def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) if data is not None: # Process the MAP entries self.mapEntries = list() data = self['AttributeMaps'] for i in range(self['AttributesMapsSize']//len(VAULT_ATTRIBUTE_MAP_ENTRY())): entry = VAULT_ATTRIBUTE_MAP_ENTRY(data) self.mapEntries.append(entry) data = data[len(VAULT_ATTRIBUTE_MAP_ENTRY()):] self.attributesLen = list() for i in range(len(self.mapEntries)): if i > 0: self.attributesLen.append(self.mapEntries[i]['Offset']-self.mapEntries[i-1]['Offset']) self.attributesLen.append(len(self.rawData) - self.mapEntries[i]['Offset'] ) self.attributes = list() for i, entry in enumerate(self.mapEntries): attribute = VAULT_ATTRIBUTE(self.rawData[entry['Offset']:][:self.attributesLen[i]]) self.attributes.append(attribute) # Do we have remaining data? self['Data'] = self.rawData[self.mapEntries[-1]['Offset']+len(self.attributes[-1].getData()):]
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is not None: # Process the MAP entries self.mapEntries = list() data = self['AttributeMaps'] for i in range(self['AttributesMapsSize'] // len(VAULT_ATTRIBUTE_MAP_ENTRY())): entry = VAULT_ATTRIBUTE_MAP_ENTRY(data) self.mapEntries.append(entry) data = data[len(VAULT_ATTRIBUTE_MAP_ENTRY()):] self.attributesLen = list() for i in range(len(self.mapEntries)): if i > 0: self.attributesLen.append(self.mapEntries[i]['Offset'] - self.mapEntries[i - 1]['Offset']) self.attributesLen.append( len(self.rawData) - self.mapEntries[i]['Offset']) self.attributes = list() for i, entry in enumerate(self.mapEntries): attribute = VAULT_ATTRIBUTE( self.rawData[entry['Offset']:][:self.attributesLen[i]]) self.attributes.append(attribute) # Do we have remaining data? self['Data'] = self.rawData[self.mapEntries[-1]['Offset'] + len(self.attributes[-1].getData()):]
def __init__(self,data=None): Structure.__init__(self,data) if data is None: self['UserName'] = '' self['Password'] = '' self['Database'] = '' self['AtchDBFile'] = ''
def __init__(self, username = '', password = '', challenge = '', lmhash = '', nthash = '', flags = 0): Structure.__init__(self) self['session_key']='' self['user_name']=username.encode('utf-16le') self['domain_name']='' #"CLON".encode('utf-16le') self['host_name']='' #"BETS".encode('utf-16le') self['flags'] = ( #authResp['flags'] # we think (beto & gera) that his flags force a memory conten leakage when a windows 2000 answers using uninitializaed verifiers NTLMSSP_KEY_128 | NTLMSSP_KEY_EXCHANGE| # NTLMSSP_LM_KEY | NTLMSSP_NTLM_KEY | NTLMSSP_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_SIGN | NTLMSSP_SEAL | # NTLMSSP_TARGET | 0) # Here we do the stuff if username and ( lmhash != '' or nthash != ''): self['lanman'] = get_ntlmv1_response(lmhash, challenge) self['ntlm'] = get_ntlmv1_response(nthash, challenge) elif (username and password): lmhash = compute_lmhash(password) nthash = compute_nthash(password) self['lanman']=get_ntlmv1_response(lmhash, challenge) self['ntlm']=get_ntlmv1_response(nthash, challenge) # This is not used for LM_KEY nor NTLM_KEY else: self['lanman'] = '' self['ntlm'] = '' if not self['host_name']: self['host_name'] = 'NULL'.encode('utf-16le') # for NULL session there must be a hostname
def __init__(self, data = None, alignment = 0): if len(data) >=16: if data[0:1] == b'\x24' or data[0:1] == b'\x34': self.structure = self.structureKDBM else: self.structure = self.structureKSSM Structure.__init__(self, data, alignment)
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data: self.__array = ndrutils.NDRArray(data=self["Buffer"], itemClass=SHARE_INFO_1) self["Buffer"] = self.__array return
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data: self.__array = ndrutils.NDRArray(data=self['Buffer'], itemClass=SESSION_INFO_502) self['Buffer'] = self.__array return
def __init__(self, data=None): Structure.__init__(self, data) if data is None: self['UserName'] = '' self['Password'] = '' self['Database'] = '' self['AtchDBFile'] = ''
def __init__(self, data=None, alignment=0): if len(data) >= 16: if data[0:1] == b'\x24' or data[0:1] == b'\x34': self.structure = self.structureKDBM else: self.structure = self.structureKSSM Structure.__init__(self, data, alignment)
def __init__(self): Structure.__init__(self) self['header'] = "NTLMSSP\x00" self['message_type'] = 0x00000002 self['targetNameSecLen'] = 0x0000 self['targetNameSecAll'] = 0x0000 self['targetNameSecOff'] = 0x0000000030 self['flags'] = 0xe2898235 self['targetInfoSecLen'] = 0x0000 self['targetInfoSecAll'] = 0x0000 self['targetInfoSecOff'] = 0x0000000050 self['challenge'] = 'AAAAAAAA' self['context'] = 8 * "\x00" self['targetInfoSec'] = '' self['targetName'] = '' self['targetInfoType2'] = 0x0002 self['targetInfoDomainNameLen'] = 0x0000 self['targetInfoDomainName'] = '' self['targetInfoType1'] = 0x0001 self['targetInfoServerNameLen'] = 0x0000 self['targetInfoServerName'] = '' self['targetInfoType4'] = 0x0004 self['targetInfoDNSDomainNameLen'] = 0x0000 self['targetInfoDNSDomainName'] = '' self['targetInfoType3'] = 0x0003 self['targetInfoDNSServerNameLen'] = 0x000 self['targetInfoDNSServerName'] = '' self['terminatorBlock'] = 0x00000000
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is None: self["cname"] = "" self["username"] = "" self["cltype_name"] = "" self["transport"] = "" return
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is None: self['cname'] = '' self['username'] = '' self['cltype_name'] = '' self['transport'] = '' return
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) if data is None: self['cname'] = '' self['username'] = '' self['cltype_name'] = '' self['transport'] = '' return
def __init__(self, data = None, alignment = 0): self.__ctx_items = [] Structure.__init__(self,data,alignment) if data is None: self['Pad'] = '' self['ctx_items'] = '' self['sec_trailer'] = '' self['auth_data'] = ''
def __init__(self, data=None, pcReturned=None): Structure.__init__(self, data=data) self['drivers'] = list() remaining = data if data is not None: for i in range(pcReturned): attr = DRIVER_INFO_2_BLOB(remaining) self['drivers'].append(attr) remaining = remaining[len(attr):]
def __init__(self, data=None, alignment=0): if len(data) > 20: if data[16:][:6] == b'\x00' * 6: self.structure += self.padding if unpack('<L', data[:4])[0] >= 100: self.structure += self.id100 if len(data[16:]) >= 9: self.structure += self.extended Structure.__init__(self, data, alignment)
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is None: self['max_tfrag'] = 4280 self['max_rfrag'] = 4280 self['assoc_group'] = 0 self['ctx_num'] = 1 self['ctx_items'] = '' self.__ctx_items = []
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) if data is None: self['max_tfrag'] = 4280 self['max_rfrag'] = 4280 self['assoc_group'] = 0 self['ctx_num'] = 1 self['ctx_items'] = '' self.__ctx_items = []
def __init__(self, data = None, alignment = 0): if len(data) > 20: if data[16:][:6] == b'\x00'*6: self.structure += self.padding if unpack('<L',data[:4])[0] >= 100: self.structure += self.id100 if len(data[16:]) >= 9: self.structure += self.extended Structure.__init__(self, data, alignment)
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) self.attributes = 0 if data is not None: # Unpack the attributes remaining = self['Remaining'] self.attributes = list() for i in range(self['AttrCount']): attr = CREDENTIAL_ATTRIBUTE(remaining) self.attributes.append(attr) remaining = remaining[len(attr):]
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) self.attributes = 0 if data is not None: # Unpack the attributes remaining = self['Remaining'] self.attributes = list() for i in range(self['AttrCount']): attr = CREDENTIAL_ATTRIBUTE(remaining) self.attributes.append(attr) remaining = remaining[len(attr):]
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is None: self['ver_major'] = 5 self['ver_minor'] = 0 self['flags'] = MSRPC_FIRSTFRAG | MSRPC_LASTFRAG self['type'] = MSRPC_REQUEST self.__frag_len_set = 0 self['auth_len'] = 0 self['pduData'] = '' self['auth_data'] = ''
def __init__(self, data = None, alignment = 0): Structure.__init__(self,data, alignment) if data is None: self['ver_major'] = 5 self['ver_minor'] = 0 self['flags'] = MSRPC_FIRSTFRAG | MSRPC_LASTFRAG self['type'] = MSRPC_REQUEST self.__frag_len_set = 0 self['auth_len'] = 0 self['pduData'] = '' self['auth_data'] = ''
def __init__(self): Structure.__init__(self) self['flags'] = ( NTLMSSP_KEY_128 | NTLMSSP_KEY_EXCHANGE | # NTLMSSP_LM_KEY | NTLMSSP_NTLM_KEY | NTLMSSP_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_SIGN | NTLMSSP_SEAL | # NTLMSSP_TARGET | 0) self['host_name'] = '' self['domain_name'] = ''
def __init__(self): Structure.__init__(self) self['flags'] = ( NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | # NTLMSSP_LM_KEY | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL | # NTLMSSP_TARGET | 0) self['host_name'] = '' self['domain_name'] = '' self['os_version'] = ''
def __init__(self, version, revision, pageSize=8192, data=None): if (version < 0x620) or (version == 0x620 and revision < 0x0b): # For sure the old format self.structure = self.structure_2003_SP0 + self.common elif version == 0x620 and revision < 0x11: # Exchange 2003 SP1 and Windows Vista and later self.structure = self.structure_0x620_0x0b + self.common else: # Windows 7 and later self.structure = self.structure_win7 + self.common if pageSize > 8192: self.structure += self.extended_win7 Structure.__init__(self,data)
def __init__(self, version, revision, pageSize=8192, data=None): if (version < 0x620) or (version == 0x620 and revision < 0x0b): # For sure the old format self.structure = self.structure_2003_SP0 + self.common elif version == 0x620 and revision < 0x11: # Exchange 2003 SP1 and Windows Vista and later self.structure = self.structure_0x620_0x0b + self.common else: # Windows 7 and later self.structure = self.structure_win7 + self.common if pageSize > 8192: self.structure += self.extended_win7 Structure.__init__(self, data)
def __init__(self): Structure.__init__(self) self['flags']= ( NTLMSSP_KEY_128 | NTLMSSP_KEY_EXCHANGE| # NTLMSSP_LM_KEY | NTLMSSP_NTLM_KEY | NTLMSSP_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_SIGN | NTLMSSP_SEAL | # NTLMSSP_TARGET | 0) self['host_name']='' self['domain_name']=''
def __init__(self): Structure.__init__(self) self['flags']= ( NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH| # NTLMSSP_LM_KEY | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL | # NTLMSSP_TARGET | 0) self['host_name']='' self['domain_name']='' self['os_version']=''
def __init__(self,data): # Depending on the type of data we'll end up building a different struct dataType = unpack('<H', data[4:][:2])[0] self.structure = self.fixed if dataType == CATALOG_TYPE_TABLE: self.structure += self.other + self.table_stuff elif dataType == CATALOG_TYPE_COLUMN: self.structure += self.column_stuff elif dataType == CATALOG_TYPE_INDEX: self.structure += self.other + self.index_stuff elif dataType == CATALOG_TYPE_LONG_VALUE: self.structure += self.other + self.lv_stuff elif dataType == CATALOG_TYPE_CALLBACK: raise Exception('CallBack types not supported!') else: LOG.error('Unknown catalog type 0x%x' % dataType) self.structure = () Structure.__init__(self,data) self.structure += self.common Structure.__init__(self,data)
def __init__(self, data): # Depending on the type of data we'll end up building a different struct dataType = unpack('<H', data[4:][:2])[0] self.structure = self.fixed if dataType == CATALOG_TYPE_TABLE: self.structure += self.other + self.table_stuff elif dataType == CATALOG_TYPE_COLUMN: self.structure += self.column_stuff elif dataType == CATALOG_TYPE_INDEX: self.structure += self.other + self.index_stuff elif dataType == CATALOG_TYPE_LONG_VALUE: self.structure += self.other + self.lv_stuff elif dataType == CATALOG_TYPE_CALLBACK: raise Exception('CallBack types not supported!') else: LOG.error('Unknown catalog type 0x%x' % dataType) self.structure = () Structure.__init__(self, data) self.structure += self.common Structure.__init__(self, data)
def __init__(self, data = None): Structure.__init__(self,data) if data is None: self['AlignPad'] = ''
def __init__(self, data=None, alignment=0): self.__ctx_items = [] Structure.__init__(self, data, alignment)
def __init__(self, data = None, alignment = 0): Structure.__init__(self,data,alignment) self['bType'] = TPUBLICKEYBLOB self['bVersion'] = CUR_BLOB_VERSION self['aiKeyAlg'] = CALG_DH_EPHEM
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is None: self["netname"] = "" self["remark"] = "" return
def __init__(self, data = None, alignment = 0): Structure.__init__(self,data,alignment) self['magic'] = 0x31484400 self['bitlen'] = 1024
def __init__(self, flags = 0, **kargs): if flags & NTLMSSP_NTLM2_KEY: self.structure = self.extendedMessageSignature else: self.structure = self.MessageSignature return Structure.__init__(self, **kargs)
def __init__(self, data = None): Structure.__init__(self,data) self['VariablePart']=''
def __init__(self, flags = 0, **kargs): if flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY: self.structure = self.extendedMessageSignature else: self.structure = self.MessageSignature return Structure.__init__(self, **kargs)
def __init__(self, flags, data=None): if flags & TAG_COMMON > 0: # Include the common header self.structure = self.common + self.structure return Structure.__init__(self, data)
def __init__(self, data=None): Structure.__init__(self, data) if data is None: self['AlignPad'] = ''
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) self.decryptedKey = None
def __init__(self, data = None): Structure.__init__(self,data) if data is None: self['TreeID'] = 0
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) self['magic'] = 0x31484400 self['bitlen'] = 1024
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) self['publickeystruc'] = PUBLICKEYSTRUC().getData() self['dhpubkey'] = DHPUBKEY().getData()
def __init__(self, data = None): Structure.__init__(self,data) self['UserData'] =''
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) self.decryptedKey = None
def __init__(self, data=None): Structure.__init__(self, data) if data is None: self['TreeID'] = 0
def __init__(self, data = None, alignment = 0): self.__ctx_items = [] Structure.__init__(self,data,alignment)
def __init__(self, data=None): Structure.__init__(self, data=data)
def __init__(self, data = None, alignment = 0): Structure.__init__(self,data,alignment) self['publickeystruc'] = PUBLICKEYSTRUC().getData() self['dhpubkey'] = DHPUBKEY().getData()
def __init__(self, flags, data=None): if flags & TAG_COMMON > 0: # Include the common header self.structure = self.common + self.structure return Structure.__init__(self,data)
def __init__(self, flags=0, **kargs): if flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY: self.structure = self.extendedMessageSignature else: self.structure = self.MessageSignature return Structure.__init__(self, **kargs)
def __init__(self, data = None, alignment = 0): Structure.__init__(self,data,alignment) if data is None: self['SupportedVersions'] = ''