def printPac(self, data): encTicketPart = decoder.decode(data, asn1Spec=EncTicketPart())[0] adIfRelevant = decoder.decode( encTicketPart['authorization-data'][0]['ad-data'], asn1Spec=AD_IF_RELEVANT())[0] # So here we have the PAC pacType = PACTYPE(adIfRelevant[0]['ad-data'].asOctets()) buff = pacType['Buffers'] for bufferN in range(pacType['cBuffers']): infoBuffer = PAC_INFO_BUFFER(buff) data = pacType['Buffers'][infoBuffer['Offset'] - 8:][:infoBuffer['cbBufferSize']] if logging.getLogger().level == logging.DEBUG: print("TYPE 0x%x" % infoBuffer['ulType']) if infoBuffer['ulType'] == 1: type1 = TypeSerialization1(data) # I'm skipping here 4 bytes with its the ReferentID for the pointer newdata = data[len(type1) + 4:] kerbdata = KERB_VALIDATION_INFO() kerbdata.fromString(newdata) kerbdata.fromStringReferents(newdata[len(kerbdata.getData()):]) kerbdata.dump() print() print('Domain SID:', kerbdata['LogonDomainId'].formatCanonical()) print() elif infoBuffer['ulType'] == PAC_CLIENT_INFO_TYPE: clientInfo = PAC_CLIENT_INFO(data) if logging.getLogger().level == logging.DEBUG: clientInfo.dump() print() elif infoBuffer['ulType'] == PAC_SERVER_CHECKSUM: signatureData = PAC_SIGNATURE_DATA(data) if logging.getLogger().level == logging.DEBUG: signatureData.dump() print() elif infoBuffer['ulType'] == PAC_PRIVSVR_CHECKSUM: signatureData = PAC_SIGNATURE_DATA(data) if logging.getLogger().level == logging.DEBUG: signatureData.dump() print() elif infoBuffer['ulType'] == PAC_UPN_DNS_INFO: upn = UPN_DNS_INFO(data) if logging.getLogger().level == logging.DEBUG: upn.dump() print(data[upn['DnsDomainNameOffset']:]) print() else: hexdump(data) if logging.getLogger().level == logging.DEBUG: print("#" * 80) buff = buff[len(infoBuffer):]
def printPac(self, data, human=True): encTicketPart = decoder.decode(data, asn1Spec=EncTicketPart())[0] adIfRelevant = decoder.decode(encTicketPart['authorization-data'][0]['ad-data'], asn1Spec=AD_IF_RELEVANT())[ 0] # So here we have the PAC pacType = PACTYPE(bytes(adIfRelevant[0]['ad-data'])) buff = pacType['Buffers'] for bufferN in range(pacType['cBuffers']): infoBuffer = PAC_INFO_BUFFER(buff) data = pacType['Buffers'][infoBuffer['Offset']-8:][:infoBuffer['cbBufferSize']] if logging.getLogger().level == logging.DEBUG: print("TYPE 0x%x" % infoBuffer['ulType']) if infoBuffer['ulType'] == 1: type1 = TypeSerialization1(data) # I'm skipping here 4 bytes with its the ReferentID for the pointer newdata = data[len(type1)+4:] kerbdata = KERB_VALIDATION_INFO() kerbdata.fromString(newdata) kerbdata.fromStringReferents(newdata[len(kerbdata.getData()):]) kerbdata.dump() print() # # If human is true, print human-friendly version # # if not, just do the raw dump if human: print() print('Username:'******'EffectiveName']) print('Domain SID:', kerbdata['LogonDomainId'].formatCanonical()) print('UserId:', kerbdata['UserId']) print('PrimaryGroupId', kerbdata['PrimaryGroupId']) print('Member of groups:') for group in kerbdata['GroupIds']: print(' -> %d (attributes: %d)' % (group['RelativeId'], group['Attributes'])) print('LogonServer: ', kerbdata['LogonServer']) print('LogonDomainName: ', kerbdata['LogonDomainName']) print() print('Extra SIDS:') for sid in kerbdata['ExtraSids']: print(' -> ', sid['Sid'].formatCanonical()) if kerbdata['ResourceGroupDomainSid']: print('Extra domain groups found! Domain SID:') print(kerbdata['ResourceGroupDomainSid'].formatCanonical()) print('Relative groups:') for group in kerbdata['ResourceGroupIds']: print(' -> %d (attributes: %d)' % (group['RelativeId'], group['Attributes'])) elif infoBuffer['ulType'] == PAC_CLIENT_INFO_TYPE: clientInfo = PAC_CLIENT_INFO(data) if logging.getLogger().level == logging.DEBUG: clientInfo.dump() print() elif infoBuffer['ulType'] == PAC_SERVER_CHECKSUM: signatureData = PAC_SIGNATURE_DATA(data) if logging.getLogger().level == logging.DEBUG: signatureData.dump() print() elif infoBuffer['ulType'] == PAC_PRIVSVR_CHECKSUM: signatureData = PAC_SIGNATURE_DATA(data) if logging.getLogger().level == logging.DEBUG: signatureData.dump() print() elif infoBuffer['ulType'] == PAC_UPN_DNS_INFO: upn = UPN_DNS_INFO(data) if logging.getLogger().level == logging.DEBUG: upn.dump() print(data[upn['DnsDomainNameOffset']:]) # print else: hexdump(data) if logging.getLogger().level == logging.DEBUG: print("#"*80) buff = buff[len(infoBuffer):]