def fromString(self, data): Structure.fromString(self, data) rdata = self['Records'] self['Records'] = [] for i in range(self['Recordcount']): self['Records'].append(FOREST_TRUST_INFO_RECORD(rdata)) rdata = rdata[len(self['Records'][-1]):]
def fromString(self,data): Structure.fromString(self,data) # [MS-NLMP] page 27 # Payload data can be present in any order within the Payload field, # with variable-length padding before or after the data domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[ domain_offset : domain_end ] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[ host_offset: host_end ] user_offset = self['user_offset'] user_end = self['user_len'] + user_offset self['user_name'] = data[ user_offset: user_end ] ntlm_offset = self['ntlm_offset'] ntlm_end = self['ntlm_len'] + ntlm_offset self['ntlm'] = data[ ntlm_offset : ntlm_end ] lanman_offset = self['lanman_offset'] lanman_end = self['lanman_len'] + lanman_offset self['lanman'] = data[ lanman_offset : lanman_end]
def fromString(self, data): Structure.fromString(self, data) if self['RecordType'] == 2: self['Data'] = FOREST_TRUST_RECORD_DOMAININFO(self['Data']) else: # 1 or 0 means FOREST_TRUST_RECORD_TOPLEVELNAME or FOREST_TRUST_RECORD_TOPLEVELNAME_EX self['Data'] = FOREST_TRUST_RECORD_TOPLEVELNAME(self['Data'])
def fromString(self, data): Structure.fromString(self, data) # [MS-NLMP] page 27 # Payload data can be present in any order within the Payload field, # with variable-length padding before or after the data domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[domain_offset:domain_end] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[host_offset:host_end] user_offset = self['user_offset'] user_end = self['user_len'] + user_offset self['user_name'] = data[user_offset:user_end] ntlm_offset = self['ntlm_offset'] ntlm_end = self['ntlm_len'] + ntlm_offset self['ntlm'] = data[ntlm_offset:ntlm_end] lanman_offset = self['lanman_offset'] lanman_end = self['lanman_len'] + lanman_offset self['lanman'] = data[lanman_offset:lanman_end]
def fromString(self, data): Structure.fromString(self, data) # Parse the ctx_items data = self['ctx_items'] for i in range(self['ctx_num']): item = CtxItemResult(data) self.__ctx_items.append(item) data = data[len(item):]
def fromString(self, data): Structure.fromString(self,data) # Parse the ctx_items data = self['ctx_items'] for i in range(self['ctx_num']): item = CtxItemResult(data) self.__ctx_items.append(item) data = data[len(item):]
def fromString(self, data): self.entries = [] Structure.fromString(self, data) data = self['keytab_entry'] while len(data) != 0: ktentry = KeyTabEntry(data) data = data[len(ktentry.getData()):] self.entries.append(ktentry)
def fromString(self,data): Structure.fromString(self,data) # Just in case there's more data after the TargetInfoFields self['TargetInfoFields'] = self['TargetInfoFields'][:self['TargetInfoFields_len']] # We gotta process the TargetInfoFields #if self['TargetInfoFields_len'] > 0: # av_pairs = AV_PAIRS(self['TargetInfoFields'][:self['TargetInfoFields_len']]) # self['TargetInfoFields'] = av_pairs return self
def fromString(self, data): self.components = [] Structure.fromString(self, data) data = self['components'] for i in range(self['num_components']): ktentry = OctetString(data) data = data[ktentry['len'] + 2:] self.components.append(ktentry) self.restfields = KeyTabContentRest(data)
def fromString(self, data): self.aces = [] Structure.fromString(self, data) for i in range(self['AceCount']): # If we don't have any data left, return if len(self['Data']) == 0: raise Exception, "ACL header indicated there are more ACLs to unpack, but there is no more data" ace = ACE(data=self['Data']) self.aces.append(ace) self['Data'] = self['Data'][ace['AceSize']:] self['Data'] = self.aces
def fromString(self, data, offset=0): Structure.fromString(self, data) self['ConfigFileArray'] = self.rawData[self['ConfigFileOffset'] + offset:self['DataFileOffset'] + offset].decode('utf-16-le') self['DataFileArray'] = self.rawData[self['DataFileOffset'] + offset:self['DriverPathOffset'] + offset].decode('utf-16-le') self['DriverPathArray'] = self.rawData[ self['DriverPathOffset'] + offset:self['EnvironmentOffset'] + offset].decode('utf-16-le') self['EnvironmentArray'] = self.rawData[self['EnvironmentOffset'] + offset:self['NameOffset'] + offset].decode('utf-16-le')
def fromString(self, data): Structure.fromString(self,data) if self['PreviousPasswordOffset'] == 0: endData = self['QueryPasswordIntervalOffset'] else: endData = self['PreviousPasswordOffset'] self['CurrentPassword'] = self.rawData[self['CurrentPasswordOffset']:][:endData - self['CurrentPasswordOffset']] if self['PreviousPasswordOffset'] != 0: self['PreviousPassword'] = self.rawData[self['PreviousPasswordOffset']:][:self['QueryPasswordIntervalOffset']-self['PreviousPasswordOffset']] self['QueryPasswordInterval'] = self.rawData[self['QueryPasswordIntervalOffset']:][:self['UnchangedPasswordIntervalOffset']-self['QueryPasswordIntervalOffset']] self['UnchangedPasswordInterval'] = self.rawData[self['UnchangedPasswordIntervalOffset']:]
def fromString(self,data): Structure.fromString(self,data) domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[ domain_offset : domain_end ] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[ host_offset : host_end ] if len(data) >= 36 and self.__hasNegotiateVersion(): self['os_version'] = VERSION(data[32:]) else: self['os_version'] = ''
def fromString(self,data): Structure.fromString(self,data) domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[ domain_offset : domain_end ] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[ host_offset : host_end ] hasOsInfo = self['flags'] & NTLMSSP_VERSION if len(data) >= 36 and hasOsInfo: self['os_version'] = data[32:40] else: self['os_version'] = ''
def fromString(self, data): Structure.fromString(self, data) domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[domain_offset:domain_end] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[host_offset:host_end] hasOsInfo = self['flags'] & NTLMSSP_NEGOTIATE_VERSION if len(data) >= 36 and hasOsInfo: self['os_version'] = data[32:40] else: self['os_version'] = ''
def fromString(self, data): Structure.fromString(self, data) # All these fields are optional, if the offset is 0 they are empty # there are also flags indicating if they are present # TODO: parse those if it adds value if self['OffsetOwner'] != 0: self['OwnerSid'] = LDAP_SID(data=data[self['OffsetOwner']:]) else: self['OwnerSid'] = '' if self['OffsetGroup'] != 0: self['GroupSid'] = LDAP_SID(data=data[self['OffsetGroup']:]) else: self['GroupSid'] = '' if self['OffsetSacl'] != 0: self['Sacl'] = ACL(data=data[self['OffsetSacl']:]) else: self['Sacl'] = '' if self['OffsetDacl'] != 0: self['Dacl'] = ACL(data=data[self['OffsetDacl']:]) else: self['Sacl'] = ''
def fromString(self, data): if data is not None and len(data) > 2: # Get the Length index = 1 multiplier = 1 value = 0 encodedByte = 128 packetType = data[0] while (encodedByte & 128) != 0: encodedByte = ord(data[index]) value += (encodedByte & 127) * multiplier multiplier *= 128 index += 1 if multiplier > 128 * 128 * 128: raise Exception('Malformed Remaining Length') data = packetType + struct.pack('<L', value) + data[index:value+index] return Structure.fromString(self, data) raise Exception('Dont know')
def fromString(self, data): Structure.fromString(self, data) if data is not None: bioKey = BCRYPT_KEY_DATA_BLOB_HEADER(unhexlify(self['BioKey'].decode('utf-16le')[:-1])) self['BioKey'] = bioKey
def fromString(self, data): Structure.fromString(self, data)
def fromString(self, data): # This will parse the header Structure.fromString(self, data) # Now we parse the ACE body according to its type self['TypeName'] = ACE_TYPE_MAP[self['AceType']].__name__ self['Ace'] = ACE_TYPE_MAP[self['AceType']](data=self['Ace'])
def fromString(self, data): Structure.fromString(self, data) if data is not None: bioKey = BCRYPT_KEY_DATA_BLOB_HEADER( unhexlify(self['BioKey'].decode('utf-16le')[:-1])) self['BioKey'] = bioKey
def fromString(self, data): Structure.fromString(self, data) self['domain_name'] = data[self['domain_offset']:][:self['domain_len']] self['TargetInfoFields'] = data[ self['TargetInfoFields_offset']:][:self['TargetInfoFields_len']] return self
def fromString(self,data): Structure.fromString(self,data) self['domain_name'] = data[self['domain_offset']:][:self['domain_len']] self['TargetInfoFields'] = data[self['TargetInfoFields_offset']:][:self['TargetInfoFields_len']] return self