Esempio n. 1
0
def decUserHash(bootkey, rawPekKey, user, rawRID, rawLMhash, rawNTLMhash):

    rid = int(rawRID[48:], 16)

    encPEK = unhexlify(rawPekKey[16:])
    pek = ds_decrypt_pek(bootkey, encPEK)

    if (not rawLMhash):
        rawLMhash = ""

    if rawLMhash.startswith("1100000000000000"):
        rawLMhash = rawLMhash[16:]
    if rawNTLMhash.startswith("1100000000000000"):
        rawNTLMhash = rawNTLMhash[16:]

    pekENClm = unhexlify(rawLMhash)
    pekENCntlm = unhexlify(rawNTLMhash)

    encLM = ds_decrypt_with_pek(pek, rawLMhash)
    encNTLM = ds_decrypt_with_pek(pek, pekENCntlm)

    lm = ds_decrypt_single_hash(rid, encLM)
    ntlm = ds_decrypt_single_hash(rid, encNTLM)

    out = user + ":" + str(rid)
    if ((not encLM) or (encLM == "")):
        out += ":aad3b435b51404eeaad3b435b51404ee:"
    else:
        out += ":" + lm.encode('hex') + ":"
    if (ntlm == ""):
        out += "NO PASSWORD*********************:::"
    else:
        out += ntlm.encode('hex') + ":::"

    return out
Esempio n. 2
0
def decUserHash(bootkey,rawPekKey,user,rawRID,rawLMhash,rawNTLMhash):

    rid = int(rawRID[48:],16)
    
    encPEK = unhexlify(rawPekKey[16:])
    pek = ds_decrypt_pek(bootkey, encPEK)

    if (not rawLMhash):
        rawLMhash = ""

    if rawLMhash.startswith("1100000000000000"):
        rawLMhash = rawLMhash[16:]
    if rawNTLMhash.startswith("1100000000000000"):
        rawNTLMhash = rawNTLMhash[16:]

    pekENClm = unhexlify(rawLMhash)
    pekENCntlm = unhexlify(rawNTLMhash)
    
    encLM = ds_decrypt_with_pek(pek, rawLMhash)
    encNTLM = ds_decrypt_with_pek(pek, pekENCntlm)
    
    lm = ds_decrypt_single_hash(rid, encLM)
    ntlm = ds_decrypt_single_hash(rid, encNTLM)
    
    out = user+":"+str(rid)
    if ((not encLM) or (encLM == "")):
        out+= ":aad3b435b51404eeaad3b435b51404ee:"
    else:
        out += ":"+lm.encode('hex')+":"
    if (ntlm == ""):
        out += "NO PASSWORD*********************:::"
    else:
        out += ntlm.encode('hex')+":::"
    
    return out
Esempio n. 3
0
def decUserHashHistory(bootkey, rawPekKey, user, rawRID, rawLMhashHistory,
                       rawNTLMhashHistory):

    # "rawRID" may already be the RID, or the full SID - if latter is true, truncate
    rid = int(rawRID, 16) if len(rawRID) == 8 else int(rawRID[48:], 16)

    encPEK = unhexlify(rawPekKey[16:])
    pek = ds_decrypt_pek(bootkey, encPEK)

    if rawLMhashHistory.startswith("1100000000000000"):
        rawLMhashHistory = rawLMhashHistory[16:]
    if rawNTLMhashHistory.startswith("1100000000000000"):
        rawNTLMhashHistory = rawNTLMhashHistory[16:]

    pekENClmHistory = unhexlify(rawLMhashHistory)
    pekENCntlmHistory = unhexlify(rawNTLMhashHistory)

    encLM = ds_decrypt_with_pek(pek, pekENClmHistory)
    encNTLM = ds_decrypt_with_pek(pek, pekENCntlmHistory)

    histories = []

    for hindex in range(0, len(encNTLM) / 16):
        ntlm = ds_decrypt_single_hash(rid,
                                      encNTLM[hindex * 16:(hindex + 1) * 16])
        lm = ds_decrypt_single_hash(rid, encLM[hindex * 16:(hindex + 1) * 16])

        if hindex == 0:
            out = user + ":" + str(rid)
        else:
            out = user + "_history" + str(hindex - 1) + ":" + str(rid)

        if (lm == ""):
            out += ":aad3b435b51404eeaad3b435b51404ee:"
        else:
            out += ":" + lm.encode('hex') + ":"
        if (ntlm == ""):
            out += "NO PASSWORD*********************:::"
        else:
            out += ntlm.encode('hex') + ":::"

        histories.append(out)

    return histories
Esempio n. 4
0
def decUserHashHistory(bootkey, rawPekKey, user, rawRID, rawLMhashHistory, rawNTLMhashHistory):

    # "rawRID" may already be the RID, or the full SID - if latter is true, truncate
    rid = int(rawRID,16) if len(rawRID)==8 else int(rawRID[48:],16)
    
    encPEK = unhexlify(rawPekKey[16:])
    pek = ds_decrypt_pek(bootkey, encPEK)

    if rawLMhashHistory.startswith("1100000000000000"):
        rawLMhashHistory = rawLMhashHistory[16:]
    if rawNTLMhashHistory.startswith("1100000000000000"):
        rawNTLMhashHistory = rawNTLMhashHistory[16:]

    pekENClmHistory = unhexlify(rawLMhashHistory)
    pekENCntlmHistory = unhexlify(rawNTLMhashHistory)
    
    encLM = ds_decrypt_with_pek(pek, pekENClmHistory)
    encNTLM = ds_decrypt_with_pek(pek, pekENCntlmHistory)

    histories = []
    
    for hindex in range(0,len(encNTLM)/16):
        ntlm = ds_decrypt_single_hash(rid, encNTLM[hindex*16:(hindex+1)*16])
        lm   = ds_decrypt_single_hash(rid, encLM[hindex*16:(hindex+1)*16])

        if hindex == 0:
            out = user+":"+str(rid)
        else:
            out = user+"_history"+str(hindex-1)+":"+str(rid)

        if (lm == ""):
            out+= ":aad3b435b51404eeaad3b435b51404ee:"
        else:
            out += ":"+lm.encode('hex')+":"
        if (ntlm == ""):
            out += "NO PASSWORD*********************:::"
        else:
            out += ntlm.encode('hex')+":::"

        histories.append(out)

    return histories