def decrypt_body(self, body):
try:
b_start = body.index("Content-Type: application/octet-stream") + \
len("Content-Type: application/octet-stream\r\n")
except ValueError:
# Unencrypted data, return body
return body
b_end = body.index("--Encrypted Boundary", b_start)
ebody = body[b_start:b_end]
ebody = base64.b64encode(ebody)
try:
rc = kerberos.authGSSClientUnwrapIov(self._context, ebody)
except kerberos.GSSError as e:
msg = e.args[1][0]
raise Exception(msg)
if rc is not kerberos.AUTH_GSS_COMPLETE:
log.debug("Unable to decrypt message body")
return
ewrap = kerberos.authGSSClientResponse(self._context)
body = base64.b64decode(ewrap)
return body
def decrypt_body(self, body):
try:
b_start = body.index("Content-Type: application/octet-stream") + \
len("Content-Type: application/octet-stream\r\n")
except ValueError:
# Unencrypted data, return body
return body
b_end = body.index("--Encrypted Boundary",b_start)
ebody = body[b_start:b_end]
ebody = base64.b64encode(ebody)
try:
rc = kerberos.authGSSClientUnwrapIov(self._context, ebody)
except kerberos.GSSError as e:
msg = e.args[1][0]
raise Exception(msg)
if rc is not kerberos.AUTH_GSS_COMPLETE:
log.debug("Unable to decrypt message body")
return
ewrap = kerberos.authGSSClientResponse(self._context)
body = base64.b64decode(ewrap)
return body
body = bytes(body.format(original_length=orig_len + pad_len, emsg=wrapped_req))
print_body = ''.join([i if isprint(i) else '.' for i in body])
print("Enumeration payload after encryption:\n{0}".format(print_body))
resp = s.request('POST', url, headers=k_headers, data=body)
if resp.status_code == httplib.FORBIDDEN:
logging.error("Forbidden: Check WinRM port and version")
elif resp.status_code == httplib.UNAUTHORIZED:
logging.error("Unauthorized: Check username and password")
elif resp.status_code == httplib.OK:
logging.debug("HTTP OK! Query Sent")
print("HTTP OK! Query Sent")
print_body = ''.join([i if isprint(i) else '.' for i in resp.content])
print("Response from server:\n{0}".format(print_body))
b_start = resp.content.index("Content-Type: application/octet-stream") + \
len("Content-Type: application/octet-stream\r\n")
b_end = resp.content.index("--Encrypted Boundary", b_start)
ebody = base64.b64encode(resp.content[b_start:b_end])
rc = kerberos.authGSSClientUnwrapIov(context, ebody)
if rc == kerberos.AUTH_GSS_COMPLETE:
body = base64.b64decode(kerberos.authGSSClientResponse(context))
body_xml = xml.dom.minidom.parseString(body)
pretty_xml_as_string = body_xml.toprettyxml(indent=" ")
print("{0}".format(pretty_xml_as_string))
else:
logging.debug("HTTP status: {0}, {1}".format(resp.status_code,
resp.content))
s.close()
kerberos.authGSSClientClean(context)
resp = s.request('POST', url, headers=k_headers,data=body)
if resp.status_code == httplib.FORBIDDEN:
logging.error(
"Forbidden: Check WinRM port and version")
elif resp.status_code == httplib.UNAUTHORIZED:
logging.error(
"Unauthorized: Check username and password")
elif resp.status_code == httplib.OK:
logging.debug("HTTP OK! Query Sent")
print("HTTP OK! Query Sent")
print_body = ''.join([i if isprint(i) else '.' for i in resp.content])
print("Response from server:\n{0}".format(print_body))
b_start = resp.content.index("Content-Type: application/octet-stream") + \
len("Content-Type: application/octet-stream\r\n")
b_end = resp.content.index("--Encrypted Boundary",b_start)
ebody = base64.b64encode(resp.content[b_start:b_end])
rc = kerberos.authGSSClientUnwrapIov(context, ebody)
if rc == kerberos.AUTH_GSS_COMPLETE:
body = base64.b64decode(kerberos.authGSSClientResponse(context))
body_xml = xml.dom.minidom.parseString(body)
pretty_xml_as_string = body_xml.toprettyxml(indent=" ")
print("{0}".format(pretty_xml_as_string))
else:
logging.debug("HTTP status: {0}, {1}".format(
resp.status_code,resp.content))
s.close()
kerberos.authGSSClientClean(context)
