def updateusernameinencpart(key, rawticket, username, debug=False, verbose=False): try: ramticket, extra = decoder.decode(rawticket) serverticket = ramticket.getComponentByPosition(2) localticket = ramticket.getComponentByPosition(3) encserverticket = serverticket.getComponentByPosition( 0).getComponentByPosition(3).getComponentByPosition(2).asOctets() except: raise ValueError('Unable to decode ticket. Invalid file.') if verbose: print 'Ticket succesfully decoded' decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket) a = decoder.decode(decserverticketraw)[0] a[3][1][0]._value = username e = encoder.encode(a) newencserverticket = kerberos.encrypt(key, 2, e, nonce) ramticket.getComponentByPosition(2).getComponentByPosition( 0).getComponentByPosition(3).getComponentByPosition( 2)._value = newencserverticket return ramticket
def updatepac(key, rawticket, pac, debug=False, verbose=False): # attempt decoding of ticket try: ramticket, extra = decoder.decode(rawticket) serverticket = ramticket.getComponentByPosition(2) localticket = ramticket.getComponentByPosition(3) encserverticket = serverticket.getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2).asOctets() except: raise ValueError('Unable to decode ticket. Invalid file.') if verbose: print('Ticket succesfully decoded') decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket) if decserverticketraw == None: raise ValueError('Unable to decrypt ticket. Invalid key.') elif verbose: print('Decryption successful') decserverticket, extra = decoder.decode(decserverticketraw) #for i in range(len(decserverticket[3])): # print '---%i---' % i # print decserverticket[3][i] # have two here because I was using one to verify that the rewrite matched # This stuff should be removed, if it is still here Tim forgot...again origdecserverticket, extra = decoder.decode(decserverticketraw) # change the validity times in the server ticket updatetimestampsserverticket(decserverticket, str(decserverticket[5]), str(decserverticket[6]), str(decserverticket[7]), str(decserverticket[8])) adifrelevant, extra = decoder.decode(decserverticket[9][0][1]) chksum = kerberos.chksum(key, '\x11\x00\x00\x00', pac) #print 'newchecksum: %s' % chksum.encode('hex') # repair server checksum newpac = pac[:-44] + chksum + pac[-28:] # rebuild AD-IF-RELEVANT #print adifrelevant #print dir(adifrelevant.getComponentByPosition(0).getComponentByPosition(1)) adifrelevant.getComponentByPosition(0).getComponentByPosition(1)._value = newpac #print adifrelevant decserverticket.getComponentByPosition(9).getComponentByPosition(0).getComponentByPosition(1)._value = encoder.encode(adifrelevant) # put the ticket back together again newencserverticket = kerberos.encrypt(key, 2, encoder.encode(decserverticket), nonce) ramticket.getComponentByPosition(2).getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2)._value = newencserverticket #print decserverticket return encoder.encode(ramticket)
def updatepac(key, rawticket, pac, debug=False, verbose=False): # attempt decoding of ticket try: ramticket, extra = decoder.decode(rawticket) serverticket = ramticket.getComponentByPosition(2) localticket = ramticket.getComponentByPosition(3) encserverticket = serverticket.getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2).asOctets() except: raise ValueError('Unable to decode ticket. Invalid file.') if verbose: print 'Ticket succesfully decoded' decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket) if decserverticketraw == None: raise ValueError('Unable to decrypt ticket. Invalid key.') elif verbose: print 'Decryption successful' decserverticket, extra = decoder.decode(decserverticketraw) #for i in range(len(decserverticket[3])): # print '---%i---' % i # print decserverticket[3][i] # have two here because I was using one to verify that the rewrite matched # This stuff should be removed, if it is still here Tim forgot...again origdecserverticket, extra = decoder.decode(decserverticketraw) # change the validity times in the server ticket updatetimestampsserverticket(decserverticket, str(decserverticket[5]), str(decserverticket[6]), str(decserverticket[7]), str(decserverticket[8])) adifrelevant, extra = decoder.decode(decserverticket[9][0][1]) chksum = kerberos.chksum(key, '\x11\x00\x00\x00', pac) #print 'newchecksum: %s' % chksum.encode('hex') # repair server checksum newpac = pac[:-44] + chksum + pac[-28:] # rebuild AD-IF-RELEVANT #print adifrelevant #print dir(adifrelevant.getComponentByPosition(0).getComponentByPosition(1)) adifrelevant.getComponentByPosition(0).getComponentByPosition(1)._value = newpac #print adifrelevant decserverticket.getComponentByPosition(9).getComponentByPosition(0).getComponentByPosition(1)._value = encoder.encode(adifrelevant) # put the ticket back together again newencserverticket = kerberos.encrypt(key, 2, encoder.encode(decserverticket), nonce) ramticket.getComponentByPosition(2).getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2)._value = newencserverticket #print decserverticket return encoder.encode(ramticket)
def updateusernameinencpart(key, rawticket, username, debug=False, verbose=False): try: ramticket, extra = decoder.decode(rawticket) serverticket = ramticket.getComponentByPosition(2) localticket = ramticket.getComponentByPosition(3) encserverticket = serverticket.getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2).asOctets() except: raise ValueError('Unable to decode ticket. Invalid file.') if verbose: print 'Ticket succesfully decoded' decserverticketraw, nonce = kerberos.decrypt(key, 2, encserverticket) a = decoder.decode(decserverticketraw)[0] a[3][1][0]._value = username e = encoder.encode(a) newencserverticket = kerberos.encrypt(key, 2, e, nonce) ramticket.getComponentByPosition(2).getComponentByPosition(0).getComponentByPosition(3).getComponentByPosition(2)._value = newencserverticket return ramticket