Exemplo n.º 1
0
    def construct_apreq_from_ticket(ticket_data,
                                    sessionkey,
                                    crealm,
                                    cname,
                                    flags=None,
                                    seq_number=0,
                                    ap_opts=[],
                                    cb_data=None):
        """
		ticket: bytes of Ticket
		"""
        now = datetime.datetime.now(datetime.timezone.utc)
        authenticator_data = {}
        authenticator_data['authenticator-vno'] = krb5_pvno
        authenticator_data['crealm'] = Realm(crealm)
        authenticator_data['cname'] = PrincipalName({
            'name-type':
            NAME_TYPE.PRINCIPAL.value,
            'name-string': [cname]
        })
        authenticator_data['cusec'] = now.microsecond
        authenticator_data['ctime'] = now.replace(microsecond=0)
        if flags is not None:
            ac = AuthenticatorChecksum()
            ac.flags = flags
            ac.channel_binding = cb_data
            if cb_data is None:
                ac.channel_binding = b'\x00' * 16

            chksum = {}
            chksum['cksumtype'] = 0x8003
            chksum['checksum'] = ac.to_bytes()

            authenticator_data['cksum'] = Checksum(chksum)
            authenticator_data['seq-number'] = seq_number

        cipher = _enctype_table[sessionkey.enctype]
        authenticator_data_enc = cipher.encrypt(
            sessionkey, 11,
            Authenticator(authenticator_data).dump(), None)

        ap_req = {}
        ap_req['pvno'] = krb5_pvno
        ap_req['msg-type'] = MESSAGE_TYPE.KRB_AP_REQ.value
        ap_req['ticket'] = Ticket.load(ticket_data)
        ap_req['ap-options'] = APOptions(set(ap_opts))
        ap_req['authenticator'] = EncryptedData({
            'etype':
            sessionkey.enctype,
            'cipher':
            authenticator_data_enc
        })

        return AP_REQ(ap_req).dump()
Exemplo n.º 2
0
    def get_hashes(self, all_hashes=False):
        """
		Returns a list of hashes in hashcat-firendly format for tickets with encryption type 23 (which is RC4)
		all_hashes: overrides the encryption type filtering and returns hash for all tickets

		"""
        hashes = []
        for cred in self.credentials:
            res = Ticket.load(cred.ticket.to_asn1()).native
            if int(res['enc-part']['etype']) == 23 or all_hashes == True:
                hashes.append(cred.to_hash())

        return hashes
Exemplo n.º 3
0
    def to_tgs(self):
        """
		Returns the native format of an AS_REP message and the sessionkey in EncryptionKey native format
		"""
        enc_part = EncryptedData({'etype': 1, 'cipher': b''})

        tgt_rep = {}
        tgt_rep['pvno'] = krb5_pvno
        tgt_rep['msg-type'] = MESSAGE_TYPE.KRB_AS_REP.value
        tgt_rep['crealm'] = self.server.realm.to_string()
        tgt_rep['cname'] = self.client.to_asn1()[0]
        tgt_rep['ticket'] = Ticket.load(self.ticket.to_asn1()).native
        tgt_rep['enc-part'] = enc_part.native

        t = EncryptionKey(self.key.to_asn1()).native

        return tgt_rep, t
Exemplo n.º 4
0
    def to_kirbi(self):
        filename = '%s@%s_%s' % (
            self.client.to_string(), self.server.to_string(),
            hashlib.sha1(self.ticket.to_asn1()).hexdigest()[:8])
        krbcredinfo = {}
        krbcredinfo['key'] = EncryptionKey(self.key.to_asn1())
        krbcredinfo['prealm'] = self.client.realm.to_string()
        krbcredinfo['pname'] = self.client.to_asn1()[0]
        krbcredinfo['flags'] = core.IntegerBitString(
            self.tktflags).cast(TicketFlags)
        if self.time.authtime != 0:  #this parameter is not mandatory, and most of the time not present
            krbcredinfo['authtime'] = datetime.datetime.fromtimestamp(
                self.time.authtime, datetime.timezone.utc)
        if self.time.starttime != 0:
            krbcredinfo['starttime'] = datetime.datetime.fromtimestamp(
                self.time.starttime, datetime.timezone.utc)
        if self.time.endtime != 0:
            krbcredinfo['endtime'] = datetime.datetime.fromtimestamp(
                self.time.endtime, datetime.timezone.utc)
        if self.time.renew_till != 0:  #this parameter is not mandatory, and sometimes it's not present
            krbcredinfo['renew-till'] = datetime.datetime.fromtimestamp(
                self.time.authtime, datetime.timezone.utc)
        krbcredinfo['srealm'] = self.server.realm.to_string()
        krbcredinfo['sname'] = self.server.to_asn1()[0]

        enc_krbcred = {}
        enc_krbcred['ticket-info'] = [KrbCredInfo(krbcredinfo)]

        krbcred = {}
        krbcred['pvno'] = krb5_pvno
        krbcred['msg-type'] = MESSAGE_TYPE.KRB_CRED.value
        krbcred['tickets'] = [Ticket.load(self.ticket.to_asn1())]
        krbcred['enc-part'] = EncryptedData({
            'etype':
            EncryptionType.NULL.value,
            'cipher':
            EncKrbCredPart(enc_krbcred).dump()
        })

        kirbi = KRBCRED(krbcred)
        return kirbi, filename
Exemplo n.º 5
0
 def to_hash(self):
     res = Ticket.load(self.ticket.to_asn1()).native
     tgs_encryption_type = int(res['enc-part']['etype'])
     t = len(res['sname']['name-string'])
     if t == 1:
         tgs_name_string = res['sname']['name-string'][0]
     else:
         tgs_name_string = res['sname']['name-string'][1]
     tgs_realm = res['realm']
     if tgs_encryption_type == EncryptionType.AES256_CTS_HMAC_SHA1_96.value:
         tgs_checksum = res['enc-part']['cipher'][-12:]
         tgs_encrypted_data2 = res['enc-part']['cipher'][:-12]
         return '$krb5tgs$%s$%s$%s$%s$%s' % (
             tgs_encryption_type, tgs_name_string, tgs_realm,
             tgs_checksum.hex(), tgs_encrypted_data2.hex())
     else:
         tgs_checksum = res['enc-part']['cipher'][:16]
         tgs_encrypted_data2 = res['enc-part']['cipher'][16:]
         return '$krb5tgs$%s$*%s$%s$spn*$%s$%s' % (
             tgs_encryption_type, tgs_name_string, tgs_realm,
             tgs_checksum.hex(), tgs_encrypted_data2.hex())