Giters

GhostPack / Rubeus

Trying to tame the three-headed dog.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support for full path in /output

okazymyrov opened this issue · comments

commented

As a user of Rubeus, I would like to be able to output tickets into folders defined by full path.

Ref: #63

The workaround given in

Rubeus/Rubeus/lib/Helpers.cs

Lines 275 to 283 in afa7ca1

// Great method from http://forcewake.me/today-i-learned-sanitize-file-name-in-csharp/
static public string MakeValidFileName(string name)
{
string invalidChars = new string(Path.GetInvalidFileNameChars());
string escapedInvalidChars = Regex.Escape(invalidChars);
string invalidRegex = string.Format(@"([{0}]*\.+$)|([{0}]+)", escapedInvalidChars);
return Regex.Replace(name, invalidRegex, "_");
}
is protection from user stupidity, which is (I hope) out of the original purpose of the tool.

commented

As a practical consideration, I would not want to have path restrictions (or find a more reliable filtering method). A standard warning method for invalid paths would work fine:
image

commented

Yeah this is a bit of a strange limitation and could be avoided by using IO.Path.GetFileName to only apply the sanitization to the file name. Also even stranger is that only some parts of Rubeus use this when outputting data to file. Kerberoasting for example does let you specify a full path as the outfile parameter because it doesn't use this MakeValidFileName function, but asktgt does use it so you can't specify a full path with that. I just tested changing the code in this function to allow it to support full file paths and asktgt still seems to work fine so I'll raise a PR for it