def __init__(self, reader): self.Flink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader) self.Blink = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader) self.unk0 = DWORD(reader) reader.align() self.LockList = PVOID(reader) self.unk1 = PVOID(reader) self.unk2 = PVOID(reader) self.unk3 = PVOID(reader) self.unk4 = PVOID(reader) self.unk5 = PVOID(reader) self.unk6 = DWORD(reader) self.unk7 = DWORD(reader) self.unk8 = DWORD(reader) self.unk9 = DWORD(reader) self.unkLogin0 = PVOID(reader) #PCWSTR self.unkLogin1 = PVOID(reader) #PCWSTR self.toname = reader.read(130) #wchar_t [64 + 1]; reader.align() self.Sid = PSID(reader).value self.unk10 = DWORD(reader) self.unk11 = DWORD(reader) self.unk12 = DWORD(reader) self.unk13 = DWORD(reader) self.toDetermine = PKIWI_CLOUDAP_CACHE_UNK(reader) self.unk14 = PVOID(reader) self.cbPRT = DWORD(reader).value reader.align() self.PRT = PVOID(reader) #PBYTE(reader)
def __init__(self, reader): self.unk0 = DWORD(reader) self.unk1 = DWORD(reader) self.unk2 = DWORD(reader) self.unkSize = DWORD(reader).value self.guid = GUID(reader) self.unk = reader.read(64)
def __init__(self, reader): self.unk0 = DWORD(reader).value #// dword_1233EC8 dd 4 self.cbItem = DWORD(reader).value #// debug048:01233ECC dd 5(reader).value self.unk1 = PVOID(reader).value self.unk2 = PVOID(reader).value #//KERB_HASHPASSWORD_5 KeysEntries[ANYSIZE_ARRAY] = (reader).value self.KeyEntries_start = reader.tell() self.KeyEntries = []
def __init__(self, reader): self.PinCode = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader) self.unk1 = PVOID(reader) self.CertificateInfos = PVOID(reader) self.unkData = PVOID(reader) # // 0 = CspData self.Flags = DWORD(reader).value # // 1 = CspData (not 0x21)(reader).value self.CspDataLength = DWORD(reader).value self.CspData = KERB_SMARTCARD_CSP_INFO_5(reader, size = self.CspDataLength)
def __init__(self, reader): self.Flink = PKIWI_CLOUDAP_LOGON_LIST_ENTRY(reader) self.Blink = PKIWI_CLOUDAP_LOGON_LIST_ENTRY(reader) self.unk0 = DWORD(reader) self.unk1 = DWORD(reader) self.LocallyUniqueIdentifier = LUID(reader).value self.unk2 = DWORD64(reader) self.unk3 = DWORD64(reader) self.cacheEntry = PKIWI_CLOUDAP_CACHE_LIST_ENTRY(reader)
def __init__(self, reader): #print('KIWI_KERBEROS_KEYS_LIST_6') #print(hexdump(reader.peek(0x100), start = reader.tell())) self.unk0 = DWORD(reader).value # // dword_1233EC8 dd 4(reader).value self.cbItem = DWORD(reader).value # // debug048:01233ECC dd 5(reader).value self.unk1 = PVOID(reader).value self.unk2 = PVOID(reader).value self.unk3 = PVOID(reader).value self.unk4 = PVOID(reader).value self.KeyEntries_start = reader.tell() self.KeyEntries = []
def __init__(self, reader): self.PinCode = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader).value self.unk1 = PVOID(reader).value self.CertificateInfos = PVOID(reader).value self.unk2 = PVOID(reader).value self.unkData = PVOID(reader).value #// 0 = CspData(reader).value self.Flags = DWORD(reader).value #// 0 = CspData(reader).value self.unkFlags = DWORD(reader).value #// 0x141 (not 0x61) self.CspDataLength = DWORD(reader).value self.CspData = KERB_SMARTCARD_CSP_INFO(reader).value
def __init__(self, reader): self.unk0 = DWORD(reader) self.unk1 = DWORD(reader) self.cbDomain = WORD(reader).value self.cbUsername = WORD(reader).value self.cbPassword = WORD(reader).value self.unk2 = DWORD(reader) self.Domain = reader.read(512) self.UserName = reader.read(512) self.Password_addr = reader.tell() self.Password = reader.read(512)
def __init__(self, reader): self.dwCspInfoLen = DWORD(reader).value self.MessageType = DWORD(reader).value self.ContextInformation = PVOID(reader).value #U self.SpaceHolderForWow64 = ULONG64(reader).value #U self.flags = DWORD(reader).value self.KeySpec = DWORD(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value self.bBuffer[ANYSIZE_ARRAY] = WCHAR(reader).value
def __init__(self, reader): #self.unkp0 = PVOID(reader).value #self.unkp1 = PVOID(reader).value self.unkh0 = DWORD(reader).value # 0xdbcaabcd self.unkd0 = DWORD(reader).value # 3 self.unkp2 = PVOID(reader).value self.unkd1 = DWORD(reader).value # 45 reader.align() self.unkp3 = PVOID(reader).value reader.align() self.pProperties_addr = reader.tell() self.pProperties = PVOID(reader) #PTS_PROPERTY_KIWI(reader) self.cbProperties = DWORD(reader).value
def __init__(self, reader): self.unk0 = DWORD(reader) self.unk1 = DWORD(reader) self.cbDomain = WORD( reader ).value + 511 #making it compatible with the other version. this is probably a bool? self.cbUsername = WORD(reader).value + 511 self.cbPassword = WORD(reader).value + 511 self.unk2 = DWORD(reader) self.Domain = reader.read(512) self.UserName = reader.read(512) self.Password_addr = reader.tell() self.Password = reader.read(512)
def __init__(self, reader): reader.align() self.szProperty = PCWSTR(reader).value self.dwType = DWORD(reader).value reader.align() self.pvData = PVOID(reader).value self.unkp0 = PVOID(reader).value self.unkd0 = DWORD(reader).value self.dwFlags = DWORD(reader).value self.unkd1 = DWORD(reader).value self.unkd2 = DWORD(reader).value self.pValidator = PVOID(reader).value self.unkp2 = PVOID(reader).value self.unkp3 = PVOID(reader).value
def __init__(self, reader): self.Flink = PKIWI_LIVESSP_LIST_ENTRY(reader) self.Blink = PKIWI_LIVESSP_LIST_ENTRY(reader) self.unk0 = PVOID(reader) self.unk1 = PVOID(reader) self.unk2 = PVOID(reader) self.unk3 = PVOID(reader) self.unk4 = DWORD(reader).value self.unk5 = DWORD(reader).value self.unk6 = PVOID(reader) self.LocallyUniqueIdentifier = LUID(reader).value self.UserName = LSA_UNICODE_STRING(reader) self.unk7 = PVOID(reader) self.suppCreds = PKIWI_LIVESSP_PRIMARY_CREDENTIAL(reader)
def __init__(self, reader, size): pos = reader.tell() #self.dwCspInfoLen = DWORD(reader).value self.MessageType = DWORD(reader).value self.ContextInformation = PVOID(reader).value #U self.SpaceHolderForWow64 = ULONG64(reader).value #U self.flags = DWORD(reader).value self.KeySpec = DWORD(reader).value self.nCardNameOffset = ULONG(reader).value * 2 self.nReaderNameOffset = ULONG(reader).value * 2 self.nContainerNameOffset = ULONG(reader).value * 2 self.nCSPNameOffset = ULONG(reader).value * 2 diff = reader.tell() - pos data = reader.read(size - diff + 4) self.bBuffer = io.BytesIO(data)
def __init__(self, reader): #print('KERB_HASHPASSWORD_GENERIC') #print(hexdump(reader.peek(0x50), start = reader.tell())) self.Type = DWORD(reader).value reader.align() self.Size = SIZE_T(reader).value self.Checksump = PVOID(reader) #this holds the actual credentials dunno why it's named this way...
def __init__(self, reader): self.dwCspInfoLen = DWORD(reader).value self.ContextInformation = PVOID(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value self.bBuffer = WCHAR(reader).value
def __init__(self, reader): self.UserName = LSA_UNICODE_STRING(reader) self.Domaine = LSA_UNICODE_STRING(reader) self.unkFunction = PVOID(reader).value self.type = DWORD(reader).value # // or flags 2 = normal, 1 = ISO(reader).value reader.align() self.Password = LSA_UNICODE_STRING(reader) # union { self.IsoPassword = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607_ISO(reader)
def __init__(self, reader): self.LogonDomainName = LSA_UNICODE_STRING(reader) self.UserName = LSA_UNICODE_STRING(reader) self.pNtlmCredIsoInProc = PVOID(reader).value self.isIso = BOOLEAN(reader).value self.isNtOwfPassword = BOOLEAN(reader).value self.isLmOwfPassword = BOOLEAN(reader).value self.isShaOwPassword = BOOLEAN(reader).value self.isDPAPIProtected = BOOLEAN(reader).value self.align0 = BYTE(reader).value self.align1 = BYTE(reader).value self.align2 = BYTE(reader).value self.unkD = DWORD(reader).value # // 1/2 # stuff to be done! #pragma pack(push, 2) self.isoSize = WORD(reader).value #// 0000 self.DPAPIProtected = reader.read(16) self.align3 = DWORD(reader).value #// 00000000 # stuff to be done! #pragma pack(pop) self.NtOwfPassword = reader.read(16) self.LmOwfPassword = reader.read(16) self.ShaOwPassword = reader.read(20)
def __init__(self, reader): self.Flink = PKIWI_MSV1_0_CREDENTIAL_LIST(reader) self.AuthenticationPackageId = DWORD(reader).value reader.align() self.PrimaryCredentials_ptr = PKIWI_MSV1_0_PRIMARY_CREDENTIAL_ENC( reader)
def __init__(self, reader): self.StructSize = DWORD(reader).value reader.align() self.isoBlob = PLSAISO_DATA_BLOB(reader) #POINTER!!!! #// aligned =