def __init__(self, reader): self.Length = ULONG(reader).value reader.align() self.Value = PVOID(reader) ##not part of struct self.Data = None
def __init__(self, reader): self.unk0 = DWORD(reader).value #// dword_1233EC8 dd 4 self.cbItem = DWORD(reader).value #// debug048:01233ECC dd 5(reader).value self.unk1 = PVOID(reader).value self.unk2 = PVOID(reader).value #//KERB_HASHPASSWORD_5 KeysEntries[ANYSIZE_ARRAY] = (reader).value self.KeyEntries_start = reader.tell() self.KeyEntries = []
def __init__(self, reader): self.PinCode = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader) self.unk1 = PVOID(reader) self.CertificateInfos = PVOID(reader) self.unkData = PVOID(reader) # // 0 = CspData self.Flags = DWORD(reader).value # // 1 = CspData (not 0x21)(reader).value self.CspDataLength = DWORD(reader).value self.CspData = KERB_SMARTCARD_CSP_INFO_5(reader, size = self.CspDataLength)
def __init__(self, reader): self.Flink = PKIWI_KERBEROS_INTERNAL_TICKET_51(reader) self.Blink = PKIWI_KERBEROS_INTERNAL_TICKET_51(reader) self.unk0 = PVOID(reader).value self.unk1 = PVOID(reader).value self.ServiceName = PKERB_EXTERNAL_NAME(reader) self.TargetName = PKERB_EXTERNAL_NAME(reader) self.DomainName = LSA_UNICODE_STRING(reader) self.TargetDomainName = LSA_UNICODE_STRING(reader) self.Description = LSA_UNICODE_STRING(reader) self.AltTargetDomainName = LSA_UNICODE_STRING(reader) self.ClientName = PKERB_EXTERNAL_NAME(reader) self.TicketFlags = int.from_bytes(reader.read(4), byteorder = 'big', signed = False) self.unk2 = ULONG(reader).value self.KeyType = ULONG(reader).value self.Key = KIWI_KERBEROS_BUFFER(reader) self.unk3 = PVOID(reader).value self.unk4 = PVOID(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.unk7 = PVOID(reader).value self.unk8 = PVOID(reader).value self.StartTime = FILETIME(reader).value self.EndTime = FILETIME(reader).value self.RenewUntil = FILETIME(reader).value self.unk9 = ULONG(reader).value self.unk10 = ULONG(reader).value self.domain = PCWSTR(reader).value self.unk11 = ULONG(reader).value self.strangeNames = PVOID(reader).value self.unk12 = ULONG(reader).value self.TicketEncType = ULONG(reader).value self.TicketKvno = ULONG(reader).value self.Ticket = KIWI_KERBEROS_BUFFER(reader)
def __init__(self, reader):
#print('KIWI_KERBEROS_KEYS_LIST_6')
#print(hexdump(reader.peek(0x100), start = reader.tell()))
self.unk0 = DWORD(reader).value # // dword_1233EC8 dd 4(reader).value
self.cbItem = DWORD(reader).value # // debug048:01233ECC dd 5(reader).value
self.unk1 = PVOID(reader).value
self.unk2 = PVOID(reader).value
self.unk3 = PVOID(reader).value
self.unk4 = PVOID(reader).value
self.KeyEntries_start = reader.tell()
self.KeyEntries = []
def __init__(self, reader):
#print('KERB_HASHPASSWORD_GENERIC')
#print(hexdump(reader.peek(0x50), start = reader.tell()))
self.Type = DWORD(reader).value
reader.align()
self.Size = SIZE_T(reader).value
self.Checksump = PVOID(reader) #this holds the actual credentials dunno why it's named this way...
def __init__(self, reader):
self.UserName = LSA_UNICODE_STRING(reader)
self.Domaine = LSA_UNICODE_STRING(reader)
self.unkFunction = PVOID(reader).value
self.type = DWORD(reader).value # // or flags 2 = normal, 1 = ISO(reader).value
reader.align()
self.Password = LSA_UNICODE_STRING(reader) # union {
self.IsoPassword = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607_ISO(reader)
def __init__(self, reader, size): pos = reader.tell() #self.dwCspInfoLen = DWORD(reader).value self.ContextInformation = PVOID(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value diff = reader.tell() - pos data = reader.read(size - diff + 4) self.bBuffer = io.BytesIO(data)
class KIWI_KERBEROS_BUFFER: def __init__(self, reader): self.Length = ULONG(reader).value reader.align() self.Value = PVOID(reader) ##not part of struct self.Data = None def read(self, reader): self.Data = self.Value.read_raw(reader, self.Length) return self.Data
def __init__(self, reader, size): pos = reader.tell() #self.dwCspInfoLen = DWORD(reader).value self.MessageType = DWORD(reader).value self.ContextInformation = PVOID(reader).value #U self.SpaceHolderForWow64 = ULONG64(reader).value #U self.flags = DWORD(reader).value self.KeySpec = DWORD(reader).value self.nCardNameOffset = ULONG(reader).value * 2 self.nReaderNameOffset = ULONG(reader).value * 2 self.nContainerNameOffset = ULONG(reader).value * 2 self.nCSPNameOffset = ULONG(reader).value * 2 diff = reader.tell() - pos data = reader.read(size - diff + 4) self.bBuffer = io.BytesIO(data)
def __init__(self, reader):
#input('KIWI_KERBEROS_INTERNAL_TICKET_10_1607\n' + hexdump(reader.peek(0x300)))
self.Flink = PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(reader)
self.Blink = PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(reader)
self.unk0 = PVOID(reader).value
self.unk1 = PVOID(reader).value
self.ServiceName = PKERB_EXTERNAL_NAME(reader)
self.TargetName = PKERB_EXTERNAL_NAME(reader)
self.DomainName = LSA_UNICODE_STRING(reader)
self.TargetDomainName = LSA_UNICODE_STRING(reader)
self.Description = LSA_UNICODE_STRING(reader)
self.AltTargetDomainName = LSA_UNICODE_STRING(reader)
self.KDCServer = LSA_UNICODE_STRING(reader) # //?(reader).value
self.unk10586_d = LSA_UNICODE_STRING(reader) #//?(reader).value
self.ClientName = PKERB_EXTERNAL_NAME(reader)
self.name0 = PVOID(reader).value
self.TicketFlags = int.from_bytes(reader.read(4), byteorder = 'big', signed = False)
self.unk2 = ULONG(reader).value
self.unk14393_0 = PVOID(reader).value
self.KeyType = ULONG(reader).value
reader.align()
self.Key = KIWI_KERBEROS_BUFFER(reader)
self.unk14393_1 = PVOID(reader).value
self.unk3 = PVOID(reader).value # // ULONG KeyType2 = (reader).value
self.unk4 = PVOID(reader).value # // KIWI_KERBEROS_BUFFER Key2 = (reader).value
self.unk5 = PVOID(reader).value # // up(reader).value
self.StartTime = FILETIME(reader).value
self.EndTime = FILETIME(reader).value
self.RenewUntil = FILETIME(reader).value
self.unk6 = ULONG(reader).value
self.unk7 = ULONG(reader).value
self.domain = PCWSTR(reader).value
self.unk8 = ULONG(reader).value
reader.align()
self.strangeNames = PVOID(reader).value
self.unk9 = ULONG(reader).value
self.TicketEncType = ULONG(reader).value
self.TicketKvno = ULONG(reader).value
reader.align()
self.Ticket = KIWI_KERBEROS_BUFFER(reader)
def __init__(self, reader):
#print('KERB_HASHPASSWORD_6')
#input(hexdump(reader.peek(0x100), start = reader.tell()))
self.salt = LSA_UNICODE_STRING(reader) #// http://tools.ietf.org/html/rfc3962
self.stringToKey = PVOID(reader) # // AES Iterations (dword ?)
self.generic = KERB_HASHPASSWORD_GENERIC(reader)
def __init__(self, reader):
#input('aaaaaaaaa\n' + hexdump(reader.peek(0x300)))
self.UsageCount = ULONG(reader).value
reader.align()
self.unk0 = LIST_ENTRY(reader)
self.unk1 = PVOID(reader).value
self.unk1b = ULONG(reader).value
reader.align()
self.unk2 = FILETIME(reader).value
self.unk4 = PVOID(reader).value
self.unk5 = PVOID(reader).value
self.unk6 = PVOID(reader).value
self.LocallyUniqueIdentifier = LUID(reader).value
#input('LocallyUniqueIdentifier\n' + hex(self.LocallyUniqueIdentifier))
self.unk7 = FILETIME(reader).value
self.unk8 = PVOID(reader).value
self.unk8b = ULONG(reader).value
reader.align()
self.unk9 = FILETIME(reader).value
self.unk11 = PVOID(reader).value
self.unk12 = PVOID(reader).value
self.unk13 = PVOID(reader).value
self.unkAlign = ULONG(reader).value
#input('credentials \n' + hexdump(reader.peek(0x200)))
self.credentials = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607(reader)
self.unk14 = ULONG(reader).value
self.unk15 = ULONG(reader).value
self.unk16 = ULONG(reader).value
self.unk17 = ULONG(reader).value
self.unk18 = PVOID(reader).value
self.unk19 = PVOID(reader).value
self.unk20 = PVOID(reader).value
self.unk21 = PVOID(reader).value
self.unk22 = PVOID(reader).value
self.unk23 = PVOID(reader).value
#self.unk24 = PVOID(reader).value
#self.unk25 = PVOID(reader).value
reader.align()
self.pKeyList = PVOID(reader)
self.unk26 = PVOID(reader).value
#input('Tickets_1 \n' + hexdump(reader.peek(0x200)))
self.Tickets_1 = LIST_ENTRY(reader)
self.unk27 = FILETIME(reader).value
self.Tickets_2 = LIST_ENTRY(reader)
self.unk28 = FILETIME(reader).value
self.Tickets_3 = LIST_ENTRY(reader)
self.unk29 = FILETIME(reader).value
self.SmartcardInfos = PVOID(reader)
def __init__(self, reader): self.UserName = LSA_UNICODE_STRING(reader) self.Domaine = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader).value self.Password = LSA_UNICODE_STRING(reader)
def __init__(self, reader): self.UsageCount = ULONG(reader).value reader.align() self.unk0 = LIST_ENTRY(reader) self.unk1 = PVOID(reader).value self.unk2 = ULONG(reader).value # // filetime.1 ? self.unk3 = ULONG(reader).value #// filetime.2 ?(reader).value self.unk4 = PVOID(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.LocallyUniqueIdentifier = LUID(reader).value #self.unkAlign = ULONG(reader).value#ifdef _M_IX86(reader).value reader.align(8) self.unk7 = FILETIME(reader).value self.unk8 = PVOID(reader).value self.unk9 = ULONG(reader).value # // filetime.1 ?(reader).value self.unk10 = ULONG(reader).value # // filetime.2 ?(reader).value self.unk11 = PVOID(reader).value self.unk12 = PVOID(reader).value self.unk13 = PVOID(reader).value self.credentials = KIWI_GENERIC_PRIMARY_CREDENTIAL(reader) self.unk14 = ULONG(reader).value self.unk15 = ULONG(reader).value self.unk16 = ULONG(reader).value self.unk17 = ULONG(reader).value self.unk18 = PVOID(reader).value self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.pKeyList = PVOID(reader) self.unk23 = PVOID(reader).value reader.align() self.Tickets_1 = LIST_ENTRY(reader) self.unk24 = FILETIME(reader).value self.Tickets_2 = LIST_ENTRY(reader) self.unk25 = FILETIME(reader).value self.Tickets_3 = LIST_ENTRY(reader) self.unk26 = FILETIME(reader).value self.SmartcardInfos = PVOID(reader)
def __init__(self, reader): self.salt = LSA_UNICODE_STRING(reader) # // http://tools.ietf.org/html/rfc3962(reader).value self.stringToKey = PVOID(reader).value # // AES Iterations (dword ?)(reader).value self.unk0 = PVOID(reader).value self.generic = KERB_HASHPASSWORD_GENERIC(reader)
async def load(reader):
p = PVOID()
p.location = reader.tell()
p.value = await reader.read_uint()
p.finaltype = KIWI_BCRYPT_KEY
return p
def __init__(self, reader): self.UsageCount = ULONG(reader).value reader.align() self.unk0 = LIST_ENTRY(reader) self.unk1 = PVOID(reader).value self.unk1b = ULONG(reader).value reader.align() self.unk2 = FILETIME(reader).value self.unk4 = PVOID(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.LocallyUniqueIdentifier = LUID(reader).value self.unk7 = FILETIME(reader).value self.unk8 = PVOID(reader).value self.unk8b = ULONG(reader).value reader.align() self.unk9 = FILETIME(reader).value self.unk11 = PVOID(reader).value self.unk12 = PVOID(reader).value self.unk13 = PVOID(reader).value self.credentials = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL(reader) self.unk14 = ULONG(reader).value self.unk15 = ULONG(reader).value self.unk16 = ULONG(reader).value self.unk17 = ULONG(reader).value #self.unk18 = PVOID(reader).value self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.unk23 = PVOID(reader).value self.unk24 = PVOID(reader).value self.unk25 = PVOID(reader).value self.pKeyList = PVOID(reader) self.unk26 = PVOID(reader).value self.Tickets_1 = LIST_ENTRY(reader) self.unk27 = FILETIME(reader).value self.Tickets_2 = LIST_ENTRY(reader) self.unk28 = FILETIME(reader).value self.Tickets_3 = LIST_ENTRY(reader) self.unk29 = FILETIME(reader).value self.SmartcardInfos = PVOID(reader)