def __init__(self, reader): #IMPORTANT NOTICE, THE STRUCTURE STARTS BEFORE THE FLINK/BLINK POINTER, SO WE NEED TO READ BACKWARDS # reader.move(reader.tell() - 32) reader.align() #not sure if it's needed here # #input('KIWI_CREDMAN_LIST_ENTRY_60 \n%s' % hexdump(reader.peek(0x200), start = reader.tell())) # self.cbEncPassword = ULONG(reader).value reader.align() self.encPassword = PWSTR(reader) self.unk0 = ULONG(reader).value self.unk1 = ULONG(reader).value self.unk2 = PVOID(reader) self.unk3 = PVOID(reader) self.UserName = PWSTR(reader) self.cbUserName = ULONG(reader).value reader.align() self.Flink = PKIWI_CREDMAN_LIST_ENTRY_60 self.Blink = PKIWI_CREDMAN_LIST_ENTRY_60 self.type = LSA_UNICODE_STRING(reader) self.unk5 = PVOID(reader) self.server1 = LSA_UNICODE_STRING(reader) self.unk6 = PVOID(reader) self.unk7 = PVOID(reader) self.unk8 = PVOID(reader) self.unk9 = PVOID(reader) self.unk10 = PVOID(reader) self.user = LSA_UNICODE_STRING(reader) self.unk11 = ULONG(reader).value reader.align() self.server2 = LSA_UNICODE_STRING(reader)
def __init__(self, reader): self.Flink = PKIWI_MSV1_0_LIST_51(reader) self.Blink = PKIWI_MSV1_0_LIST_51(reader) self.LocallyUniqueIdentifier = LUID(reader).value self.UserName = LSA_UNICODE_STRING(reader) self.Domaine = LSA_UNICODE_STRING(reader) self.unk0 = PVOID(reader).value self.unk1 = PVOID(reader).value self.pSid = PSID(reader) self.LogonType = ULONG(reader).value self.Session = ULONG(reader).value reader.align(8) self.LogonTime = int.from_bytes(reader.read(8), byteorder='little', signed=False) #autoalign x86 reader.align() self.LogonServer = LSA_UNICODE_STRING(reader) self.Credentials_list_ptr = PKIWI_MSV1_0_CREDENTIAL_LIST(reader) self.unk19 = ULONG(reader).value reader.align() self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.unk23 = ULONG(reader).value reader.align() self.CredentialManager = PVOID(reader)
def __init__(self, reader): #IMPORTANT NOTICE, THE STRUCTURE STARTS BEFORE THE FLINK/BLINK POINTER, SO WE NEED TO READ BACKWARDS # reader.move(reader.tell() - 32) reader.align() #not sure if it's needed here # self.cbEncPassword = ULONG(reader).value reader.align() self.encPassword = PWSTR self.unk0 = ULONG(reader).value self.unk1 = ULONG(reader).value self.unk2 = PVOID(reader) self.unk3 = PVOID(reader) self.UserName = PWSTR(reader) self.cbUserName = ULONG(reader).value reader.align() self.Flink = PKIWI_CREDMAN_LIST_ENTRY_5 self.Blink = PKIWI_CREDMAN_LIST_ENTRY_5 self.server1 = LSA_UNICODE_STRING self.unk6 = PVOID(reader) self.unk7 = PVOID(reader) self.user = LSA_UNICODE_STRING(reader) self.unk8 = ULONG(reader).value reader.align() self.server2 = LSA_UNICODE_STRING
def __init__(self, reader): self.dwCspInfoLen = DWORD(reader).value self.ContextInformation = PVOID(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value self.bBuffer = WCHAR(reader).value
def __init__(self, reader): self.UsageCount = ULONG(reader).value self.unk0 = LIST_ENTRY(reader) self.unk1 = LIST_ENTRY(reader) self.unk2 = PVOID(reader).value self.unk3 = ULONG(reader).value # // filetime.1 ? self.unk4 = ULONG(reader).value #// filetime.2 ?(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.unk7 = PVOID(reader).value self.LocallyUniqueIdentifier = LUID(reader).value reader.align(8) #self.unkAlign = ULONG(reader).value #aliing on x86(reader).value self.unk8 = FILETIME(reader).value self.unk9 = PVOID(reader).value self.unk10 = ULONG(reader).value # // filetime.1 ?(reader).value self.unk11 = ULONG(reader).value # // filetime.2 ?(reader).value self.unk12 = PVOID(reader).value self.unk13 = PVOID(reader).value self.unk14 = PVOID(reader).value self.credentials = KIWI_GENERIC_PRIMARY_CREDENTIAL(reader) self.unk15 = ULONG(reader).value self.unk16 = ULONG(reader).value self.unk17 = ULONG(reader).value self.unk18 = ULONG(reader).value self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.pKeyList = PVOID(reader) self.unk24 = PVOID(reader).value self.Tickets_1 = LIST_ENTRY(reader) self.Tickets_2 = LIST_ENTRY(reader) self.Tickets_3 = LIST_ENTRY(reader) self.SmartcardInfos = PVOID(reader)
def __init__(self, reader, size): pos = reader.tell() #self.dwCspInfoLen = DWORD(reader).value self.ContextInformation = PVOID(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value diff = reader.tell() - pos data = reader.read(size - diff + 4) self.bBuffer = io.BytesIO(data)
def __init__(self, reader): self.Flink = PKIWI_MSV1_0_LIST_60(reader) self.Blink = PKIWI_MSV1_0_LIST_60(reader) reader.align() self.unk0 = PVOID(reader).value self.unk1 = ULONG(reader).value reader.align() self.unk2 = PVOID(reader).value self.unk3 = ULONG(reader).value self.unk4 = ULONG(reader).value self.unk5 = ULONG(reader).value reader.align() self.hSemaphore6 = HANDLE(reader).value reader.align() self.unk7 = PVOID(reader).value reader.align() self.hSemaphore8 = HANDLE(reader).value reader.align() self.unk9 = PVOID(reader).value reader.align() self.unk10 = PVOID(reader).value self.unk11 = ULONG(reader).value self.unk12 = ULONG(reader).value reader.align() self.unk13 = PVOID(reader).value reader.align() self.LocallyUniqueIdentifier = int.from_bytes(reader.read(8), byteorder='little', signed=False) self.SecondaryLocallyUniqueIdentifier = int.from_bytes( reader.read(8), byteorder='little', signed=False) reader.align() self.UserName = LSA_UNICODE_STRING(reader) self.Domaine = LSA_UNICODE_STRING(reader) self.unk14 = PVOID(reader).value self.unk15 = PVOID(reader).value self.pSid = PSID(reader) self.LogonType = ULONG(reader).value self.Session = ULONG(reader).value reader.align(8) self.LogonTime = int.from_bytes(reader.read(8), byteorder='little', signed=False) #autoalign x86 self.LogonServer = LSA_UNICODE_STRING(reader) self.Credentials_list_ptr = PKIWI_MSV1_0_CREDENTIAL_LIST(reader) self.unk19 = ULONG(reader).value reader.align() self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.unk23 = ULONG(reader).value reader.align() self.CredentialManager = PVOID(reader)
def __init__(self, reader): self.dwCspInfoLen = DWORD(reader).value self.MessageType = DWORD(reader).value self.ContextInformation = PVOID(reader).value #U self.SpaceHolderForWow64 = ULONG64(reader).value #U self.flags = DWORD(reader).value self.KeySpec = DWORD(reader).value self.nCardNameOffset = ULONG(reader).value self.nReaderNameOffset = ULONG(reader).value self.nContainerNameOffset = ULONG(reader).value self.nCSPNameOffset = ULONG(reader).value self.bBuffer[ANYSIZE_ARRAY] = WCHAR(reader).value
def __init__(self, reader): self.Flink = PKIWI_KERBEROS_INTERNAL_TICKET_60(reader) self.Blink = PKIWI_KERBEROS_INTERNAL_TICKET_60(reader) self.unk0 = PVOID(reader).value self.unk1 = PVOID(reader).value self.ServiceName = PKERB_EXTERNAL_NAME(reader) self.TargetName = PKERB_EXTERNAL_NAME(reader) self.DomainName = LSA_UNICODE_STRING(reader) self.TargetDomainName = LSA_UNICODE_STRING(reader) self.Description = LSA_UNICODE_STRING(reader) self.AltTargetDomainName = LSA_UNICODE_STRING(reader) #//LSA_UNICODE_STRING KDCServer = //?(reader).value self.ClientName = PKERB_EXTERNAL_NAME(reader) self.name0 = PVOID(reader).value self.TicketFlags = int.from_bytes(reader.read(4), byteorder = 'big', signed = False) self.unk2 = ULONG(reader).value self.KeyType = ULONG(reader).value self.Key = KIWI_KERBEROS_BUFFER(reader) self.unk3 = PVOID(reader).value self.unk4 = PVOID(reader).value self.unk5 = PVOID(reader).value self.StartTime = FILETIME(reader).value self.EndTime = FILETIME(reader).value self.RenewUntil = FILETIME(reader).value self.unk6 = ULONG(reader).value self.unk7 = ULONG(reader).value self.domain = PCWSTR(reader).value self.unk8 = ULONG(reader).value self.strangeNames = PVOID(reader).value self.unk9 = ULONG(reader).value self.TicketEncType = ULONG(reader).value self.TicketKvno = ULONG(reader).value self.Ticket = KIWI_KERBEROS_BUFFER(reader)
def __init__(self, reader, size): pos = reader.tell() #self.dwCspInfoLen = DWORD(reader).value self.MessageType = DWORD(reader).value self.ContextInformation = PVOID(reader).value #U self.SpaceHolderForWow64 = ULONG64(reader).value #U self.flags = DWORD(reader).value self.KeySpec = DWORD(reader).value self.nCardNameOffset = ULONG(reader).value * 2 self.nReaderNameOffset = ULONG(reader).value * 2 self.nContainerNameOffset = ULONG(reader).value * 2 self.nCSPNameOffset = ULONG(reader).value * 2 diff = reader.tell() - pos data = reader.read(size - diff + 4) self.bBuffer = io.BytesIO(data)
def __init__(self, reader): self.Flink = PKIWI_CREDMAN_SET_LIST_ENTRY(reader) self.Blink = PKIWI_CREDMAN_SET_LIST_ENTRY(reader) self.unk0 = ULONG(reader).value reader.align() self.list1 = PKIWI_CREDMAN_LIST_STARTER(reader) self.list2 = PKIWI_CREDMAN_LIST_STARTER(reader)
def __init__(self, reader): self.Flink = PWdigestListEntry(reader) self.Blink = PWdigestListEntry(reader) self.usage_count = ULONG(reader) reader.align() #8? self.this_entry = PWdigestListEntry(reader) self.luid = LUID(reader).value
def __init__(self, reader): self.Length = ULONG(reader).value reader.align() self.Value = PVOID(reader) ##not part of struct self.Data = None
def __init__(self, reader): self.unk1 = USHORT(reader).value self.unk2 = USHORT(reader).value self.unk_tag = reader.read(4) #0xcccccc self.unk_remaining_size = ULONG(reader).value #0x50 reader.read(40) self.LengthOfNtOwfPassword = ULONG(reader).value self.NtOwfPassword = reader.read(16) self.LengthOfShaOwfPassword = ULONG(reader).value self.ShaOwPassword = reader.read(20) self.LogonDomainName = None self.UserName = None self.LmOwfPassword = None self.isNtOwfPassword = None self.isLmOwfPassword = None self.isShaOwPassword = None
def __init__(self, reader): #input('aaaaaaaaa\n' + hexdump(reader.peek(0x300))) self.UsageCount = ULONG(reader).value reader.align() self.unk0 = LIST_ENTRY(reader) self.unk1 = PVOID(reader).value self.unk1b = ULONG(reader).value reader.align() self.unk2 = FILETIME(reader).value self.unk4 = PVOID(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.LocallyUniqueIdentifier = LUID(reader).value #input('LocallyUniqueIdentifier\n' + hex(self.LocallyUniqueIdentifier)) self.unk7 = FILETIME(reader).value self.unk8 = PVOID(reader).value self.unk8b = ULONG(reader).value reader.align() self.unk9 = FILETIME(reader).value self.unk11 = PVOID(reader).value self.unk12 = PVOID(reader).value self.unk13 = PVOID(reader).value self.unkAlign = ULONG(reader).value #input('credentials \n' + hexdump(reader.peek(0x200))) self.credentials = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL_1607(reader) self.unk14 = ULONG(reader).value self.unk15 = ULONG(reader).value self.unk16 = ULONG(reader).value self.unk17 = ULONG(reader).value self.unk18 = PVOID(reader).value self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.unk23 = PVOID(reader).value #self.unk24 = PVOID(reader).value #self.unk25 = PVOID(reader).value reader.align() self.pKeyList = PVOID(reader) self.unk26 = PVOID(reader).value #input('Tickets_1 \n' + hexdump(reader.peek(0x200))) self.Tickets_1 = LIST_ENTRY(reader) self.unk27 = FILETIME(reader).value self.Tickets_2 = LIST_ENTRY(reader) self.unk28 = FILETIME(reader).value self.Tickets_3 = LIST_ENTRY(reader) self.unk29 = FILETIME(reader).value self.SmartcardInfos = PVOID(reader)
def __init__(self, reader): #input('KIWI_KERBEROS_INTERNAL_TICKET_10_1607\n' + hexdump(reader.peek(0x300))) self.Flink = PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(reader) self.Blink = PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(reader) self.unk0 = PVOID(reader).value self.unk1 = PVOID(reader).value self.ServiceName = PKERB_EXTERNAL_NAME(reader) self.TargetName = PKERB_EXTERNAL_NAME(reader) self.DomainName = LSA_UNICODE_STRING(reader) self.TargetDomainName = LSA_UNICODE_STRING(reader) self.Description = LSA_UNICODE_STRING(reader) self.AltTargetDomainName = LSA_UNICODE_STRING(reader) self.KDCServer = LSA_UNICODE_STRING(reader) # //?(reader).value self.unk10586_d = LSA_UNICODE_STRING(reader) #//?(reader).value self.ClientName = PKERB_EXTERNAL_NAME(reader) self.name0 = PVOID(reader).value self.TicketFlags = int.from_bytes(reader.read(4), byteorder = 'big', signed = False) self.unk2 = ULONG(reader).value self.unk14393_0 = PVOID(reader).value self.KeyType = ULONG(reader).value reader.align() self.Key = KIWI_KERBEROS_BUFFER(reader) self.unk14393_1 = PVOID(reader).value self.unk3 = PVOID(reader).value # // ULONG KeyType2 = (reader).value self.unk4 = PVOID(reader).value # // KIWI_KERBEROS_BUFFER Key2 = (reader).value self.unk5 = PVOID(reader).value # // up(reader).value self.StartTime = FILETIME(reader).value self.EndTime = FILETIME(reader).value self.RenewUntil = FILETIME(reader).value self.unk6 = ULONG(reader).value self.unk7 = ULONG(reader).value self.domain = PCWSTR(reader).value self.unk8 = ULONG(reader).value reader.align() self.strangeNames = PVOID(reader).value self.unk9 = ULONG(reader).value self.TicketEncType = ULONG(reader).value self.TicketKvno = ULONG(reader).value reader.align() self.Ticket = KIWI_KERBEROS_BUFFER(reader)
def __init__(self, reader): self.UsageCount = ULONG(reader).value reader.align() self.unk0 = LIST_ENTRY(reader) self.unk1 = PVOID(reader).value self.unk1b = ULONG(reader).value reader.align() self.unk2 = FILETIME(reader).value self.unk4 = PVOID(reader).value self.unk5 = PVOID(reader).value self.unk6 = PVOID(reader).value self.LocallyUniqueIdentifier = LUID(reader).value self.unk7 = FILETIME(reader).value self.unk8 = PVOID(reader).value self.unk8b = ULONG(reader).value reader.align() self.unk9 = FILETIME(reader).value self.unk11 = PVOID(reader).value self.unk12 = PVOID(reader).value self.unk13 = PVOID(reader).value self.credentials = KIWI_KERBEROS_10_PRIMARY_CREDENTIAL(reader) self.unk14 = ULONG(reader).value self.unk15 = ULONG(reader).value self.unk16 = ULONG(reader).value self.unk17 = ULONG(reader).value #self.unk18 = PVOID(reader).value self.unk19 = PVOID(reader).value self.unk20 = PVOID(reader).value self.unk21 = PVOID(reader).value self.unk22 = PVOID(reader).value self.unk23 = PVOID(reader).value self.unk24 = PVOID(reader).value self.unk25 = PVOID(reader).value self.pKeyList = PVOID(reader) self.unk26 = PVOID(reader).value self.Tickets_1 = LIST_ENTRY(reader) self.unk27 = FILETIME(reader).value self.Tickets_2 = LIST_ENTRY(reader) self.unk28 = FILETIME(reader).value self.Tickets_3 = LIST_ENTRY(reader) self.unk29 = FILETIME(reader).value self.SmartcardInfos = PVOID(reader)
def __init__(self, reader): self.isSupp = ULONG(reader).value self.unk0 = ULONG(reader).value self.credentials = KIWI_GENERIC_PRIMARY_CREDENTIAL(reader)
def __init__(self, reader): self.unk0 = ULONG(reader) reader.align() self.start = PKIWI_CREDMAN_LIST_ENTRY(reader)