From e5f40450a30ff6955164dfebce6e1ee81c0d1471 Mon Sep 17 00:00:00 2001
From: Roman Karwacik <roman.karwacik@redteam-pentesting.de>
Date: Wed, 8 Jan 2025 18:17:52 +0100
Subject: [PATCH] Add support for altname

---
 krbrelayx.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/krbrelayx.py b/krbrelayx.py
index deeee7f..273693f 100755
--- a/krbrelayx.py
+++ b/krbrelayx.py
@@ -82,6 +82,8 @@ def start_servers(options, threads):
             c.setWpadOptions(options.wpad_host, options.wpad_auth_num)
             c.setSMB2Support(not options.no_smb2support)
             c.setInterfaceIp(options.interface_ip)
+            if options.altname:
+                c.setAltName(options.altname)
             if options.krbhexpass and not options.krbpass:
                 c.setAuthOptions(options.aesKey, options.hashes, options.dc_ip, binascii.unhexlify(options.krbhexpass), options.krbsalt, True)
             else:
@@ -181,6 +183,7 @@ def start_servers(options, threads):
     adcsoptions = parser.add_argument_group("AD CS attack options")
     adcsoptions.add_argument('--adcs', action='store_true', required=False, help='Enable AD CS relay attack')
     adcsoptions.add_argument('--template', action='store', metavar="TEMPLATE", required=False, help='AD CS template. Defaults to Machine or User whether relayed account name ends with `$`. Relaying a DC should require specifying `DomainController`')
+    adcsoptions.add_argument('--altname', action='store', metavar="ALTNAME", required=False, help='Subject Alternative Name to use when performing ESC1 or ESC6 attacks.')
     adcsoptions.add_argument('-v', "--victim", action='store', metavar = 'TARGET', help='Victim username or computername$, to request the correct certificate name.')
 
     try: