# Comparing python-minikerberos version 0.2.14-0kali1~jan+control4 (control) & python-minikerberos version 0.3.3-0kali1~jan+nur3 (fresh-releases) ## python3-minikerberos_0.3.3-0kali1_all.deb ### file list @@ -1,3 +1,3 @@ --rw-r--r-- 0 0 0 4 2022-01-18 10:14:09.000000 debian-binary --rw-r--r-- 0 0 0 2804 2022-01-18 10:14:09.000000 control.tar.xz --rw-r--r-- 0 0 0 80124 2022-01-18 10:14:09.000000 data.tar.xz +-rw-r--r-- 0 0 0 4 2022-11-11 00:12:59.000000 debian-binary +-rw-r--r-- 0 0 0 2696 2022-11-11 00:12:59.000000 control.tar.xz +-rw-r--r-- 0 0 0 83064 2022-11-11 00:12:59.000000 data.tar.xz ### control.tar.xz #### control.tar ##### file list @@ -1,5 +1,5 @@ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./ --rw-r--r-- 0 root (0) root (0) 514 2022-01-18 10:14:09.000000 ./control --rw-r--r-- 0 root (0) root (0) 7105 2022-01-18 10:14:09.000000 ./md5sums --rwxr-xr-x 0 root (0) root (0) 275 2022-01-18 10:14:09.000000 ./postinst --rwxr-xr-x 0 root (0) root (0) 388 2022-01-18 10:14:09.000000 ./prerm +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./ +-rw-r--r-- 0 root (0) root (0) 509 2022-11-11 00:12:59.000000 ./control +-rw-r--r-- 0 root (0) root (0) 6577 2022-11-11 00:12:59.000000 ./md5sums +-rwxr-xr-x 0 root (0) root (0) 275 2022-11-11 00:12:59.000000 ./postinst +-rwxr-xr-x 0 root (0) root (0) 388 2022-11-11 00:12:59.000000 ./prerm ##### ./control @@ -1,13 +1,13 @@ Package: python3-minikerberos Source: python-minikerberos -Version: 0.3.3-0kali1 +Version: 0.3.3-0kali1 Architecture: all Maintainer: Kali Developers -Installed-Size: 453 +Installed-Size: 512 Depends: python3-asn1crypto, python3-asysocks, python3-oscrypto, python3:any Section: python Priority: optional Homepage: https://github.com/skelsec/minikerberos Description: Kerberos manipulation library in pure Python (Python 3) This package contains Kerberos manipulation library. . ##### ./md5sums ###### line order @@ -1,76 +1,71 @@ usr/bin/ccache2kirbi usr/bin/ccacheedit usr/bin/ccacheroast +usr/bin/getNTPKInit usr/bin/getS4U2proxy +usr/bin/getS4U2self usr/bin/getTGS usr/bin/getTGT usr/bin/kirbi2ccache -usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/PKG-INFO -usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/dependency_links.txt -usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/entry_points.txt -usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/requires.txt -usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/top_level.txt -usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/zip-safe +usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/PKG-INFO +usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/dependency_links.txt +usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/entry_points.txt +usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/requires.txt +usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/top_level.txt +usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/zip-safe usr/lib/python3/dist-packages/minikerberos/__init__.py usr/lib/python3/dist-packages/minikerberos/_version.py usr/lib/python3/dist-packages/minikerberos/aioclient.py usr/lib/python3/dist-packages/minikerberos/client.py usr/lib/python3/dist-packages/minikerberos/common/__init__.py usr/lib/python3/dist-packages/minikerberos/common/ccache.py usr/lib/python3/dist-packages/minikerberos/common/constants.py usr/lib/python3/dist-packages/minikerberos/common/creds.py usr/lib/python3/dist-packages/minikerberos/common/keytab.py -usr/lib/python3/dist-packages/minikerberos/common/proxy.py usr/lib/python3/dist-packages/minikerberos/common/spn.py usr/lib/python3/dist-packages/minikerberos/common/target.py usr/lib/python3/dist-packages/minikerberos/common/url.py usr/lib/python3/dist-packages/minikerberos/common/utils.py usr/lib/python3/dist-packages/minikerberos/common/windows/__init__.py usr/lib/python3/dist-packages/minikerberos/common/windows/crypt32.py usr/lib/python3/dist-packages/minikerberos/common/windows/defines.py -usr/lib/python3/dist-packages/minikerberos/crypto/AES/AES.py -usr/lib/python3/dist-packages/minikerberos/crypto/AES/__init__.py -usr/lib/python3/dist-packages/minikerberos/crypto/AES/blockfeeder.py -usr/lib/python3/dist-packages/minikerberos/crypto/AES/util.py -usr/lib/python3/dist-packages/minikerberos/crypto/BASE.py -usr/lib/python3/dist-packages/minikerberos/crypto/DES/DES.py -usr/lib/python3/dist-packages/minikerberos/crypto/DES/__init__.py -usr/lib/python3/dist-packages/minikerberos/crypto/MD4.py -usr/lib/python3/dist-packages/minikerberos/crypto/PBKDF2/__init__.py -usr/lib/python3/dist-packages/minikerberos/crypto/PBKDF2/pbkdf2.py -usr/lib/python3/dist-packages/minikerberos/crypto/RC4.py -usr/lib/python3/dist-packages/minikerberos/crypto/RC4/RC4.py -usr/lib/python3/dist-packages/minikerberos/crypto/RC4/__init__.py -usr/lib/python3/dist-packages/minikerberos/crypto/__init__.py -usr/lib/python3/dist-packages/minikerberos/crypto/hashing.py usr/lib/python3/dist-packages/minikerberos/examples/__init__.py usr/lib/python3/dist-packages/minikerberos/examples/__main__.py usr/lib/python3/dist-packages/minikerberos/examples/ccache2kirbi.py usr/lib/python3/dist-packages/minikerberos/examples/ccache_editor.py usr/lib/python3/dist-packages/minikerberos/examples/ccacheroast.py +usr/lib/python3/dist-packages/minikerberos/examples/getNT.py +usr/lib/python3/dist-packages/minikerberos/examples/getNT_blocking.py usr/lib/python3/dist-packages/minikerberos/examples/getS4U2proxy.py +usr/lib/python3/dist-packages/minikerberos/examples/getS4U2self.py usr/lib/python3/dist-packages/minikerberos/examples/getTGS.py usr/lib/python3/dist-packages/minikerberos/examples/getTGT.py usr/lib/python3/dist-packages/minikerberos/examples/kirbi2ccache.py usr/lib/python3/dist-packages/minikerberos/gssapi/__init__.py usr/lib/python3/dist-packages/minikerberos/gssapi/channelbindings.py usr/lib/python3/dist-packages/minikerberos/gssapi/gssapi.py usr/lib/python3/dist-packages/minikerberos/network/__init__.py usr/lib/python3/dist-packages/minikerberos/network/aioclientsocket.py -usr/lib/python3/dist-packages/minikerberos/network/aioclientsockssocket.py -usr/lib/python3/dist-packages/minikerberos/network/aioclientwsnetsocket.py usr/lib/python3/dist-packages/minikerberos/network/clientsocket.py -usr/lib/python3/dist-packages/minikerberos/network/selector.py usr/lib/python3/dist-packages/minikerberos/pkinit.py usr/lib/python3/dist-packages/minikerberos/protocol/__init__.py usr/lib/python3/dist-packages/minikerberos/protocol/asn1_structs.py usr/lib/python3/dist-packages/minikerberos/protocol/constants.py +usr/lib/python3/dist-packages/minikerberos/protocol/dirtydh.py usr/lib/python3/dist-packages/minikerberos/protocol/encryption.py usr/lib/python3/dist-packages/minikerberos/protocol/errors.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/__init__.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/dtypes.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/enum.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/ndr.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/nrpc.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/pac.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/rpcrt.py +usr/lib/python3/dist-packages/minikerberos/protocol/external/structure.py usr/lib/python3/dist-packages/minikerberos/protocol/mskile.py usr/lib/python3/dist-packages/minikerberos/protocol/rfc4556.py usr/lib/python3/dist-packages/minikerberos/protocol/rfc_iakerb.py usr/lib/python3/dist-packages/minikerberos/protocol/structures.py usr/lib/python3/dist-packages/minikerberos/security.py usr/share/doc/python3-minikerberos/changelog.Debian.gz usr/share/doc/python3-minikerberos/copyright ### data.tar.xz #### data.tar ##### file list @@ -1,98 +1,89 @@ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/bin/ --rwxr-xr-x 0 root (0) root (0) 986 2022-01-18 10:14:09.000000 ./usr/bin/ccache2kirbi --rwxr-xr-x 0 root (0) root (0) 982 2022-01-18 10:14:09.000000 ./usr/bin/ccacheedit --rwxr-xr-x 0 root (0) root (0) 984 2022-01-18 10:14:09.000000 ./usr/bin/ccacheroast --rwxr-xr-x 0 root (0) root (0) 986 2022-01-18 10:14:09.000000 ./usr/bin/getS4U2proxy --rwxr-xr-x 0 root (0) root (0) 974 2022-01-18 10:14:09.000000 ./usr/bin/getTGS --rwxr-xr-x 0 root (0) root (0) 974 2022-01-18 10:14:09.000000 ./usr/bin/getTGT --rwxr-xr-x 0 root (0) root (0) 986 2022-01-18 10:14:09.000000 ./usr/bin/kirbi2ccache -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/ --rw-r--r-- 0 root (0) root (0) 271 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/__init__.py --rw-r--r-- 0 root (0) root (0) 136 2021-05-20 15:33:52.000000 ./usr/lib/python3/dist-packages/minikerberos/_version.py --rw-r--r-- 0 root (0) root (0) 25876 2021-04-16 23:38:27.000000 ./usr/lib/python3/dist-packages/minikerberos/aioclient.py --rw-r--r-- 0 root (0) root (0) 23141 2020-10-25 21:06:34.000000 ./usr/lib/python3/dist-packages/minikerberos/client.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/common/ --rw-r--r-- 0 root (0) root (0) 0 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/common/__init__.py --rw-r--r-- 0 root (0) root (0) 24010 2021-04-16 20:33:30.000000 ./usr/lib/python3/dist-packages/minikerberos/common/ccache.py --rw-r--r-- 0 root (0) root (0) 430 2021-04-16 22:05:12.000000 ./usr/lib/python3/dist-packages/minikerberos/common/constants.py --rw-r--r-- 0 root (0) root (0) 8443 2021-04-17 12:50:10.000000 ./usr/lib/python3/dist-packages/minikerberos/common/creds.py --rw-r--r-- 0 root (0) root (0) 6934 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/common/keytab.py --rw-r--r-- 0 root (0) root (0) 296 2021-01-07 22:38:42.000000 ./usr/lib/python3/dist-packages/minikerberos/common/proxy.py --rw-r--r-- 0 root (0) root (0) 1161 2020-10-21 09:38:05.000000 ./usr/lib/python3/dist-packages/minikerberos/common/spn.py --rw-r--r-- 0 root (0) root (0) 487 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/common/target.py --rw-r--r-- 0 root (0) root (0) 7246 2021-04-16 23:35:17.000000 ./usr/lib/python3/dist-packages/minikerberos/common/url.py --rw-r--r-- 0 root (0) root (0) 4070 2021-04-15 22:50:32.000000 ./usr/lib/python3/dist-packages/minikerberos/common/utils.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/ --rw-r--r-- 0 root (0) root (0) 0 2021-05-16 15:44:38.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/__init__.py --rw-r--r-- 0 root (0) root (0) 12500 2021-05-16 15:44:38.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/crypt32.py --rw-r--r-- 0 root (0) root (0) 23499 2021-05-16 15:44:38.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/defines.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/AES/ --rw-r--r-- 0 root (0) root (0) 58622 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/AES/AES.py --rw-r--r-- 0 root (0) root (0) 2160 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/AES/__init__.py --rw-r--r-- 0 root (0) root (0) 8190 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/AES/blockfeeder.py --rw-r--r-- 0 root (0) root (0) 2110 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/AES/util.py --rw-r--r-- 0 root (0) root (0) 1080 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/BASE.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/DES/ --rw-r--r-- 0 root (0) root (0) 27485 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/DES/DES.py --rw-r--r-- 0 root (0) root (0) 76 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/DES/__init__.py --rw-r--r-- 0 root (0) root (0) 4699 2021-01-15 21:39:02.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/MD4.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/PBKDF2/ --rw-r--r-- 0 root (0) root (0) 0 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/PBKDF2/__init__.py --rw-r--r-- 0 root (0) root (0) 1286 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/PBKDF2/pbkdf2.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/RC4/ --rw-r--r-- 0 root (0) root (0) 2144 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/RC4/RC4.py --rw-r--r-- 0 root (0) root (0) 18 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/RC4/__init__.py --rw-r--r-- 0 root (0) root (0) 1938 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/RC4.py --rw-r--r-- 0 root (0) root (0) 0 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/__init__.py --rw-r--r-- 0 root (0) root (0) 1388 2021-01-15 21:54:49.000000 ./usr/lib/python3/dist-packages/minikerberos/crypto/hashing.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ --rw-r--r-- 0 root (0) root (0) 0 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/__init__.py --rw-r--r-- 0 root (0) root (0) 1013 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/__main__.py --rw-r--r-- 0 root (0) root (0) 878 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ccache2kirbi.py --rw-r--r-- 0 root (0) root (0) 2545 2020-10-16 14:35:33.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ccache_editor.py --rw-r--r-- 0 root (0) root (0) 501 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ccacheroast.py --rw-r--r-- 0 root (0) root (0) 2447 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getS4U2proxy.py --rw-r--r-- 0 root (0) root (0) 2161 2021-04-16 23:42:14.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getTGS.py --rw-r--r-- 0 root (0) root (0) 1259 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getTGT.py --rw-r--r-- 0 root (0) root (0) 1068 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/kirbi2ccache.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/ --rw-r--r-- 0 root (0) root (0) 0 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/__init__.py --rw-r--r-- 0 root (0) root (0) 2971 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/channelbindings.py --rw-r--r-- 0 root (0) root (0) 12268 2021-05-14 20:29:47.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/gssapi.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/network/ --rw-r--r-- 0 root (0) root (0) 0 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/network/__init__.py --rw-r--r-- 0 root (0) root (0) 1766 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/network/aioclientsocket.py --rw-r--r-- 0 root (0) root (0) 1956 2021-02-01 23:46:02.000000 ./usr/lib/python3/dist-packages/minikerberos/network/aioclientsockssocket.py --rw-r--r-- 0 root (0) root (0) 1915 2021-01-07 22:57:19.000000 ./usr/lib/python3/dist-packages/minikerberos/network/aioclientwsnetsocket.py --rw-r--r-- 0 root (0) root (0) 2835 2020-06-10 19:17:18.000000 ./usr/lib/python3/dist-packages/minikerberos/network/clientsocket.py --rw-r--r-- 0 root (0) root (0) 627 2021-02-01 23:45:14.000000 ./usr/lib/python3/dist-packages/minikerberos/network/selector.py --rw-r--r-- 0 root (0) root (0) 15166 2021-05-20 15:33:27.000000 ./usr/lib/python3/dist-packages/minikerberos/pkinit.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/ --rw-r--r-- 0 root (0) root (0) 0 2020-06-10 19:16:31.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/__init__.py --rw-r--r-- 0 root (0) root (0) 29446 2021-03-27 12:45:05.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/asn1_structs.py --rw-r--r-- 0 root (0) root (0) 5427 2021-05-13 20:37:41.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/constants.py --rw-r--r-- 0 root (0) root (0) 28570 2021-01-15 21:41:54.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/encryption.py --rw-r--r-- 0 root (0) root (0) 9499 2021-05-13 20:39:09.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/errors.py --rw-r--r-- 0 root (0) root (0) 2851 2021-05-14 21:44:26.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/mskile.py --rw-r--r-- 0 root (0) root (0) 4367 2021-05-14 21:38:22.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/rfc4556.py --rw-r--r-- 0 root (0) root (0) 938 2021-05-14 21:43:08.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/rfc_iakerb.py --rw-r--r-- 0 root (0) root (0) 2668 2020-12-08 20:31:49.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/structures.py --rw-r--r-- 0 root (0) root (0) 5401 2021-01-07 22:53:03.000000 ./usr/lib/python3/dist-packages/minikerberos/security.py -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/ --rw-r--r-- 0 root (0) root (0) 404 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/PKG-INFO --rw-r--r-- 0 root (0) root (0) 1 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/dependency_links.txt --rw-r--r-- 0 root (0) root (0) 376 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/entry_points.txt --rw-r--r-- 0 root (0) root (0) 17 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/requires.txt --rw-r--r-- 0 root (0) root (0) 13 2022-01-18 10:14:09.000000 ./usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/top_level.txt --rw-r--r-- 0 root (0) root (0) 1 2021-05-20 15:34:13.000000 ./usr/lib/python3/dist-packages/minikerberos-0.2.14.egg-info/zip-safe -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/share/ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/share/doc/ -drwxr-xr-x 0 root (0) root (0) 0 2022-01-18 10:14:09.000000 ./usr/share/doc/python3-minikerberos/ --rw-r--r-- 0 root (0) root (0) 474 2022-01-18 10:14:09.000000 ./usr/share/doc/python3-minikerberos/changelog.Debian.gz --rw-r--r-- 0 root (0) root (0) 5139 2022-01-18 10:14:09.000000 ./usr/share/doc/python3-minikerberos/copyright +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./ +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/ +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/bin/ +-rwxr-xr-x 0 root (0) root (0) 983 2022-11-11 00:12:59.000000 ./usr/bin/ccache2kirbi +-rwxr-xr-x 0 root (0) root (0) 979 2022-11-11 00:12:59.000000 ./usr/bin/ccacheedit +-rwxr-xr-x 0 root (0) root (0) 981 2022-11-11 00:12:59.000000 ./usr/bin/ccacheroast +-rwxr-xr-x 0 root (0) root (0) 981 2022-11-11 00:12:59.000000 ./usr/bin/getNTPKInit +-rwxr-xr-x 0 root (0) root (0) 983 2022-11-11 00:12:59.000000 ./usr/bin/getS4U2proxy +-rwxr-xr-x 0 root (0) root (0) 981 2022-11-11 00:12:59.000000 ./usr/bin/getS4U2self +-rwxr-xr-x 0 root (0) root (0) 971 2022-11-11 00:12:59.000000 ./usr/bin/getTGS +-rwxr-xr-x 0 root (0) root (0) 971 2022-11-11 00:12:59.000000 ./usr/bin/getTGT +-rwxr-xr-x 0 root (0) root (0) 983 2022-11-11 00:12:59.000000 ./usr/bin/kirbi2ccache +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/ +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/ +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/ +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/ +-rw-r--r-- 0 root (0) root (0) 271 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/__init__.py +-rw-r--r-- 0 root (0) root (0) 135 2022-10-05 19:13:49.000000 ./usr/lib/python3/dist-packages/minikerberos/_version.py +-rw-r--r-- 0 root (0) root (0) 37554 2022-10-05 19:11:00.000000 ./usr/lib/python3/dist-packages/minikerberos/aioclient.py +-rw-r--r-- 0 root (0) root (0) 34727 2022-10-05 19:13:41.000000 ./usr/lib/python3/dist-packages/minikerberos/client.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/common/ +-rw-r--r-- 0 root (0) root (0) 0 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/common/__init__.py +-rw-r--r-- 0 root (0) root (0) 24308 2022-03-11 22:51:30.000000 ./usr/lib/python3/dist-packages/minikerberos/common/ccache.py +-rw-r--r-- 0 root (0) root (0) 398 2022-08-31 18:53:36.000000 ./usr/lib/python3/dist-packages/minikerberos/common/constants.py +-rw-r--r-- 0 root (0) root (0) 18363 2022-09-20 22:00:48.000000 ./usr/lib/python3/dist-packages/minikerberos/common/creds.py +-rw-r--r-- 0 root (0) root (0) 7318 2022-03-21 21:15:30.000000 ./usr/lib/python3/dist-packages/minikerberos/common/keytab.py +-rw-r--r-- 0 root (0) root (0) 1161 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/common/spn.py +-rw-r--r-- 0 root (0) root (0) 562 2022-08-31 18:51:01.000000 ./usr/lib/python3/dist-packages/minikerberos/common/target.py +-rw-r--r-- 0 root (0) root (0) 8104 2022-08-31 19:31:58.000000 ./usr/lib/python3/dist-packages/minikerberos/common/url.py +-rw-r--r-- 0 root (0) root (0) 4070 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/common/utils.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/ +-rw-r--r-- 0 root (0) root (0) 0 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/__init__.py +-rw-r--r-- 0 root (0) root (0) 12518 2022-01-10 20:26:35.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/crypt32.py +-rw-r--r-- 0 root (0) root (0) 23499 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/common/windows/defines.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ +-rw-r--r-- 0 root (0) root (0) 0 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/__init__.py +-rw-r--r-- 0 root (0) root (0) 1013 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/__main__.py +-rw-r--r-- 0 root (0) root (0) 878 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ccache2kirbi.py +-rw-r--r-- 0 root (0) root (0) 2545 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ccache_editor.py +-rw-r--r-- 0 root (0) root (0) 501 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/ccacheroast.py +-rw-r--r-- 0 root (0) root (0) 1365 2022-08-31 18:57:47.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getNT.py +-rw-r--r-- 0 root (0) root (0) 1247 2022-08-31 18:46:01.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getNT_blocking.py +-rw-r--r-- 0 root (0) root (0) 2447 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getS4U2proxy.py +-rw-r--r-- 0 root (0) root (0) 2464 2022-01-10 20:26:35.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getS4U2self.py +-rw-r--r-- 0 root (0) root (0) 2161 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getTGS.py +-rw-r--r-- 0 root (0) root (0) 1259 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/getTGT.py +-rw-r--r-- 0 root (0) root (0) 1068 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/examples/kirbi2ccache.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/ +-rw-r--r-- 0 root (0) root (0) 0 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/__init__.py +-rw-r--r-- 0 root (0) root (0) 2971 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/channelbindings.py +-rw-r--r-- 0 root (0) root (0) 12525 2022-03-11 22:25:14.000000 ./usr/lib/python3/dist-packages/minikerberos/gssapi/gssapi.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/network/ +-rw-r--r-- 0 root (0) root (0) 0 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/network/__init__.py +-rw-r--r-- 0 root (0) root (0) 1907 2022-08-29 22:11:26.000000 ./usr/lib/python3/dist-packages/minikerberos/network/aioclientsocket.py +-rw-r--r-- 0 root (0) root (0) 2779 2022-08-31 18:53:09.000000 ./usr/lib/python3/dist-packages/minikerberos/network/clientsocket.py +-rw-r--r-- 0 root (0) root (0) 15425 2022-08-30 10:32:32.000000 ./usr/lib/python3/dist-packages/minikerberos/pkinit.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/ +-rw-r--r-- 0 root (0) root (0) 0 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/__init__.py +-rw-r--r-- 0 root (0) root (0) 29446 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/asn1_structs.py +-rw-r--r-- 0 root (0) root (0) 5427 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/constants.py +-rw-r--r-- 0 root (0) root (0) 940 2022-01-10 20:26:35.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/dirtydh.py +-rw-r--r-- 0 root (0) root (0) 28692 2022-03-21 20:43:04.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/encryption.py +-rw-r--r-- 0 root (0) root (0) 9504 2022-02-28 18:33:26.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/errors.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/ +-rw-r--r-- 0 root (0) root (0) 0 2022-08-31 09:06:42.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/__init__.py +-rw-r--r-- 0 root (0) root (0) 13476 2022-08-31 09:23:05.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/dtypes.py +-rw-r--r-- 0 root (0) root (0) 28211 2022-08-31 09:22:29.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/enum.py +-rw-r--r-- 0 root (0) root (0) 65750 2022-08-31 09:22:46.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/ndr.py +-rw-r--r-- 0 root (0) root (0) 1821 2022-08-31 09:24:43.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/nrpc.py +-rw-r--r-- 0 root (0) root (0) 7075 2022-08-31 09:23:34.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/pac.py +-rw-r--r-- 0 root (0) root (0) 1345 2022-08-31 09:17:09.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/rpcrt.py +-rw-r--r-- 0 root (0) root (0) 22940 2022-08-31 09:07:50.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/external/structure.py +-rw-r--r-- 0 root (0) root (0) 2862 2022-01-10 20:26:35.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/mskile.py +-rw-r--r-- 0 root (0) root (0) 4367 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/rfc4556.py +-rw-r--r-- 0 root (0) root (0) 938 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/rfc_iakerb.py +-rw-r--r-- 0 root (0) root (0) 2668 2021-10-28 20:00:03.000000 ./usr/lib/python3/dist-packages/minikerberos/protocol/structures.py +-rw-r--r-- 0 root (0) root (0) 5390 2022-08-29 22:11:26.000000 ./usr/lib/python3/dist-packages/minikerberos/security.py +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/ +-rw-r--r-- 0 root (0) root (0) 403 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/PKG-INFO +-rw-r--r-- 0 root (0) root (0) 1 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/dependency_links.txt +-rw-r--r-- 0 root (0) root (0) 476 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/entry_points.txt +-rw-r--r-- 0 root (0) root (0) 33 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/requires.txt +-rw-r--r-- 0 root (0) root (0) 13 2022-11-11 00:12:59.000000 ./usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/top_level.txt +-rw-r--r-- 0 root (0) root (0) 1 2022-10-05 19:14:57.000000 ./usr/lib/python3/dist-packages/minikerberos-0.3.3.egg-info/zip-safe +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/share/ +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/share/doc/ +drwxr-xr-x 0 root (0) root (0) 0 2022-11-11 00:12:59.000000 ./usr/share/doc/python3-minikerberos/ +-rw-r--r-- 0 root (0) root (0) 493 2022-11-11 00:12:59.000000 ./usr/share/doc/python3-minikerberos/changelog.Debian.gz +-rw-r--r-- 0 root (0) root (0) 5139 2022-11-11 00:12:59.000000 ./usr/share/doc/python3-minikerberos/copyright ##### ./usr/bin/ccache2kirbi @@ -26,8 +26,8 @@ globals().setdefault('load_entry_point', importlib_load_entry_point) if __name__ == '__main__': sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) - sys.exit(load_entry_point('minikerberos==0.2.14', 'console_scripts', 'ccache2kirbi')()) + sys.exit(load_entry_point('minikerberos==0.3.3', 'console_scripts', 'ccache2kirbi')()) ##### ./usr/bin/ccacheedit @@ -26,8 +26,8 @@ globals().setdefault('load_entry_point', importlib_load_entry_point) if __name__ == '__main__': sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) - sys.exit(load_entry_point('minikerberos==0.2.14', 'console_scripts', 'ccacheedit')()) + sys.exit(load_entry_point('minikerberos==0.3.3', 'console_scripts', 'ccacheedit')()) ##### ./usr/bin/ccacheroast @@ -26,8 +26,8 @@ globals().setdefault('load_entry_point', importlib_load_entry_point) if __name__ == '__main__': sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) - sys.exit(load_entry_point('minikerberos==0.2.14', 'console_scripts', 'ccacheroast')()) + sys.exit(load_entry_point('minikerberos==0.3.3', 'console_scripts', 'ccacheroast')()) ##### ./usr/bin/getS4U2proxy @@ -26,8 +26,8 @@ globals().setdefault('load_entry_point', importlib_load_entry_point) if __name__ == '__main__': sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) - sys.exit(load_entry_point('minikerberos==0.2.14', 'console_scripts', 'getS4U2proxy')()) + sys.exit(load_entry_point('minikerberos==0.3.3', 'console_scripts', 'getS4U2proxy')()) ##### ./usr/bin/getTGS @@ -26,8 +26,8 @@ globals().setdefault('load_entry_point', importlib_load_entry_point) if __name__ == '__main__': sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) - sys.exit(load_entry_point('minikerberos==0.2.14', 'console_scripts', 'getTGS')()) + sys.exit(load_entry_point('minikerberos==0.3.3', 'console_scripts', 'getTGS')()) ##### ./usr/bin/getTGT @@ -26,8 +26,8 @@ globals().setdefault('load_entry_point', importlib_load_entry_point) if __name__ == '__main__': sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) - sys.exit(load_entry_point('minikerberos==0.2.14', 'console_scripts', 'getTGT')()) + sys.exit(load_entry_point('minikerberos==0.3.3', 'console_scripts', 'getTGT')()) ##### ./usr/bin/kirbi2ccache @@ -26,8 +26,8 @@ globals().setdefault('load_entry_point', importlib_load_entry_point) if __name__ == '__main__': sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) - sys.exit(load_entry_point('minikerberos==0.2.14', 'console_scripts', 'kirbi2ccache')()) + sys.exit(load_entry_point('minikerberos==0.3.3', 'console_scripts', 'kirbi2ccache')()) ##### ./usr/lib/python3/dist-packages/minikerberos/_version.py @@ -1,7 +1,7 @@ -__version__ = "0.2.14" +__version__ = "0.3.3" __banner__ = \ """ # minikerberos %s # Author: Tamas Jos @skelsec (skelsecprojects@gmail.com) """ % __version__ ##### ./usr/lib/python3/dist-packages/minikerberos/aioclient.py @@ -606,7 +801,106 @@ ap_req['authenticator'] = EncryptedData({'etype': sessionkey.enctype, 'cipher': authenticator_data_enc}) return AP_REQ(ap_req).dump() async def getST(self, target_user, service_spn): tgs, encTGSRepPart, key = await self.S4U2self(target_user) return await self.S4U2proxy(tgs['ticket'], service_spn) + + + def decrypt_asrep_cert(self, as_rep): + + def truncate_key(value, keysize): + output = b'' + currentNum = 0 + while len(output) < keysize: + currentDigest = hashlib.sha1(bytes([currentNum]) + value).digest() + if len(output) + len(currentDigest) > keysize: + output += currentDigest[:keysize - len(output)] + break + output += currentDigest + currentNum += 1 + + return output + + for pa in as_rep['padata']: + if pa['padata-type'] == 17: + pkasrep = PA_PK_AS_REP.load(pa['padata-value']).native + break + else: + raise Exception('PA_PK_AS_REP not found!') + + try: + sd = cms.SignedData.load(pkasrep['dhSignedData']).native + except: + sd = cms.SignedData.load(pkasrep['dhSignedData'][19:]).native # !!!!!!!!!!!!! TODO: CHECKTHIS!!! Sometimes there is an OID before the struct?! + + keyinfo = sd['encap_content_info'] + if keyinfo['content_type'] != '1.3.6.1.5.2.3.2': + raise Exception('Keyinfo content type unexpected value') + authdata = KDCDHKeyInfo.load(keyinfo['content']).native + pubkey = int(''.join(['1'] + [str(x) for x in authdata['subjectPublicKey']]), 2) + + pubkey = int.from_bytes(core.BitString(authdata['subjectPublicKey']).dump()[7:], 'big', signed = False) # !!!!!!!!!!!!! TODO: CHECKTHIS!!! + shared_key = self.usercreds.dhparams.exchange(pubkey) + + server_nonce = pkasrep['serverDHNonce'] + fullKey = shared_key + self.usercreds.dhparams.dh_nonce + server_nonce + + etype = as_rep['enc-part']['etype'] + cipher = _enctype_table[etype] + if etype == Enctype.AES256: + self.pkinit_tkey = truncate_key(fullKey, 32) + elif etype == Enctype.AES128: + self.pkinit_tkey = truncate_key(fullKey, 16) + elif etype == Enctype.RC4: + raise NotImplementedError('RC4 key truncation documentation missing. it is different from AES') + #self.pkinit_tkey = truncate_key(fullKey, 16) + + + key = Key(cipher.enctype, self.pkinit_tkey) + enc_data = as_rep['enc-part']['cipher'] + dec_data = cipher.decrypt(key, 3, enc_data) + encasrep = EncASRepPart.load(dec_data).native + cipher = _enctype_table[ int(encasrep['key']['keytype'])] + session_key = Key(cipher.enctype, encasrep['key']['keyvalue']) + return encasrep, session_key, cipher + + + def get_NT_from_PAC(self, decticket:EncTicketPart, truncated_keydata=None): + from minikerberos.protocol.external.rpcrt import TypeSerialization1 + from minikerberos.protocol.external.pac import PACTYPE, PAC_INFO_BUFFER, \ + PAC_CREDENTIAL_INFO, PAC_CREDENTIAL_DATA, NTLM_SUPPLEMENTAL_CREDENTIAL + + + adIfRelevant = AD_IF_RELEVANT.load(decticket['authorization-data'][0]['ad-data']) + if truncated_keydata is None: + truncated_keydata = self.pkinit_tkey + if truncated_keydata is None: + raise Exception("Missing tkey! Is this a PKINIT session?") + key = Key(18, truncated_keydata) + pacType = PACTYPE(adIfRelevant.native[0]['ad-data']) + buff = pacType['Buffers'] + creds = [] + for bufferN in range(pacType['cBuffers']): + infoBuffer = PAC_INFO_BUFFER(buff) + data = pacType['Buffers'][infoBuffer['Offset']-8:][:infoBuffer['cbBufferSize']] + logger.debug("TYPE 0x%x" % infoBuffer['ulType']) + if infoBuffer['ulType'] == 2: + credinfo = PAC_CREDENTIAL_INFO(data) + newCipher = _enctype_table[credinfo['EncryptionType']] + + out = newCipher.decrypt(key, 16, credinfo['SerializedData']) + type1 = TypeSerialization1(out) + # I'm skipping here 4 bytes with its the ReferentID for the pointer + newdata = out[len(type1)+4:] + pcc = PAC_CREDENTIAL_DATA(newdata) + for cred in pcc['Credentials']: + credstruct = NTLM_SUPPLEMENTAL_CREDENTIAL(b''.join(cred['Credentials'])) + if credstruct['NtPassword'] != b'\x00'*16: + creds.append(('NT', credstruct['NtPassword'].hex())) + if credstruct['LmPassword'] != b'\x00'*16: + creds.append(('LM', credstruct['LmPassword'].hex())) + + buff = buff[len(infoBuffer):] + + return creds ##### ./usr/lib/python3/dist-packages/minikerberos/client.py @@ -534,7 +658,175 @@ return AP_REQ(ap_req).dump() def getST(self, target_user, service_spn): tgs, encTGSRepPart, key = self.S4U2self(target_user) return self.S4U2proxy(tgs['ticket'], service_spn) + + def decrypt_asrep_cert(self, as_rep): + + def truncate_key(value, keysize): + output = b'' + currentNum = 0 + while len(output) < keysize: + currentDigest = hashlib.sha1(bytes([currentNum]) + value).digest() + if len(output) + len(currentDigest) > keysize: + output += currentDigest[:keysize - len(output)] + break + output += currentDigest + currentNum += 1 + + return output + + for pa in as_rep['padata']: + if pa['padata-type'] == 17: + pkasrep = PA_PK_AS_REP.load(pa['padata-value']).native + break + else: + raise Exception('PA_PK_AS_REP not found!') + + try: + sd = cms.SignedData.load(pkasrep['dhSignedData']).native + except: + sd = cms.SignedData.load(pkasrep['dhSignedData'][19:]).native # !!!!!!!!!!!!! TODO: CHECKTHIS!!! Sometimes there is an OID before the struct?! + + keyinfo = sd['encap_content_info'] + if keyinfo['content_type'] != '1.3.6.1.5.2.3.2': + raise Exception('Keyinfo content type unexpected value') + authdata = KDCDHKeyInfo.load(keyinfo['content']).native + pubkey = int(''.join(['1'] + [str(x) for x in authdata['subjectPublicKey']]), 2) + + pubkey = int.from_bytes(core.BitString(authdata['subjectPublicKey']).dump()[7:], 'big', signed = False) # !!!!!!!!!!!!! TODO: CHECKTHIS!!! + shared_key = self.usercreds.dhparams.exchange(pubkey) + + server_nonce = pkasrep['serverDHNonce'] + fullKey = shared_key + self.usercreds.dhparams.dh_nonce + server_nonce + + etype = as_rep['enc-part']['etype'] + cipher = _enctype_table[etype] + if etype == Enctype.AES256: + self.pkinit_tkey = truncate_key(fullKey, 32) + elif etype == Enctype.AES128: + self.pkinit_tkey = truncate_key(fullKey, 16) + elif etype == Enctype.RC4: + raise NotImplementedError('RC4 key truncation documentation missing. it is different from AES') + #self.pkinit_tkey = truncate_key(fullKey, 16) + + + key = Key(cipher.enctype, self.pkinit_tkey) + enc_data = as_rep['enc-part']['cipher'] + dec_data = cipher.decrypt(key, 3, enc_data) + encasrep = EncASRepPart.load(dec_data).native + cipher = _enctype_table[ int(encasrep['key']['keytype'])] + session_key = Key(cipher.enctype, encasrep['key']['keyvalue']) + return encasrep, session_key, cipher + + def U2U(self, kdcopts = ['forwardable','renewable','canonicalize', 'enc-tkt-in-skey']): + if not self.kerberos_TGT: + logger.debug('[U2U] TGT is not available! Fetching TGT...') + self.get_TGT() + + now = datetime.datetime.now(datetime.timezone.utc) + authenticator_data = {} + authenticator_data['authenticator-vno'] = krb5_pvno + authenticator_data['crealm'] = Realm(self.kerberos_TGT['crealm']) + authenticator_data['cname'] = self.kerberos_TGT['cname'] + authenticator_data['cusec'] = now.microsecond + authenticator_data['ctime'] = now.replace(microsecond=0) + + + authenticator_data_enc = self.kerberos_cipher.encrypt(self.kerberos_session_key, 7, Authenticator(authenticator_data).dump(), None) + + ap_req = {} + ap_req['pvno'] = krb5_pvno + ap_req['msg-type'] = MESSAGE_TYPE.KRB_AP_REQ.value + ap_req['ap-options'] = APOptions(set()) + ap_req['ticket'] = Ticket(self.kerberos_TGT['ticket']) + ap_req['authenticator'] = EncryptedData({'etype': self.kerberos_cipher_type, 'cipher': authenticator_data_enc}) + + pa_data_auth = {} + pa_data_auth['padata-type'] = PaDataType.TGS_REQ.value + pa_data_auth['padata-value'] = AP_REQ(ap_req).dump() + + + krb_tgs_body = {} + krb_tgs_body['kdc-options'] = KDCOptions(set(kdcopts)) + krb_tgs_body['sname'] = PrincipalName({'name-type': NAME_TYPE.PRINCIPAL.value, 'name-string': [self.usercreds.username]}) + krb_tgs_body['realm'] = self.usercreds.domain.upper() + krb_tgs_body['till'] = (now + datetime.timedelta(days=1)).replace(microsecond=0) + krb_tgs_body['nonce'] = secrets.randbits(31) + krb_tgs_body['etype'] = [23] # dunno why it must be 23? + krb_tgs_body['additional-tickets'] = [Ticket(self.kerberos_TGT['ticket'])] + + + krb_tgs_req = {} + krb_tgs_req['pvno'] = krb5_pvno + krb_tgs_req['msg-type'] = MESSAGE_TYPE.KRB_TGS_REQ.value + krb_tgs_req['padata'] = [pa_data_auth] #pa_for_user + krb_tgs_req['req-body'] = KDC_REQ_BODY(krb_tgs_body) + + + + req = TGS_REQ(krb_tgs_req) + logger.debug('[U2U] Sending request to server') + + reply = self.ksoc.sendrecv(req.dump()) + if reply.name == 'KRB_ERROR': + emsg = '[U2U] failed!' + if reply.native['error-code'] == 16: + emsg = '[U2U] Failed to get U2U! Error code (16) indicates that delegation is not enabled for this account!' + raise KerberosError(reply, emsg) + + logger.debug('[U2U] Got reply, decrypting...') + tgs = reply.native + + cipher = _enctype_table[int(tgs['ticket']['enc-part']['etype'])] + encticket = tgs['ticket']['enc-part']['cipher'] + decdata = cipher.decrypt(self.kerberos_session_key, 2, encticket) + decticket = EncTicketPart.load(decdata).native + + encTGSRepPart = EncTGSRepPart.load(self.kerberos_cipher.decrypt(self.kerberos_session_key, 8, tgs['enc-part']['cipher'])).native + key = Key(encTGSRepPart['key']['keytype'], encTGSRepPart['key']['keyvalue']) + self.ccache.add_tgs(tgs, encTGSRepPart) + logger.debug('[U2U] Got valid TGS reply') + + return tgs, encTGSRepPart, key, decticket + + def get_NT_from_PAC(self, decticket:EncTicketPart, truncated_keydata=None): + from minikerberos.protocol.external.rpcrt import TypeSerialization1 + from minikerberos.protocol.external.pac import PACTYPE, PAC_INFO_BUFFER, \ + PAC_CREDENTIAL_INFO, PAC_CREDENTIAL_DATA, NTLM_SUPPLEMENTAL_CREDENTIAL + + + adIfRelevant = AD_IF_RELEVANT.load(decticket['authorization-data'][0]['ad-data']) + if truncated_keydata is None: + truncated_keydata = self.pkinit_tkey + if truncated_keydata is None: + raise Exception("Missing tkey! Is this a PKINIT session?") + key = Key(18, truncated_keydata) + pacType = PACTYPE(adIfRelevant.native[0]['ad-data']) + buff = pacType['Buffers'] + creds = [] + for bufferN in range(pacType['cBuffers']): + infoBuffer = PAC_INFO_BUFFER(buff) + data = pacType['Buffers'][infoBuffer['Offset']-8:][:infoBuffer['cbBufferSize']] + logger.debug("TYPE 0x%x" % infoBuffer['ulType']) + if infoBuffer['ulType'] == 2: + credinfo = PAC_CREDENTIAL_INFO(data) + newCipher = _enctype_table[credinfo['EncryptionType']] + + out = newCipher.decrypt(key, 16, credinfo['SerializedData']) + type1 = TypeSerialization1(out) + # I'm skipping here 4 bytes with its the ReferentID for the pointer + newdata = out[len(type1)+4:] + pcc = PAC_CREDENTIAL_DATA(newdata) + for cred in pcc['Credentials']: + credstruct = NTLM_SUPPLEMENTAL_CREDENTIAL(b''.join(cred['Credentials'])) + if credstruct['NtPassword'] != b'\x00'*16: + creds.append(('NT', credstruct['NtPassword'].hex())) + if credstruct['LmPassword'] != b'\x00'*16: + creds.append(('LM', credstruct['LmPassword'].hex())) + + buff = buff[len(infoBuffer):] + + return creds ##### ./usr/lib/python3/dist-packages/minikerberos/common/ccache.py @@ -684,16 +685,23 @@ @staticmethod def from_kirbifile(kirbi_filename): kf_abs = os.path.abspath(kirbi_filename) kirbidata = None with open(kf_abs, 'rb') as f: kirbidata = f.read() - - return CCACHE.from_kirbi(kirbidata) + try: + ccache = CCACHE.from_kirbi(kirbidata) + except: + #maybe the kirbi file is actually base64 encoded from rubeus? + kirbidata = kirbidata.replace(b' ', b'').replace(b'\r', b'').replace(b'\n', b'').replace(b'\t', b'') + kirbidata = base64.b64decode(kirbidata) + ccache = CCACHE.from_kirbi(kirbidata) + + return ccache @staticmethod def from_kirbidir(directory_path): """ Iterates trough all .kirbi files in a given directory and converts all of them into one CCACHE object """ cc = CCACHE() ##### ./usr/lib/python3/dist-packages/minikerberos/common/constants.py @@ -1,21 +1,20 @@ import enum -class KerberosSocketType(enum.Enum): - UDP = enum.auto() - TCP = enum.auto() - class KerberosSecretType(enum.Enum): PASSWORD = 'PASSWORD' PW = 'PW' PASS = 'PASS' NT = 'NT' AES = 'AES' #keeping this here for user's secret-type specification and compatibility reasons AES128 = 'AES128' AES256 = 'AES256' RC4 = 'RC4' DES = 'DES' DES3 = 'DES3' TDES = 'TDES' CCACHE = 'CCACHE' KEYTAB = 'KEYTAB' - KIRBI = 'KIRBI' + KIRBI = 'KIRBI' + PFX = 'PFX' + PEM = 'PEM' + PFXSTR = 'PFXSTR' ##### ./usr/lib/python3/dist-packages/minikerberos/common/creds.py @@ -116,74 +149,278 @@ supp_enctypes[EncryptionType.AES128_CTS_HMAC_SHA1_96] = 1 if self.password or self.nt_hash or self.kerberos_key_rc4: supp_enctypes[EncryptionType.ARCFOUR_HMAC_MD5] = 1 if self.kerberos_key_des: supp_enctypes[EncryptionType.DES3_CBC_SHA1] = 1 + + if self.certificate is not None: + supp_enctypes = collections.OrderedDict() + supp_enctypes[EncryptionType.AES256_CTS_HMAC_SHA1_96] = 1 + supp_enctypes[EncryptionType.AES128_CTS_HMAC_SHA1_96] = 1 + if as_int == True: return [etype.value for etype in supp_enctypes] return [etype for etype in supp_enctypes] - + @staticmethod - def from_krbcred(keytab_file_path: str, principal: str = None, realm: str = None): - return KerberosCredential.from_kirbi(keytab_file_path, principal, realm) + def from_keytab(keytab_file_path: str, principal: str, realm: str, encoding = 'file') -> KerberosCredential: + """Returns a kerberos credential object from Keytab file/data""" + cred = KerberosCredential() + cred.username = principal + cred.domain = realm + data = get_encoded_data(keytab_file_path, encoding=encoding) + return KerberosCredential.from_keytab_string(data, principal, realm) @staticmethod - def from_kirbi(keytab_file_path: str, principal: str = None, realm: str = None): + def from_ccache(data, principal: str = None, realm: str = None, encoding = 'file') -> KerberosCredential: + """Returns a kerberos credential object with CCACHE database""" + data = get_encoded_data(data, encoding=encoding) + k = KerberosCredential() + k.username = principal + k.domain = realm + k.ccache = CCACHE.from_bytes(data) + return k + + @staticmethod + def from_kirbi(keytab_file_path: str, principal: str = None, realm: str = None, encoding = 'file') -> KerberosCredential: + """Returns a kerberos credential object from .kirbi file""" + data = get_encoded_data(keytab_file_path, encoding=encoding) cred = KerberosCredential() cred.username = principal cred.domain = realm - cred.ccache = CCACHE.from_kirbifile(keytab_file_path) + cred.ccache = CCACHE.from_kirbi(data) cred.ccache_spn_strict_check = False return cred - + @staticmethod - def from_keytab(keytab_file_path: str, principal: str, realm: str): + def from_pfx(data:str, password:str, dhparams:DirtyDH = None, username:str = None, domain:str = None, encoding = 'file') -> KerberosCredential: + """ + Retruns a credential object from data found in the PFX file + Username and domain will override the values found in the certificate + """ + data = get_encoded_data(data, encoding=encoding) + return KerberosCredential.from_pfx_string(data, password, dhparams = dhparams, username = username, domain = domain) + + @staticmethod + def from_krbcred(keytab_file_path: str, principal: str = None, realm: str = None) -> KerberosCredential: + return KerberosCredential.from_kirbi(keytab_file_path, principal, realm) + + @staticmethod + def from_keytab_string(self, keytabdata: str|bytes, principal: str, realm: str) -> KerberosCredential: cred = KerberosCredential() cred.username = principal cred.domain = realm - with open(keytab_file_path, 'rb') as kf: - #keytab_bytes = kf.read() - #keytab = Keytab.from_bytes(keytab_bytes) - keytab = Keytab.from_buffer(kf) - - for keytab_entry in keytab.entries: - if realm == keytab_entry.principal.realm.to_string(): - for keytab_principal in keytab_entry.principal.components: - if principal == keytab_principal.to_string(): - enctype = None - if Enctype.AES256 == keytab_entry.enctype: - enctype = KerberosSecretType.AES256 - elif Enctype.AES128 == keytab_entry.enctype: - enctype = KerberosSecretType.AES128 - elif Enctype.DES3 == keytab_entry.enctype: - enctype = KerberosSecretType.DES3 - elif Enctype.DES_CRC == keytab_entry.enctype: - enctype = KerberosSecretType.DES - elif Enctype.DES_MD4 == keytab_entry.enctype: - enctype = KerberosSecretType.DES - elif Enctype.DES_MD5 == keytab_entry.enctype: - enctype = KerberosSecretType.DES - elif Enctype.RC4 == keytab_entry.enctype: - enctype = KerberosSecretType.RC4 - if enctype: - cred.add_secret(enctype, keytab_entry.key_contents.hex()) + if isinstance(keytabdata, str): + keytabdata = base64.b64decode(keytabdata.replace(' ','').replace('\r','').replace('\n','').replace('\t','').replace('','').encode()) + + keytab = Keytab.from_bytes(keytabdata) + + for keytab_entry in keytab.entries: + if realm == keytab_entry.principal.realm.to_string(): + for keytab_principal in keytab_entry.principal.components: + if principal == keytab_principal.to_string(): + enctype = None + if Enctype.AES256 == keytab_entry.enctype: + enctype = KerberosSecretType.AES256 + elif Enctype.AES128 == keytab_entry.enctype: + enctype = KerberosSecretType.AES128 + elif Enctype.DES3 == keytab_entry.enctype: + enctype = KerberosSecretType.DES3 + elif Enctype.DES_CRC == keytab_entry.enctype: + enctype = KerberosSecretType.DES + elif Enctype.DES_MD4 == keytab_entry.enctype: + enctype = KerberosSecretType.DES + elif Enctype.DES_MD5 == keytab_entry.enctype: + enctype = KerberosSecretType.DES + elif Enctype.RC4 == keytab_entry.enctype: + enctype = KerberosSecretType.RC4 + if enctype: + cred.add_secret(enctype, keytab_entry.key_contents.hex()) + return cred @staticmethod - def from_ccache_file(filepath, principal: str = None, realm: str = None): + def from_ccache_file(filepath, principal: str = None, realm: str = None) -> KerberosCredential: + """Depricated! Use from_ccache with proper encoding instead!""" k = KerberosCredential() k.username = principal k.domain = realm k.ccache = CCACHE.from_file(filepath) return k + def set_user_and_domain_from_cert(self, username:str = None, domain:str = None): + """ + Tries to guess the correct username and domain from the current certificate, + if 'username' and/or 'domain' is set it will set those + """ + self.username = username + if username is None: + self.username = self.certificate.subject.native['common_name'].rsplit('@', 1)[0] + self.domain = domain + if domain is None: + dc = None + if 'domain_component' in self.certificate.issuer.native: + dc = self.certificate.issuer.native['domain_component'] + if 'domain_component' in self.certificate.subject.native: + dc = self.certificate.subject.native['domain_component'] + if dc is not None: + self.domain = '.'.join(dc[::-1]) + else: + raise Exception('Could\'t find proper domain name in the certificate! Please set it manually!') + + @staticmethod + def from_pem_data(certdata: str|bytes, keydata:str|bytes, dhparams:DirtyDH = None, username:str = None, domain:str = None) -> KerberosCredential: + if isinstance(certdata, str): + certdata = base64.b64decode(certdata.replace(' ','').replace('\r','').replace('\n','').replace('\t','')) + if isinstance(keydata, str): + keydata = base64.b64decode(keydata.replace(' ','').replace('\r','').replace('\n','').replace('\t','')) + k = KerberosCredential() + k.certificate = parse_certificate(certdata) + k.private_key = parse_private(keydata) + k.set_user_and_domain_from_cert(username = username, domain = domain) + k.set_dhparams(dhparams) + return k + + @staticmethod + def from_pem_file(certpath:str, keypath: str, dhparams:DirtyDH = None, username:str = None, domain:str = None) -> KerberosCredential: + with open(certpath, 'rb') as f: + certdata = f.read() + + with open(keypath, 'rb') as f: + keydata = f.read() + + return KerberosCredential.from_pem_data(certdata, keydata, dhparams = dhparams, username = username, domain = domain) + + + @staticmethod + def from_windows_certstore(commonname:str, certstore_name:str = 'MY', dhparams:DirtyDH = None, username:str = None, domain:str = None) -> KerberosCredential: + if platform.system().lower() != 'windows': + raise Exception('Only works on windows (obviously)') + from minikerberos.common.windows.crypt32 import find_cert_by_cn, CertCloseStore, CertFreeCertificateContext + + k = KerberosCredential() + k.commonname = commonname + k.certstore_name = certstore_name + k.certificate, chandle, shandle = find_cert_by_cn(commonname, certstore_name) + CertFreeCertificateContext(chandle) + CertCloseStore(shandle) + + k.__use_windows_certstore = True + k.set_user_and_domain_from_cert(username = username, domain = domain) + k.set_dhparams(dhparams) + return k + + @staticmethod + def from_pfx_string(data: str|bytes, password:str, dhparams:DirtyDH = None, username:str = None, domain:str = None) -> KerberosCredential: + k = KerberosCredential() + if password is None: + password = b'' + if isinstance(password, str): + password = password.encode() + + if isinstance(data, str): + data = base64.b64decode(data.replace(' ', '').replace('\r','').replace('\n','').encode()) + + # private_key is not actually the private key object but the privkey data because oscrypto privkey + # cant be serialized so we cant make copy of it. + k.private_key, k.certificate, extra_certs = parse_pkcs12(data, password = password) + #k.private_key = load_private_key(privkeyinfo) + + k.set_user_and_domain_from_cert(username = username, domain = domain) + k.set_dhparams(dhparams) + return k + + @staticmethod + def from_pfx_file(filepath:str, password:str, dhparams:DirtyDH = None, username:str = None, domain:str = None) -> KerberosCredential: + """ + Username and domain will override the values found in the certificate + """ + with open(filepath, 'rb') as f: + data = f.read() + return KerberosCredential.from_pfx_string(data, password, dhparams = dhparams, username = username, domain = domain) + + def set_dhparams(self, dhparams): + # windows default params, don't look at me... + self.dhparams = DirtyDH.from_dict({ + 'p':int('00ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff', 16), + 'g':2 + }) + + if dhparams is not None: + if isinstance(dhparams, dict): + self.dhparams = DirtyDH.from_dict(dhparams) + elif isinstance(dhparams, bytes): + self.dhparams = DirtyDH.from_asn1(dhparams) + elif isinstance(dhparams, DirtyDH): + self.dhparams= dhparams + else: + raise Exception('DH params must be either a bytearray or a dict') + + + def sign_authpack(self, data, wrap_signed = False): + if self.__use_windows_certstore is True: + from minikerberos.common.windows.crypt32 import pkcs7_sign, CertCloseStore, find_cert_by_cn, CertFreeCertificateContext + _, chandle, shandle = find_cert_by_cn(self.commonname, self.certstore_name) + res = pkcs7_sign(chandle, data) + CertFreeCertificateContext(chandle) + CertCloseStore(shandle) + return res + return self.sign_authpack_native(data, wrap_signed) + + def sign_authpack_native(self, data, wrap_signed = False): + """ + Creating PKCS7 blob which contains the following things: + + 1. 'data' blob which is an ASN1 encoded "AuthPack" structure + 2. the certificate used to sign the data blob + 3. the singed 'signed_attrs' structure (ASN1) which points to the "data" structure (in point 1) + """ + + da = {} + da['algorithm'] = algos.DigestAlgorithmId('1.3.14.3.2.26') # for sha1 + + si = {} + si['version'] = 'v1' + si['sid'] = cms.IssuerAndSerialNumber({ + 'issuer': self.certificate.issuer, + 'serial_number': self.certificate.serial_number, + }) + + + si['digest_algorithm'] = algos.DigestAlgorithm(da) + si['signed_attrs'] = [ + cms.CMSAttribute({'type': 'content_type', 'values': ['1.3.6.1.5.2.3.1']}), # indicates that the encap_content_info's authdata struct (marked with OID '1.3.6.1.5.2.3.1' is signed ) + cms.CMSAttribute({'type': 'message_digest', 'values': [hashlib.sha1(data).digest()]}), ### hash of the data, the data itself will not be signed, but this block of data will be. + ] + si['signature_algorithm'] = algos.SignedDigestAlgorithm({'algorithm' : '1.2.840.113549.1.1.1'}) + si['signature'] = rsa_pkcs1v15_sign(load_private_key(self.private_key), cms.CMSAttributes(si['signed_attrs']).dump(), "sha1") + + ec = {} + ec['content_type'] = '1.3.6.1.5.2.3.1' + ec['content'] = data + + sd = {} + sd['version'] = 'v3' + sd['digest_algorithms'] = [algos.DigestAlgorithm(da)] # must have only one + sd['encap_content_info'] = cms.EncapsulatedContentInfo(ec) + sd['certificates'] = [self.certificate] + sd['signer_infos'] = cms.SignerInfos([cms.SignerInfo(si)]) + + if wrap_signed is True: + ci = {} + ci['content_type'] = '1.2.840.113549.1.7.2' # signed data OID + ci['content'] = cms.SignedData(sd) + return cms.ContentInfo(ci).dump() + + return cms.SignedData(sd).dump() + def add_secret(self, st: KerberosSecretType, secret: str): if st == KerberosSecretType.PASSWORD or st == KerberosSecretType.PW or st == KerberosSecretType.PASS: if secret == '' or secret is None: self.password = getpass.getpass('Enter Kerberos credential password:') else: self.password = secret elif st == KerberosSecretType.NT or st == KerberosSecretType.RC4: ##### ./usr/lib/python3/dist-packages/minikerberos/common/keytab.py @@ -164,34 +166,34 @@ t += 'key_contents : %s\r\n' % self.key_contents.hex() return t class Keytab: def __init__(self): - self.krb5 = 5 - self.version = 2 - self.entries = [] + self.krb5:int = 5 + self.version:int = 2 + self.entries:List[KeytabEntry] = [] - def to_bytes(self): + def to_bytes(self) -> bytes: t = self.krb5.to_bytes(1, 'big', signed=False) t += self.version.to_bytes(1, 'big', signed=False) for e in self.entries: data = e.to_bytes() t += len(data).to_bytes(4, 'big', signed=False) t += data return t @staticmethod def from_bytes(data): return Keytab.from_buffer(io.BytesIO(data)) @staticmethod - def from_buffer(buffer): + def from_buffer(buffer:io.BytesIO) -> Keytab: pos = buffer.tell() buffer.seek(0, 2) buffer_size = buffer.tell() - pos buffer.seek(pos, 0) k = Keytab() k.krb5 = int.from_bytes(buffer.read(1), 'big', signed=False) ##### ./usr/lib/python3/dist-packages/minikerberos/common/target.py @@ -1,19 +1,17 @@ -from minikerberos.common.constants import KerberosSocketType +from asysocks.unicomm.common.target import UniTarget, UniProto -class KerberosTarget: - def __init__(self, ip = None): - self.ip = ip - self.port = 88 - self.protocol = KerberosSocketType.TCP - self.proxy = None - self.timeout = 10 +class KerberosTarget(UniTarget): + def __init__(self, ip:str = None, proxies = None, protocol = UniProto.CLIENT_TCP, timeout = 10, port = 88): + UniTarget.__init__(self, ip, port , protocol, timeout=timeout, proxies = proxies, dc_ip = ip) def __str__(self): t = '===KerberosTarget===\r\n' - t += 'ip: %s\r\n' % self.ip - t += 'port: %s\r\n' % self.port - t += 'protocol: %s\r\n' % self.protocol.name - t += 'timeout: %s\r\n' % self.timeout - t += 'proxy: %s\r\n' % str(self.proxy) + for k in self.__dict__: + if isinstance(self.__dict__[k], list): + for x in self.__dict__[k]: + t += ' %s: %s\r\n' % (k, x) + else: + t += '%s: %s\r\n' % (k, self.__dict__[k]) + return t ##### ./usr/lib/python3/dist-packages/minikerberos/common/url.py @@ -160,27 +184,21 @@ if k in kerberosclienturl_param2var: data = query[k][0] for c in kerberosclienturl_param2var[k][1]: data = c(data) setattr( - res, - kerberosclienturl_param2var[k][0], - data - ) + res, + kerberosclienturl_param2var[k][0], + data + ) if proxy_type is not None: - cu = SocksClientURL.from_params(url_str) - cu[-1].endpoint_ip = res.dc_ip - cu[-1].endpoint_port = res.port - - res.proxy = KerberosProxy(cu, None, type='SOCKS') - - + res.proxies = UniProxyTarget.from_url_params(url_str, res.port) if res.username is None: raise Exception('Missing username!') if res.secret is None: raise Exception('Missing secret/password!') if res.secret_type is None: raise Exception('Missing secret_type!') ##### ./usr/lib/python3/dist-packages/minikerberos/common/windows/crypt32.py @@ -365,18 +365,18 @@ if bool(hcert) is False: raise Exception('Couldnt find certificate for %s in certstore %s' % (common_name, certstore_name)) certificate = get_cert(hcert) subject = certificate.subject.native['common_name'] if isinstance(subject, list): for se in subject: if se == common_name: - return certificate, hcert + return certificate, hcert, chandle else: if subject == common_name: - return certificate, hcert + return certificate, hcert, chandle def pkcs7_sign(hcert, data): hprov, keyspec, to_free = CryptAcquireCertificatePrivateKey(hcert) hashalgo = CRYPT_ALGORITHM_IDENTIFIER() ##### ./usr/lib/python3/dist-packages/minikerberos/gssapi/gssapi.py @@ -168,61 +167,61 @@ if direction == 'init': token.SND_SEQ = seq_num.to_bytes(4, 'big', signed = False) + b'\x00'*4 else: token.SND_SEQ = seq_num.to_bytes(4, 'big', signed = False) + b'\xff'*4 token.Confounder = os.urandom(8) - temp = hmac_md5(self.session_key .contents) + temp = hmac.new(self.session_key.contents, digestmod = 'md5') temp.update(b'signaturekey\0') Ksign = temp.digest() id = 13 Sgn_Cksum = md5( id.to_bytes(4, 'little', signed = False) + token.to_bytes()[:8] + token.Confounder + data).digest() - temp = hmac_md5(Ksign) + temp = hmac.new(Ksign, digestmod = 'md5') temp.update(Sgn_Cksum) token.SGN_CKSUM = temp.digest()[:8] klocal = b'' for b in self.session_key .contents: klocal += bytes([b ^ 0xf0]) id = 0 - temp = hmac_md5(klocal) + temp = hmac.new(klocal, digestmod = 'md5') temp.update(id.to_bytes(4, 'little', signed = False)) - temp = hmac_md5(temp.digest()) + temp = hmac.new(temp.digest(), digestmod = 'md5') temp.update(seq_num.to_bytes(4, 'big', signed = False)) Kcrypt = temp.digest() id = 0 - temp = hmac_md5(self.session_key .contents) + temp = hmac.new(self.session_key.contents, digestmod = 'md5') temp.update(id.to_bytes(4, 'little', signed = False)) - temp = hmac_md5(temp.digest()) + temp = hmac.new(temp.digest(), digestmod = 'md5') temp.update(token.SGN_CKSUM) Kseq = temp.digest() token.SND_SEQ = RC4(Kseq).encrypt(token.SND_SEQ) if auth_data is not None: wrap = GSSWRAP_RC4.from_bytes(auth_data[8 + len(GSS_WRAP_HEADER):]) id = 0 - temp = hmac_md5(self.session_key .contents) + temp = hmac.new(self.session_key.contents, digestmod = 'md5') temp.update(id.to_bytes(4, 'little', signed = False)) - temp = hmac_md5(temp.digest()) + temp = hmac.new(temp.digest(), digestmod = 'md5') temp.update(wrap.SGN_CKSUM) snd_seq = RC4(temp.digest()).encrypt(wrap.SND_SEQ) id = 0 - temp = hmac_md5(klocal) + temp = hmac.new(klocal, digestmod = 'md5') temp.update(id.to_bytes(4, 'little', signed = False)) - temp = hmac_md5(temp.digest()) + temp = hmac.new(temp.digest(), digestmod = 'md5') temp.update(snd_seq[:4]) Kcrypt = temp.digest() rc4 = RC4(Kcrypt) cipherText = rc4.decrypt(token.Confounder + data)[8:] elif encrypt is True: ##### ./usr/lib/python3/dist-packages/minikerberos/network/aioclientsocket.py @@ -1,66 +1,67 @@ #!/usr/bin/env python3 # # Author: # Tamas Jos (@skelsec) # -import asyncio - +from minikerberos import logger from minikerberos.protocol.asn1_structs import KerberosResponse -from minikerberos.common.constants import KerberosSocketType +from minikerberos.common.target import KerberosTarget +from asysocks.unicomm.common.target import UniProto +from asysocks.unicomm.client import UniClient +from asysocks.unicomm.common.packetizers import Packetizer + + +class KerberosPacketizer(Packetizer): + def __init__(self, buffer_size = 65535): + Packetizer.__init__(self, buffer_size) + self.buffer_size = buffer_size + self.in_buffer = b'' + + def process_buffer(self): + if len(self.in_buffer) > 4: + length = int.from_bytes(self.in_buffer[:4], byteorder = 'big', signed = False) + if len(self.in_buffer) >= length: + data = self.in_buffer[4:4+length] + self.in_buffer = self.in_buffer[length+4:] + yield data + + async def data_out(self, data): + yield data + + async def data_in(self, data): + if data is None: + yield data + self.in_buffer += data + for packet in self.process_buffer(): + yield packet class AIOKerberosClientSocket: - def __init__(self, target): + def __init__(self, target:KerberosTarget): self.target = target - #ip, port = 88, soc_type = KerberosSocketType.TCP - self.soc_type = target.protocol - self.dst_ip = target.ip - self.dst_port = int(target.port) - #self.soc = None - self.reader = None - self.writer = None - - def __str__(self): - t = '===KerberosSocket AIO===\r\n' - t += 'soc_type: %s\r\n' % self.soc_type - t += 'dst_ip: %s\r\n' % self.dst_ip - t += 'dst_port: %s\r\n' % self.dst_port - - return t - + def get_addr_str(self): - return '%s:%d' % (self.dst_ip, self.dst_port) - - async def create_soc(self): - if self.soc_type == KerberosSocketType.TCP: - self.reader, self.writer = await asyncio.open_connection(self.dst_ip, self.dst_port) - - elif self.soc_type == KerberosSocketType.UDP: - raise Exception('UDP not implemented!') - - else: - raise Exception('Unknown socket type!') - - async def sendrecv(self, data, throw = False): - await self.create_soc() + return '%s:%d' % (self.target.get_hostname_or_ip(), self.target.port) + + async def sendrecv(self, data, throw:bool = False): + client = None + connection = None try: - if self.soc_type == KerberosSocketType.TCP: + packetizer = KerberosPacketizer() + client = UniClient(self.target, packetizer) + connection = await client.connect() + if self.target.protocol == UniProto.CLIENT_TCP: length = len(data).to_bytes(4, byteorder = 'big', signed = False) - self.writer.write(length + data) - await self.writer.drain() + await connection.write(length + data) - t = await self.reader.readexactly(4) - length = int.from_bytes(t, byteorder = 'big', signed = False) - data = await self.reader.readexactly(length) + async for packet in connection.read(): + krb_message = KerberosResponse.load(packet) + break - elif self.soc_type == KerberosSocketType.UDP: + elif self.target.protocol == UniProto.CLIENT_UDP: raise Exception('Not implemented!') - krb_message = KerberosResponse.load(data) return krb_message finally: - self.writer.close() - self.reader = None - self.writer = None - - + if connection is not None: + await connection.close() ##### ./usr/lib/python3/dist-packages/minikerberos/network/clientsocket.py @@ -66,15 +64,15 @@ break elif len(buff) > total_length + 4: raise Exception('Got too much data somehow') else: continue - elif self.soc_type == KerberosSocketType.UDP: + elif self.soc_type == UniProto.CLIENT_UDP: self.soc.sendto(data, (self.dst_ip, self.dst_port)) while True: buff, addr = self.soc.recvfrom(65535) if addr[0] == self.dst_ip: break else: # got a message from a different IP than the target, strange! ##### ./usr/lib/python3/dist-packages/minikerberos/pkinit.py @@ -6,24 +6,31 @@ # TODO: code currently supports RSA+DH+SHA1 , add support for other mechanisms import os import datetime import secrets -import hashlib +import platform -from oscrypto.keys import parse_pkcs12 -from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key +from unicrypto import hashlib from asn1crypto import cms from asn1crypto import algos from asn1crypto import core from asn1crypto import x509 from asn1crypto import keys +import oscrypto +#if platform.system().lower() == 'emscripten': +# # these imports are pyodide-specific +# import ssl +# oscrypto.use_openssl('/lib/python3.10/site-packages/libcrypto.so', '/lib/python3.10/site-packages/libssl.so') +from oscrypto.keys import parse_pkcs12 +from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key + from minikerberos.protocol.constants import NAME_TYPE, MESSAGE_TYPE, PaDataType from minikerberos.protocol.encryption import Enctype, _checksum_table, _enctype_table, Key from minikerberos.protocol.structures import AuthenticatorChecksum from minikerberos.protocol.asn1_structs import KDC_REQ_BODY, PrincipalName, HostAddress, \ KDCOptions, EncASRepPart, AP_REQ, AuthorizationData, Checksum, krb5_pvno, Realm, \ EncryptionKey, Authenticator, Ticket, APOptions, EncryptedData, AS_REQ, AP_REP from minikerberos.protocol.rfc4556 import PKAuthenticator, AuthPack, Dunno1, Dunno2, MetaData, Info, CertIssuer, CertIssuers, PA_PK_AS_REP, KDCDHKeyInfo ##### ./usr/lib/python3/dist-packages/minikerberos/protocol/encryption.py @@ -710,15 +712,14 @@ count += 1 return out[:l] e = _get_enctype_profile(enctype) return e.random_to_key(_xorbytes(prfplus(key1, pepper1, e.seedsize), prfplus(key2, pepper2, e.seedsize))) - if __name__ == '__main__': def h(hexstr): return unhexlify(hexstr) # AES128 encrypt and decrypt kb = h('9062430C8CDA3388922E6D6A509F5B7A') conf = h('94B491F481485B9A0678CD3C4EA386AD') ##### ./usr/lib/python3/dist-packages/minikerberos/protocol/errors.py @@ -151,8 +151,8 @@ KDC_ERR_KDC_NOT_TRUSTED = 'The KDC server trust failed or could not be verified' KDC_ERR_INVALID_SIG = 'The signature is invalid' KDC_ERR_KEY_TOO_WEAK = 'A higher encryption level is needed' KRB_AP_ERR_USER_TO_USER_REQUIRED ='User-to-user authorization is required' KRB_AP_ERR_NO_TGT ='No TGT was presented or available' KDC_ERR_WRONG_REALM = 'Incorrect domain or principal' KRB_AP_ERR_IAKERB_KDC_NOT_FOUND = 'The IAKERB proxy could not find a KDC' - KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE = 'The KDC did not respond to the IAKERB proxy' + KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE = 'The KDC did not respond to the IAKERB proxy' ##### ./usr/lib/python3/dist-packages/minikerberos/protocol/mskile.py @@ -1,8 +1,10 @@ import os +import io + from asn1crypto import core from minikerberos.protocol.asn1_structs import EncryptionKey, Checksum, KerberosTime, Realm TAG = 'explicit' # class UNIVERSAL = 0 ##### ./usr/lib/python3/dist-packages/minikerberos/security.py @@ -5,36 +5,36 @@ # import datetime import secrets from minikerberos import logger from minikerberos.aioclient import AIOKerberosClient +from minikerberos.network.aioclientsocket import AIOKerberosClientSocket from minikerberos.common.spn import KerberosSPN from minikerberos.common.target import KerberosTarget from minikerberos.common.creds import KerberosCredential from minikerberos.common.utils import TGSTicket2hashcat, TGTTicket2hashcat from minikerberos import logger from minikerberos.protocol.asn1_structs import PrincipalName, KDCOptions, \ PADATA_TYPE, PA_PAC_REQUEST, krb5_pvno, KDC_REQ_BODY, AS_REQ from minikerberos.protocol.errors import KerberosErrorCode from minikerberos.protocol.constants import NAME_TYPE, MESSAGE_TYPE -from minikerberos.network.selector import KerberosClientSocketSelector class KerberosEtypeTest: # TODO: implement this pass class KerberosUserEnum: def __init__(self, target: KerberosTarget, spn: KerberosSPN): self.target = target self.spn = spn - self.ksoc = KerberosClientSocketSelector.select(target, True) + self.ksoc = AIOKerberosClientSocket(self.target) def construct_tgt_req(self): now = now = datetime.datetime.now(datetime.timezone.utc) kdc_req_body = {} kdc_req_body['kdc-options'] = KDCOptions(set(['forwardable','renewable','proxiable'])) kdc_req_body['cname'] = PrincipalName({'name-type': NAME_TYPE.PRINCIPAL.value, 'name-string': [self.spn.username]}) ##### ./usr/share/doc/python3-minikerberos/changelog.Debian.gz ###### filetype from file(1) @@ -1 +1 @@ -gzip compressed data, max compression, from Unix, original size 889 +gzip compressed data, max compression, from Unix, original size 938 ###### changelog.Debian @@ -1,14 +1,18 @@ -python-minikerberos (0.3.3-0kali1) control; urgency=low +python-minikerberos (0.3.3-0kali1) kali-experimental; urgency=low + [ Kali Janitor ] + * New upstream release. + + [ ] * Build for debian-janitor apt repository. - -- Tue, 22 Nov 2022 15:43:22 -0000 + -- Kali Janitor Fri, 11 Nov 2022 00:13:18 -0000 -python-minikerberos (0.2.14-0kali1~jan+control3) kali-dev; urgency=medium +python-minikerberos (0.2.14-0kali1) kali-dev; urgency=medium [ Kali Janitor ] * Set upstream metadata fields: Bug-Database, Bug-Submit. * Import upstream version 0.2.5 [ Ben Wilson ] * Consistency with tabs to spaces