity', action='store', help='[domain/]username[:password]')
     parser.add_argument('-spn', action="store", required=True, help='SPN (service/server) of the target service the '
@@ -683,9 +741,10 @@ def run(self):
     parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
     parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
     parser.add_argument('-force-forwardable', action='store_true', help='Force the service ticket obtained through '
-                                                                        'S4U2Self to be forwardable. For best results, the -hashes and -aesKey values for the '
-                                                                        'specified -identity should be provided. This allows impresonation of protected users '
-                                                                        'and bypass of "Kerberos-only" constrained delegation restrictions. See CVE-2020-17049')
+                                                                        'S4U2Self to be forwardable. For best results, the -hashes, -aesKey and -aesSha2Key '
+                                                                        'values for the specified -identity should be provided. This allows impresonation of '
+                                                                        'protected users and bypass of "Kerberos-only" constrained delegation restrictions. '
+                                                                        'See CVE-2020-17049')
 
     group = parser.add_argument_group('authentication')
 
@@ -694,8 +753,10 @@ def run(self):
     group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file '
                                                        '(KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the '
                                                        'ones specified in the command line')
-    group.add_argument('-aesKey', action="store", metavar="hex key", help='AES key to use for Kerberos Authentication '
+    group.add_argument('-aesKey', action="store", metavar="hex key", help='AES HMAC-SHA1 key to use for Kerberos Authentication '
                                                                           '(128 or 256 bits)')
+    group.add_argument('-aesSha2Key', action="store", metavar="hex key", help='AES HMAC-SHA2 key to use for Kerberos Authentication '
+                                                                              '(128 or 256 bits)')
     group.add_argument('-dc-ip', action='store', metavar="ip address", help='IP Address of the domain controller. If '
                                                                             'ommited it use the domain part (FQDN) specified in the target parameter')
 
@@ -725,12 +786,12 @@ def run(self):
             logging.critical('Domain should be specified!')
             sys.exit(1)
 
-        if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None:
+        if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None and options.aesSha2Key is None:
             from getpass import getpass
 
             password = getpass("Password:")
 
-        if options.aesKey is not None:
+        if options.aesKey or options.aesSha2Key:
             options.k = True
 
         executer = GETST(username, password, domain, options)
diff --git a/impacket/krb5/kerberosv5.py b/impacket/krb5/kerberosv5.py
index d81af85904..7ef9ebbb80 100644
--- a/impacket/krb5/kerberosv5.py
+++ b/impacket/krb5/kerberosv5.py
@@ -92,7 +92,7 @@ def sendReceive(data, host, kdcHost, port=88):
 
     return r
 
-def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcHost=None, requestPAC=True, serverName=None, kerberoast_no_preauth=False):
+def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', aesSha2Key='', kdcHost=None, requestPAC=True, serverName=None, kerberoast_no_preauth=False):
 
     # Convert to binary form, just in case we're receiving strings
     if isinstance(lmhash, str):
@@ -110,6 +110,11 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
             aesKey = unhexlify(aesKey)
         except TypeError:
             pass
+    if isinstance(aesSha2Key, str):
+        try:
+            aesSha2Key = unhexlify(aesSha2Key)
+        except TypeError:
+            pass
     if serverName is not None and not isinstance(serverName, Principal):
         try:
             serverName = Principal(serverName, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
@@ -162,7 +167,13 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
     if aesKey is None:
         aesKey = b''
 
-    if nthash == b'':
+    if aesSha2Key is None:
+        aesSha2Key = b''
+
+    if nthash != b'':
+        # We have hashes to try, only way is to request RC4 only
+        supportedCiphers = (int(constants.EncryptionTypes.rc4_hmac.value),)
+    else:
         # This is still confusing. I thought KDC_ERR_ETYPE_NOSUPP was enough, 
         # but I found some systems that accepts all ciphers, and trigger an error 
         # when requesting subsequent TGS :(. More research needed.
@@ -174,11 +185,14 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
                 supportedCiphers = (int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value),)
             else:
                 supportedCiphers = (int(constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value),)
+        elif aesSha2Key != b'':
+            if len(aesSha2Key) == 32:
+                supportedCiphers = (int(constants.EncryptionTypes.aes128_cts_hmac_sha256_128.value),)
+            else:
+                supportedCiphers = (int(constants.EncryptionTypes.aes256_cts_hmac_sha384_192.value),)
         else:
-            supportedCiphers = (int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value),)
-    else:
-        # We have hashes to try, only way is to request RC4 only
-        supportedCiphers = (int(constants.EncryptionTypes.rc4_hmac.value),)
+            supportedCiphers = (int(constants.EncryptionTypes.aes256_cts_hmac_sha384_192.value),
+                                int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value),)
 
     seq_set_iter(reqBody, 'etype', supportedCiphers)
 
@@ -188,7 +202,12 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
         r = sendReceive(message, domain, kdcHost)
     except KerberosError as e:
         if e.getErrorCode() == constants.ErrorCodes.KDC_ERR_ETYPE_NOSUPP.value:
-            if supportedCiphers[0] in (constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value, constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value) and aesKey == b'':
+            if (   (supportedCiphers[0] in (constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value,
+                                            constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value)
+                    and aesKey == b'')
+                or (supportedCiphers[0] in (constants.EncryptionTypes.aes128_cts_hmac_sha256_128_.value,
+                                            constants.EncryptionTypes.aes256_cts_hmac_sha384_192.value)
+                    and aesSha2Key == b'')):
                 supportedCiphers = (int(constants.EncryptionTypes.rc4_hmac.value),)
                 seq_set_iter(reqBody, 'etype', supportedCiphers)
                 message = encoder.encode(asReq)
@@ -254,6 +273,8 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
         key = Key(cipher.enctype, nthash)
     elif aesKey != b'':
         key = Key(cipher.enctype, aesKey)
+    elif aesSha2Key != b'':
+        key = Key(cipher.enctype, aesSha2Key)
     else:
         key = cipher.string_to_key(password, encryptionTypesData[enctype], None)
 
@@ -321,11 +342,11 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
             tgt = sendReceive(encoder.encode(asReq), domain, kdcHost)
         except Exception as e:
             if str(e).find('KDC_ERR_ETYPE_NOSUPP') >= 0:
-                if lmhash == b'' and nthash == b'' and (aesKey == b'' or aesKey is None):
+                if lmhash == b'' and nthash == b'' and (aesKey == b'' or aesKey is None) and not aesSha2Key:
                     from impacket.ntlm import compute_lmhash, compute_nthash
                     lmhash = compute_lmhash(password)
                     nthash = compute_nthash(password)
-                    return getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey, kdcHost, requestPAC)
+                    return getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey, aesSha2Key, kdcHost, requestPAC)
             raise
 
 
@@ -532,7 +553,7 @@ def getKerberosType3(cipher, sessionKey, auth_data):
     return cipher, sessionKey2, resp.getData()
 
 
-def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT = None, TGS = None, targetName='',
+def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', aesSha2Key='', TGT = None, TGS = None, targetName='',
                      kdcHost = None, useCache = True):
 
     # Convert to binary form, just in case we're receiving strings
@@ -551,6 +572,11 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
             aesKey = unhexlify(aesKey)
         except TypeError:
             pass
+    if isinstance(aesSha2Key, str):
+        try:
+            aesSha2Key = unhexlify(aesSha2Key)
+        except TypeError:
+            pass
 
     targetName = 'host/%s' % targetName
     if TGT is None and TGS is None:
@@ -563,14 +589,14 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
         if TGT is None:
             if TGS is None:
                 try:
-                    tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, password, domain, lmhash, nthash, aesKey, kdcHost)
+                    tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, password, domain, lmhash, nthash, aesKey, aesSha2Key, kdcHost)
                 except KerberosError as e:
                     if e.getErrorCode() == constants.ErrorCodes.KDC_ERR_ETYPE_NOSUPP.value:
                         # We might face this if the target does not support AES 
                         # So, if that's the case we'll force using RC4 by converting
                         # the password to lm/nt hashes and hope for the best. If that's already
                         # done, byebye.
-                        if lmhash == b'' and nthash == b'' and (aesKey == b'' or aesKey is None) and TGT is None and TGS is None:
+                        if lmhash == b'' and nthash == b'' and (aesKey == b'' or aesKey is None) and not aesSha2Key and TGT is None and TGS is None:
                             from impacket.ntlm import compute_lmhash, compute_nthash
                             LOG.debug('Got KDC_ERR_ETYPE_NOSUPP, fallback to RC4')
                             lmhash = compute_lmhash(password)
@@ -597,7 +623,7 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
                     # So, if that's the case we'll force using RC4 by converting
                     # the password to lm/nt hashes and hope for the best. If that's already
                     # done, byebye.
-                    if lmhash == b'' and nthash == b'' and (aesKey == b'' or aesKey is None) and TGT is None and TGS is None:
+                    if lmhash == b'' and nthash == b'' and (aesKey == b'' or aesKey is None) and not aesSha2Key and TGT is None and TGS is None:
                         from impacket.ntlm import compute_lmhash, compute_nthash
                         LOG.debug('Got KDC_ERR_ETYPE_NOSUPP, fallback to RC4')
                         lmhash = compute_lmhash(password)
@@ -647,10 +673,14 @@ def getKerberosType1(username, password, domain, lmhash, nthash, aesKey='', TGT
 
 
     authenticator['cksum'] = noValue
-    authenticator['cksum']['cksumtype'] = 0x8003
-
     chkField = CheckSumField()
-    chkField['Lgth'] = 16
+    if aesSha2Key:
+        authenticator['cksum']['cksumtype'] = constants.ChecksumTypes.hmac_sha384_192_aes256
+        chkField['Lgth'] = 192 // 8
+    else:
+        authenticator['cksum']['cksumtype'] = 0x8003
+        chkField['Lgth'] = 16
+
 
     chkField['Flags'] = GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DCE_STYLE
     #chkField['Flags'] = GSS_C_INTEG_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DCE_STYLE