def fromString(self, data):
Structure.fromString(self, data)
rdata = self['Records']
self['Records'] = []
for i in range(self['Recordcount']):
self['Records'].append(FOREST_TRUST_INFO_RECORD(rdata))
rdata = rdata[len(self['Records'][-1]):]
def fromString(self,data):
Structure.fromString(self,data)
# [MS-NLMP] page 27
# Payload data can be present in any order within the Payload field,
# with variable-length padding before or after the data
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[ domain_offset : domain_end ]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[ host_offset: host_end ]
user_offset = self['user_offset']
user_end = self['user_len'] + user_offset
self['user_name'] = data[ user_offset: user_end ]
ntlm_offset = self['ntlm_offset']
ntlm_end = self['ntlm_len'] + ntlm_offset
self['ntlm'] = data[ ntlm_offset : ntlm_end ]
lanman_offset = self['lanman_offset']
lanman_end = self['lanman_len'] + lanman_offset
self['lanman'] = data[ lanman_offset : lanman_end]
def fromString(self, data):
Structure.fromString(self, data)
if self['RecordType'] == 2:
self['Data'] = FOREST_TRUST_RECORD_DOMAININFO(self['Data'])
else:
# 1 or 0 means FOREST_TRUST_RECORD_TOPLEVELNAME or FOREST_TRUST_RECORD_TOPLEVELNAME_EX
self['Data'] = FOREST_TRUST_RECORD_TOPLEVELNAME(self['Data'])
def fromString(self, data):
Structure.fromString(self, data)
# [MS-NLMP] page 27
# Payload data can be present in any order within the Payload field,
# with variable-length padding before or after the data
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[domain_offset:domain_end]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[host_offset:host_end]
user_offset = self['user_offset']
user_end = self['user_len'] + user_offset
self['user_name'] = data[user_offset:user_end]
ntlm_offset = self['ntlm_offset']
ntlm_end = self['ntlm_len'] + ntlm_offset
self['ntlm'] = data[ntlm_offset:ntlm_end]
lanman_offset = self['lanman_offset']
lanman_end = self['lanman_len'] + lanman_offset
self['lanman'] = data[lanman_offset:lanman_end]
def fromString(self, data):
Structure.fromString(self, data)
# Parse the ctx_items
data = self['ctx_items']
for i in range(self['ctx_num']):
item = CtxItemResult(data)
self.__ctx_items.append(item)
data = data[len(item):]
def fromString(self, data):
Structure.fromString(self,data)
# Parse the ctx_items
data = self['ctx_items']
for i in range(self['ctx_num']):
item = CtxItemResult(data)
self.__ctx_items.append(item)
data = data[len(item):]
def fromString(self, data):
self.entries = []
Structure.fromString(self, data)
data = self['keytab_entry']
while len(data) != 0:
ktentry = KeyTabEntry(data)
data = data[len(ktentry.getData()):]
self.entries.append(ktentry)
def fromString(self,data):
Structure.fromString(self,data)
# Just in case there's more data after the TargetInfoFields
self['TargetInfoFields'] = self['TargetInfoFields'][:self['TargetInfoFields_len']]
# We gotta process the TargetInfoFields
#if self['TargetInfoFields_len'] > 0:
# av_pairs = AV_PAIRS(self['TargetInfoFields'][:self['TargetInfoFields_len']])
# self['TargetInfoFields'] = av_pairs
return self
def fromString(self, data):
self.components = []
Structure.fromString(self, data)
data = self['components']
for i in range(self['num_components']):
ktentry = OctetString(data)
data = data[ktentry['len'] + 2:]
self.components.append(ktentry)
self.restfields = KeyTabContentRest(data)
def fromString(self, data):
self.aces = []
Structure.fromString(self, data)
for i in range(self['AceCount']):
# If we don't have any data left, return
if len(self['Data']) == 0:
raise Exception, "ACL header indicated there are more ACLs to unpack, but there is no more data"
ace = ACE(data=self['Data'])
self.aces.append(ace)
self['Data'] = self['Data'][ace['AceSize']:]
self['Data'] = self.aces
def fromString(self, data):
self.aces = []
Structure.fromString(self, data)
for i in range(self['AceCount']):
# If we don't have any data left, return
if len(self['Data']) == 0:
raise Exception, "ACL header indicated there are more ACLs to unpack, but there is no more data"
ace = ACE(data=self['Data'])
self.aces.append(ace)
self['Data'] = self['Data'][ace['AceSize']:]
self['Data'] = self.aces
def fromString(self, data, offset=0):
Structure.fromString(self, data)
self['ConfigFileArray'] = self.rawData[self['ConfigFileOffset'] +
offset:self['DataFileOffset'] +
offset].decode('utf-16-le')
self['DataFileArray'] = self.rawData[self['DataFileOffset'] +
offset:self['DriverPathOffset'] +
offset].decode('utf-16-le')
self['DriverPathArray'] = self.rawData[
self['DriverPathOffset'] + offset:self['EnvironmentOffset'] +
offset].decode('utf-16-le')
self['EnvironmentArray'] = self.rawData[self['EnvironmentOffset'] +
offset:self['NameOffset'] +
offset].decode('utf-16-le')
def fromString(self, data):
Structure.fromString(self,data)
if self['PreviousPasswordOffset'] == 0:
endData = self['QueryPasswordIntervalOffset']
else:
endData = self['PreviousPasswordOffset']
self['CurrentPassword'] = self.rawData[self['CurrentPasswordOffset']:][:endData - self['CurrentPasswordOffset']]
if self['PreviousPasswordOffset'] != 0:
self['PreviousPassword'] = self.rawData[self['PreviousPasswordOffset']:][:self['QueryPasswordIntervalOffset']-self['PreviousPasswordOffset']]
self['QueryPasswordInterval'] = self.rawData[self['QueryPasswordIntervalOffset']:][:self['UnchangedPasswordIntervalOffset']-self['QueryPasswordIntervalOffset']]
self['UnchangedPasswordInterval'] = self.rawData[self['UnchangedPasswordIntervalOffset']:]
def fromString(self,data):
Structure.fromString(self,data)
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[ domain_offset : domain_end ]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[ host_offset : host_end ]
if len(data) >= 36 and self.__hasNegotiateVersion():
self['os_version'] = VERSION(data[32:])
else:
self['os_version'] = ''
def fromString(self,data):
Structure.fromString(self,data)
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[ domain_offset : domain_end ]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[ host_offset : host_end ]
hasOsInfo = self['flags'] & NTLMSSP_VERSION
if len(data) >= 36 and hasOsInfo:
self['os_version'] = data[32:40]
else:
self['os_version'] = ''
def fromString(self, data):
Structure.fromString(self, data)
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[domain_offset:domain_end]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[host_offset:host_end]
hasOsInfo = self['flags'] & NTLMSSP_NEGOTIATE_VERSION
if len(data) >= 36 and hasOsInfo:
self['os_version'] = data[32:40]
else:
self['os_version'] = ''
def fromString(self, data):
Structure.fromString(self, data)
# All these fields are optional, if the offset is 0 they are empty
# there are also flags indicating if they are present
# TODO: parse those if it adds value
if self['OffsetOwner'] != 0:
self['OwnerSid'] = LDAP_SID(data=data[self['OffsetOwner']:])
else:
self['OwnerSid'] = ''
if self['OffsetGroup'] != 0:
self['GroupSid'] = LDAP_SID(data=data[self['OffsetGroup']:])
else:
self['GroupSid'] = ''
if self['OffsetSacl'] != 0:
self['Sacl'] = ACL(data=data[self['OffsetSacl']:])
else:
self['Sacl'] = ''
if self['OffsetDacl'] != 0:
self['Dacl'] = ACL(data=data[self['OffsetDacl']:])
else:
self['Sacl'] = ''
def fromString(self, data):
Structure.fromString(self, data)
# All these fields are optional, if the offset is 0 they are empty
# there are also flags indicating if they are present
# TODO: parse those if it adds value
if self['OffsetOwner'] != 0:
self['OwnerSid'] = LDAP_SID(data=data[self['OffsetOwner']:])
else:
self['OwnerSid'] = ''
if self['OffsetGroup'] != 0:
self['GroupSid'] = LDAP_SID(data=data[self['OffsetGroup']:])
else:
self['GroupSid'] = ''
if self['OffsetSacl'] != 0:
self['Sacl'] = ACL(data=data[self['OffsetSacl']:])
else:
self['Sacl'] = ''
if self['OffsetDacl'] != 0:
self['Dacl'] = ACL(data=data[self['OffsetDacl']:])
else:
self['Sacl'] = ''
def fromString(self, data):
if data is not None and len(data) > 2:
# Get the Length
index = 1
multiplier = 1
value = 0
encodedByte = 128
packetType = data[0]
while (encodedByte & 128) != 0:
encodedByte = ord(data[index])
value += (encodedByte & 127) * multiplier
multiplier *= 128
index += 1
if multiplier > 128 * 128 * 128:
raise Exception('Malformed Remaining Length')
data = packetType + struct.pack('<L', value) + data[index:value+index]
return Structure.fromString(self, data)
raise Exception('Dont know')
def fromString(self, data):
if data is not None and len(data) > 2:
# Get the Length
index = 1
multiplier = 1
value = 0
encodedByte = 128
packetType = data[0]
while (encodedByte & 128) != 0:
encodedByte = ord(data[index])
value += (encodedByte & 127) * multiplier
multiplier *= 128
index += 1
if multiplier > 128 * 128 * 128:
raise Exception('Malformed Remaining Length')
data = packetType + struct.pack('<L', value) + data[index:value+index]
return Structure.fromString(self, data)
raise Exception('Dont know')
def fromString(self, data):
Structure.fromString(self, data)
if data is not None:
bioKey = BCRYPT_KEY_DATA_BLOB_HEADER(unhexlify(self['BioKey'].decode('utf-16le')[:-1]))
self['BioKey'] = bioKey
def fromString(self, data):
Structure.fromString(self, data)
def fromString(self, data):
# This will parse the header
Structure.fromString(self, data)
# Now we parse the ACE body according to its type
self['TypeName'] = ACE_TYPE_MAP[self['AceType']].__name__
self['Ace'] = ACE_TYPE_MAP[self['AceType']](data=self['Ace'])
def fromString(self, data):
# This will parse the header
Structure.fromString(self, data)
# Now we parse the ACE body according to its type
self['TypeName'] = ACE_TYPE_MAP[self['AceType']].__name__
self['Ace'] = ACE_TYPE_MAP[self['AceType']](data=self['Ace'])
def fromString(self, data):
Structure.fromString(self, data)
if data is not None:
bioKey = BCRYPT_KEY_DATA_BLOB_HEADER(
unhexlify(self['BioKey'].decode('utf-16le')[:-1]))
self['BioKey'] = bioKey
def fromString(self, data):
Structure.fromString(self, data)
def fromString(self, data):
Structure.fromString(self, data)
self['domain_name'] = data[self['domain_offset']:][:self['domain_len']]
self['TargetInfoFields'] = data[
self['TargetInfoFields_offset']:][:self['TargetInfoFields_len']]
return self
def fromString(self,data):
Structure.fromString(self,data)
self['domain_name'] = data[self['domain_offset']:][:self['domain_len']]
self['TargetInfoFields'] = data[self['TargetInfoFields_offset']:][:self['TargetInfoFields_len']]
return self
