Exemplos de PUBLICKEYBLOB em Python

Exemplo n.º 1

Arquivo: mimikatz.py Projeto: zpaav/impacket

    def __init__(self, dce):
        cmd.Cmd.__init__(self)
        self.shell = None

        self.prompt = 'mimikatz # '
        self.tid = None
        self.intro = mimikatz_intro
        self.pwd = ''
        self.share = None
        self.loggedIn = True
        self.last_output = None

        self.dce = dce

        dh = mimilib.MimiDiffeH()
        blob = mimilib.PUBLICKEYBLOB()
        blob['y'] = dh.genPublicKey()[::-1]
        publicKey = mimilib.MIMI_PUBLICKEY()
        publicKey['sessionType'] = mimilib.CALG_RC4
        publicKey['cbPublicKey'] = 144
        publicKey['pbPublicKey'] = blob.getData()
        resp = mimilib.hMimiBind(self.dce, publicKey)
        blob = mimilib.PUBLICKEYBLOB(b''.join(resp['serverPublicKey']['pbPublicKey']))

        self.key = dh.getSharedSecret(blob['y'][::-1])[-16:][::-1]
        self.pHandle = resp['phMimi']

Exemplo n.º 2

    def connect(self):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
        rpctransport.set_connect_timeout(30000)
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        #if hasattr(rpctransport, 'set_credentials'):
        # This method exists only for selected protocol sequences.
        #    rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
        dce.connect()
        dce.bind(mimilib.MSRPC_UUID_MIMIKATZ, transfer_syntax=self.ts)
        dh = mimilib.MimiDiffeH()
        blob = mimilib.PUBLICKEYBLOB()
        blob['y'] = dh.genPublicKey()[::-1]
        request = mimilib.MimiBind()
        request['clientPublicKey']['sessionType'] = mimilib.CALG_RC4
        request['clientPublicKey']['cbPublicKey'] = 144
        request['clientPublicKey']['pbPublicKey'] = str(blob)
        resp = dce.request(request)
        blob = mimilib.PUBLICKEYBLOB(''.join(
            resp['serverPublicKey']['pbPublicKey']))
        key = dh.getSharedSecret(''.join(blob['y'])[::-1])
        pHandle = resp['phMimi']

        return dce, rpctransport, pHandle, key[-16:]

Exemplo n.º 3

    def __init__(self, dce):
        cmd.Cmd.__init__(self)
        self.shell = None

        self.prompt = 'mimikatz # '
        self.tid = None
        self.intro = '' \
                    '  .#####.   mimikatz RPC interface\n'\
                    ' .## ^ ##.  "A La Vie, A L\' Amour "\n'\
                    ' ## / \ ##  /* * *\n'\
                    ' ## \ / ##   Benjamin DELPY `gentilkiwi` ( [email protected] )\n'\
                    ' \'## v ##\'   http://blog.gentilkiwi.com/mimikatz             (oe.eo)\n'\
                    '  \'#####\'    Impacket client by Alberto Solino (@agsolino)    * * */\n\n'\
                    'Type help for list of commands'
        self.pwd = ''
        self.share = None
        self.loggedIn = True
        self.last_output = None

        self.dce = dce

        dh = mimilib.MimiDiffeH()
        blob = mimilib.PUBLICKEYBLOB()
        blob['y'] = dh.genPublicKey()[::-1]
        publicKey = mimilib.MIMI_PUBLICKEY()
        publicKey['sessionType'] = mimilib.CALG_RC4
        publicKey['cbPublicKey'] = 144
        publicKey['pbPublicKey'] = str(blob)
        resp = mimilib.hMimiBind(self.dce, publicKey)
        blob = mimilib.PUBLICKEYBLOB(''.join(
            resp['serverPublicKey']['pbPublicKey']))

        self.key = dh.getSharedSecret(''.join(blob['y'])[::-1])[-16:][::-1]
        self.pHandle = resp['phMimi']

Exemplo n.º 4

Arquivo: test_mimilib.py Projeto: zjx-ERROR/impacket

 def get_handle_key(self, dce):
     # Build handshake request
     dh, public_key = self.get_dh_public_key()
     resp = mimilib.hMimiBind(dce, public_key)
     # Get shared secret and obtain handle
     blob = mimilib.PUBLICKEYBLOB(b''.join(resp['serverPublicKey']['pbPublicKey']))
     key = dh.getSharedSecret(blob['y'][::-1])
     pHandle = resp['phMimi']
     return pHandle, key[-16:]

Exemplo n.º 5

Arquivo: test_mimilib.py Projeto: zjx-ERROR/impacket

 def get_dh_public_key(self):
     dh = mimilib.MimiDiffeH()
     blob = mimilib.PUBLICKEYBLOB()
     blob['y'] = dh.genPublicKey()[::-1]
     public_key = mimilib.MIMI_PUBLICKEY()
     public_key['sessionType'] = mimilib.CALG_RC4
     public_key['cbPublicKey'] = 144
     public_key['pbPublicKey'] = blob.getData()
     return dh, public_key

Exemplo n.º 6

Arquivo: mimikatz.py Projeto: kisbuddy/impacket

    def __init__(self, rpcTransport):
        cmd.Cmd.__init__(self)
        self.shell = None

        self.prompt = 'mimikatz # '
        self.rpc = rpcTransport
        self.username, self.password, self.domain, self.lmhash, self.nthash, self.aesKey, self.TGT, self.TGS = rpcTransport.get_credentials()
        self.tid = None
        self.intro = '' \
                    '  .#####.   mimikatz RPC interface\n'\
                    ' .## ^ ##.  "A La Vie, A L\' Amour "\n'\
                    ' ## / \ ##  /* * *\n'\
                    ' ## \ / ##   Benjamin DELPY `gentilkiwi` ( [email protected] )\n'\
                    ' \'## v ##\'   http://blog.gentilkiwi.com/mimikatz             (oe.eo)\n'\
                    '  \'#####\'    Impacket client by Alberto Solino (@agsolino)    * * */\n\n'\
                    'Type help for list of commands'
        self.pwd = ''
        self.share = None
        self.loggedIn = True
        self.last_output = None

        self.dce = rpcTransport.get_dce_rpc()
        self.dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
        self.dce.connect()
        self.dce.bind(mimilib.MSRPC_UUID_MIMIKATZ)

        dh = mimilib.MimiDiffeH()
        blob = mimilib.PUBLICKEYBLOB()
        blob['y'] = dh.genPublicKey()[::-1]
        publicKey = mimilib.MIMI_PUBLICKEY()
        publicKey['sessionType'] = mimilib.CALG_RC4
        publicKey['cbPublicKey'] = 144
        publicKey['pbPublicKey'] = str(blob)
        resp = mimilib.hMimiBind(self.dce, publicKey)
        blob = mimilib.PUBLICKEYBLOB(''.join(resp['serverPublicKey']['pbPublicKey']))

        self.key = dh.getSharedSecret(''.join(blob['y'])[::-1])[-16:][::-1]
        self.pHandle = resp['phMimi']

Exemplo n.º 7

    def test_MimiBind(self):
        dce, rpctransport, pHandle, key = self.connect()
        dh = mimilib.MimiDiffeH()
        print 'Our Public'
        print '=' * 80
        hexdump(dh.genPublicKey())

        blob = mimilib.PUBLICKEYBLOB()
        blob['y'] = dh.genPublicKey()[::-1]
        request = mimilib.MimiBind()
        request['clientPublicKey']['sessionType'] = mimilib.CALG_RC4
        request['clientPublicKey']['cbPublicKey'] = 144
        request['clientPublicKey']['pbPublicKey'] = str(blob)

        resp = dce.request(request)
        blob = mimilib.PUBLICKEYBLOB(''.join(
            resp['serverPublicKey']['pbPublicKey']))
        print '=' * 80
        print 'Server Public'
        hexdump(''.join(blob['y']))
        print '=' * 80
        print 'Shared'
        hexdump(dh.getSharedSecret(''.join(blob['y'])[::-1]))
        resp.dump()

Exemplo n.º 8

Arquivo: test_mimilib.py Projeto: zjx-ERROR/impacket

    def test_MimiBind(self):
        dce, rpc_transport = self.connect()
        dh, public_key = self.get_dh_public_key()

        request = mimilib.MimiBind()
        request['clientPublicKey'] = public_key
        # Send request and get response
        resp = dce.request(request)
        self.assertEqual(resp["ErrorCode"], 0)
        self.assertEqual(resp["serverPublicKey"]["sessionType"], mimilib.CALG_RC4)

        # Get shared secret and obtain handle
        blob = mimilib.PUBLICKEYBLOB(b''.join(resp['serverPublicKey']['pbPublicKey']))
        key = dh.getSharedSecret(blob['y'][::-1])
        pHandle = resp['phMimi']
        self.assertIsInstance(pHandle, bytes)
        self.assertIsInstance(key, bytes)

        dce.disconnect()
        rpc_transport.disconnect()