コード例 #1
0
    def __init__(self, data=None, alignment=0):
        Structure.__init__(self, data, alignment)
        if data is not None:
            # Process the MAP entries
            self.mapEntries = list()
            data = self['AttributeMaps']
            for i in range(self['AttributesMapsSize'] //
                           len(VAULT_ATTRIBUTE_MAP_ENTRY())):
                entry = VAULT_ATTRIBUTE_MAP_ENTRY(data)
                self.mapEntries.append(entry)
                data = data[len(VAULT_ATTRIBUTE_MAP_ENTRY()):]

            self.attributesLen = list()

            for i in range(len(self.mapEntries)):
                if i > 0:
                    self.attributesLen.append(self.mapEntries[i]['Offset'] -
                                              self.mapEntries[i - 1]['Offset'])

            self.attributesLen.append(
                len(self.rawData) - self.mapEntries[i]['Offset'])

            self.attributes = list()
            for i, entry in enumerate(self.mapEntries):
                attribute = VAULT_ATTRIBUTE(
                    self.rawData[entry['Offset']:][:self.attributesLen[i]])
                self.attributes.append(attribute)

            # Do we have remaining data?
            self['Data'] = self.rawData[self.mapEntries[-1]['Offset'] +
                                        len(self.attributes[-1].getData()):]
コード例 #2
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
    def fromString(self, data):
        Structure.fromString(self, data)
        # [MS-NLMP] page 27
        # Payload data can be present in any order within the Payload field,
        # with variable-length padding before or after the data

        domain_offset = self['domain_offset']
        domain_end = self['domain_len'] + domain_offset
        self['domain_name'] = data[domain_offset:domain_end]

        host_offset = self['host_offset']
        host_end = self['host_len'] + host_offset
        self['host_name'] = data[host_offset:host_end]

        user_offset = self['user_offset']
        user_end = self['user_len'] + user_offset
        self['user_name'] = data[user_offset:user_end]

        ntlm_offset = self['ntlm_offset']
        ntlm_end = self['ntlm_len'] + ntlm_offset
        self['ntlm'] = data[ntlm_offset:ntlm_end]

        lanman_offset = self['lanman_offset']
        lanman_end = self['lanman_len'] + lanman_offset
        self['lanman'] = data[lanman_offset:lanman_end]
コード例 #3
0
 def __init__(self, data=None, alignment=0):
     if len(data) >= 16:
         if data[0:1] == b'\x24' or data[0:1] == b'\x34':
             self.structure = self.structureKDBM
         else:
             self.structure = self.structureKSSM
     Structure.__init__(self, data, alignment)
コード例 #4
0
 def __init__(self, data=None, alignment=0):
     if len(data) > 20:
         if data[16:][:6] == b'\x00' * 6:
             self.structure += self.padding
         if unpack('<L', data[:4])[0] >= 100:
             self.structure += self.id100
         if len(data[16:]) >= 9:
             self.structure += self.extended
     Structure.__init__(self, data, alignment)
コード例 #5
0
 def __init__(self, data=None, alignment=0):
     Structure.__init__(self, data, alignment)
     self.attributes = 0
     if data is not None:
         # Unpack the attributes
         remaining = self['Remaining']
         self.attributes = list()
         for i in range(self['AttrCount']):
             attr = CREDENTIAL_ATTRIBUTE(remaining)
             self.attributes.append(attr)
             remaining = remaining[len(attr):]
コード例 #6
0
 def fromString(self, data):
     self.aces = []
     Structure.fromString(self, data)
     for i in range(self['AceCount']):
         # If we don't have any data left, return
         if len(self['Data']) == 0:
             raise Exception, "ACL header indicated there are more ACLs to unpack, but there is no more data"
         ace = ACE(data=self['Data'])
         self.aces.append(ace)
         self['Data'] = self['Data'][ace['AceSize']:]
     self['Data'] = self.aces
コード例 #7
0
ファイル: ese.py プロジェクト: timmytr1ll/nebulousAD 
    def __init__(self, version, revision, pageSize=8192, data=None):
        if (version < 0x620) or (version == 0x620 and revision < 0x0b):
            # For sure the old format
            self.structure = self.structure_2003_SP0 + self.common
        elif version == 0x620 and revision < 0x11:
            # Exchange 2003 SP1 and Windows Vista and later
            self.structure = self.structure_0x620_0x0b + self.common
        else:
            # Windows 7 and later
            self.structure = self.structure_win7 + self.common
            if pageSize > 8192:
                self.structure += self.extended_win7

        Structure.__init__(self, data)
コード例 #8
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
 def __init__(self):
     Structure.__init__(self)
     self['flags'] = (
         NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH |
         # NTLMSSP_LM_KEY      |
         NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_UNICODE |
         # NTLMSSP_ALWAYS_SIGN |
         NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL |
         # NTLMSSP_TARGET      |
         0)
     self['host_name'] = ''
     self['domain_name'] = ''
     self['os_version'] = ''
     self._workstation = ''
コード例 #9
0
 def getData(self):
     # Set the correct flags
     if self['ObjectType'] != '':
         self['Flags'] |= self.ACE_OBJECT_TYPE_PRESENT
     if self['InheritedObjectType'] != '':
         self['Flags'] |= self.ACE_INHERITED_OBJECT_TYPE_PRESENT
     return Structure.getData(self)
コード例 #10
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
    def fromString(self, data):
        Structure.fromString(self, data)

        domain_offset = self['domain_offset']
        domain_end = self['domain_len'] + domain_offset
        self['domain_name'] = data[domain_offset:domain_end]

        host_offset = self['host_offset']
        host_end = self['host_len'] + host_offset
        self['host_name'] = data[host_offset:host_end]

        hasOsInfo = self['flags'] & NTLMSSP_NEGOTIATE_VERSION
        if len(data) >= 36 and hasOsInfo:
            self['os_version'] = data[32:40]
        else:
            self['os_version'] = ''
コード例 #11
0
    def getData(self):
        headerlen = 20
        # Reconstruct the security descriptor
        # flags are currently not set automatically
        # TODO: do this?
        datalen = 0
        if self['Sacl'] != '':
            self['OffsetSacl'] = headerlen + datalen
            datalen += len(self['Sacl'].getData())
        else:
            self['OffsetSacl'] = 0

        if self['Dacl'] != '':
            self['OffsetDacl'] = headerlen + datalen
            datalen += len(self['Dacl'].getData())
        else:
            self['OffsetDacl'] = 0

        if self['OwnerSid'] != '':
            self['OffsetOwner'] = headerlen + datalen
            datalen += len(self['OwnerSid'].getData())
        else:
            self['OffsetOwner'] = 0

        if self['GroupSid'] != '':
            self['OffsetGroup'] = headerlen + datalen
            datalen += len(self['GroupSid'].getData())
        else:
            self['OffsetGroup'] = 0
        return Structure.getData(self)
コード例 #12
0
 def getData(self):
     self['AceCount'] = len(self.aces)
     # We modify the data field to be able to use the
     # parent class parsing
     self['Data'] = ''.join([ace.getData() for ace in self.aces])
     self['AclSize'] = len(
         self['Data']) + 8  # Header size (8 bytes) is included
     data = Structure.getData(self)
     # Put the ACEs back in data
     self['Data'] = self.aces
     return data
コード例 #13
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
 def getData(self):
     self['domain_offset'] = 64 + self.checkMIC(
         self["flags"]) + self.checkVersion(self["flags"])
     self['user_offset'] = 64 + self.checkMIC(
         self["flags"]) + self.checkVersion(self["flags"]) + len(
             self['domain_name'])
     self['host_offset'] = self['user_offset'] + len(self['user_name'])
     self['lanman_offset'] = self['host_offset'] + len(self['host_name'])
     self['ntlm_offset'] = self['lanman_offset'] + len(self['lanman'])
     self['session_key_offset'] = self['ntlm_offset'] + len(self['ntlm'])
     return Structure.getData(self)
コード例 #14
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
 def __init__(self,
              username='',
              password='',
              challenge='',
              lmhash='',
              nthash='',
              flags=0):
     Structure.__init__(self)
     self['session_key'] = ''
     self['user_name'] = username.encode('utf-16le')
     self['domain_name'] = ''  #"CLON".encode('utf-16le')
     self['host_name'] = ''  #"BETS".encode('utf-16le')
     self['flags'] = (  #authResp['flags']
         # we think (beto & gera) that his flags force a memory conten leakage when a windows 2000 answers using
         # uninitializaed verifiers
         NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH |
         # NTLMSSP_LM_KEY      |
         NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_UNICODE |
         # NTLMSSP_ALWAYS_SIGN |
         NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL |
         # NTLMSSP_TARGET      |
         0)
     # Here we do the stuff
     if username and (lmhash != '' or nthash != ''):
         self['lanman'] = get_ntlmv1_response(lmhash, challenge)
         self['ntlm'] = get_ntlmv1_response(nthash, challenge)
     elif username and password:
         lmhash = compute_lmhash(password)
         nthash = compute_nthash(password)
         self['lanman'] = get_ntlmv1_response(lmhash, challenge)
         self['ntlm'] = get_ntlmv1_response(
             nthash, challenge)  # This is not used for LM_KEY nor NTLM_KEY
     else:
         self['lanman'] = ''
         self['ntlm'] = ''
         if not self['host_name']:
             self['host_name'] = 'NULL'.encode(
                 'utf-16le')  # for NULL session there must be a hostname
コード例 #15
0
 def getData(self):
     if RECALC_ACE_SIZE or 'AceSize' not in self.fields:
         self['AceSize'] = len(
             self['Ace'].getData()) + 4  # Header size (4 bytes) is included
     if self['AceSize'] % 4 != 0:
         # Make sure the alignment is correct
         self['AceSize'] += self['AceSize'] % 4
     data = Structure.getData(self)
     # For some reason ACEs are sometimes longer than they need to be
     # we fill this space up with null bytes to make sure the object
     # we create is identical to the original object
     if len(data) < self['AceSize']:
         data += '\x00' * (self['AceSize'] - len(data))
     return data
コード例 #16
0
ファイル: ese.py プロジェクト: timmytr1ll/nebulousAD 
    def __init__(self, data):
        # Depending on the type of data we'll end up building a different struct
        dataType = unpack('<H', data[4:][:2])[0]
        self.structure = self.fixed

        if dataType == CATALOG_TYPE_TABLE:
            self.structure += self.other + self.table_stuff
        elif dataType == CATALOG_TYPE_COLUMN:
            self.structure += self.column_stuff
        elif dataType == CATALOG_TYPE_INDEX:
            self.structure += self.other + self.index_stuff
        elif dataType == CATALOG_TYPE_LONG_VALUE:
            self.structure += self.other + self.lv_stuff
        elif dataType == CATALOG_TYPE_CALLBACK:
            raise Exception('CallBack types not supported!')
        else:
            LOG.error('Unknown catalog type 0x%x' % dataType)
            self.structure = ()
            Structure.__init__(self, data)

        self.structure += self.common

        Structure.__init__(self, data)
コード例 #17
0
    def fromString(self, data):
        Structure.fromString(self, data)
        # All these fields are optional, if the offset is 0 they are empty
        # there are also flags indicating if they are present
        # TODO: parse those if it adds value
        if self['OffsetOwner'] != 0:
            self['OwnerSid'] = LDAP_SID(data=data[self['OffsetOwner']:])
        else:
            self['OwnerSid'] = ''

        if self['OffsetGroup'] != 0:
            self['GroupSid'] = LDAP_SID(data=data[self['OffsetGroup']:])
        else:
            self['GroupSid'] = ''

        if self['OffsetSacl'] != 0:
            self['Sacl'] = ACL(data=data[self['OffsetSacl']:])
        else:
            self['Sacl'] = ''

        if self['OffsetDacl'] != 0:
            self['Dacl'] = ACL(data=data[self['OffsetDacl']:])
        else:
            self['Sacl'] = ''
コード例 #18
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
 def getData(self):
     if len(self.fields['host_name']) > 0:
         self['flags'] |= NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
     if len(self.fields['domain_name']) > 0:
         self['flags'] |= NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
     if len(self.fields['os_version']) > 0:
         self['flags'] |= NTLMSSP_NEGOTIATE_VERSION
     if (self['flags']
             & NTLMSSP_NEGOTIATE_VERSION) == NTLMSSP_NEGOTIATE_VERSION:
         version_len = 8
     else:
         version_len = 0
     if (self['flags'] & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
         ) == NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED:
         self['host_offset'] = 32 + version_len
     if (self['flags'] & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
         ) == NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED:
         self['domain_offset'] = 32 + len(self['host_name']) + version_len
     return Structure.getData(self)
コード例 #19
0
 def fromString(self, data):
     # This will parse the header
     Structure.fromString(self, data)
     # Now we parse the ACE body according to its type
     self['TypeName'] = ACE_TYPE_MAP[self['AceType']].__name__
     self['Ace'] = ACE_TYPE_MAP[self['AceType']](data=self['Ace'])
コード例 #20
0
 def __init__(self, data=None, alignment=0):
     Structure.__init__(self, data, alignment)
     self.decryptedKey = None
コード例 #21
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
 def __init__(self, flags=0, **kargs):
     if flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
         self.structure = self.extendedMessageSignature
     else:
         self.structure = self.MessageSignature
     return Structure.__init__(self, **kargs)
コード例 #22
0
 def __init__(self, data=None, alignment=0):
     Structure.__init__(self, data, alignment)
     self['magic'] = 0x31484400
     self['bitlen'] = 1024
コード例 #23
0
 def fromString(self, data):
     Structure.fromString(self, data)
コード例 #24
0
ファイル: ese.py プロジェクト: timmytr1ll/nebulousAD 
 def __init__(self, flags, data=None):
     if flags & TAG_COMMON > 0:
         # Include the common header
         self.structure = self.common + self.structure
     Structure.__init__(self, data)
コード例 #25
0
 def fromString(self, data):
     Structure.fromString(self, data)
     if data is not None:
         bioKey = BCRYPT_KEY_DATA_BLOB_HEADER(
             unhexlify(self['BioKey'].decode('utf-16le')[:-1]))
         self['BioKey'] = bioKey
コード例 #26
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
 def getData(self):
     if self['TargetInfoFields'] is not None and type(
             self['TargetInfoFields']) is not str:
         raw_av_fields = self['TargetInfoFields'].getData()
         self['TargetInfoFields'] = raw_av_fields
     return Structure.getData(self)
コード例 #27
0
 def __init__(self, data=None, alignment=0):
     Structure.__init__(self, data, alignment)
     self['bType'] = TPUBLICKEYBLOB
     self['bVersion'] = CUR_BLOB_VERSION
     self['aiKeyAlg'] = CALG_DH_EPHEM
コード例 #28
0
ファイル: ntlm.py プロジェクト: timmytr1ll/nebulousAD 
 def fromString(self, data):
     Structure.fromString(self, data)
     self['domain_name'] = data[self['domain_offset']:][:self['domain_len']]
     self['TargetInfoFields'] = data[
         self['TargetInfoFields_offset']:][:self['TargetInfoFields_len']]
     return self
コード例 #29
0
 def __init__(self, data=None, alignment=0):
     Structure.__init__(self, data, alignment)
     self['publickeystruc'] = str(PUBLICKEYSTRUC())
     self['dhpubkey'] = str(DHPUBKEY())
コード例 #30
0
 def __init__(self, data = None):
     Structure.__init__(self,data)
     if data is None:
         self['AlignPad'] = ''