Merge tag 'upstream/2.1.1-20170320' into kali/master
Upstream version 2.1.1-20170320
Sophie Brun
7 years ago
Binary diff not shown
Binary diff not shown
Binary diff not shown
Binary diff not shown
0 | import "ms-dtyp.idl"; | |
1 | [ | |
2 | uuid(17FC11E9-C258-4B8D-8D07-2F4125156244), | |
3 | version(1.0) | |
4 | ] | |
5 | interface MimiCom | |
6 | { | |
7 | typedef [context_handle] void* MIMI_HANDLE; | |
8 | ||
9 | typedef unsigned int ALG_ID; | |
10 | typedef struct _MIMI_PUBLICKEY { | |
11 | ALG_ID sessionType; | |
12 | DWORD cbPublicKey; | |
13 | [size_is(cbPublicKey)] BYTE *pbPublicKey; | |
14 | } MIMI_PUBLICKEY, *PMIMI_PUBLICKEY; | |
15 | ||
16 | NTSTATUS MimiBind( | |
17 | [in] handle_t rpc_handle, | |
18 | [in, ref] PMIMI_PUBLICKEY clientPublicKey, | |
19 | [out, ref] PMIMI_PUBLICKEY serverPublicKey, | |
20 | [out, ref] MIMI_HANDLE *phMimi | |
21 | ); | |
22 | ||
23 | NTSTATUS MiniUnbind( | |
24 | [in, out, ref] MIMI_HANDLE *phMimi | |
25 | ); | |
26 | ||
27 | NTSTATUS MimiCommand( | |
28 | [in, ref] MIMI_HANDLE phMimi, | |
29 | [in] DWORD szEncCommand, | |
30 | [in, size_is(szEncCommand), unique] BYTE *encCommand, | |
31 | [out, ref] DWORD *szEncResult, | |
32 | [out, size_is(, *szEncResult)] BYTE **encResult | |
33 | ); | |
34 | } | |
35 | ||
36 | // Privacy of RPC exchange can be ~guaranteed by protocol, *except when not using authentication* | |
37 | // mimikatz try to avoid clear credentials on the network by using basic encryption at application level. | |
38 | // | |
39 | // Diffie-Hellman key exchange | |
40 | // =========================== | |
41 | // | |
42 | // > Parameters used: Second Oakley Group ( https://tools.ietf.org/html/rfc2409#section-6.2 ) | |
43 | // | |
44 | // * ALG_ID sessionType | |
45 | // session key type to use after DH exchange, it can be: CALG_CYLINK_MEK(0x660c), CALG_RC2(0x6602), CALG_RC4(0x6801), CALG_DES(0x6601), CALG_3DES_112(0x6609) or CALG_3DES(0x6603) | |
46 | // see: https://msdn.microsoft.com/library/windows/desktop/bb394802.aspx and https://msdn.microsoft.com/library/windows/desktop/aa375549.aspx | |
47 | // | |
48 | // * DWORD cbPublicKey | |
49 | // size of pbPublicKey: 144 (sizeof(PUBLICKEYSTRUC) + sizeof(DHPUBKEY) + sizeof(1024bits key) | |
50 | // | |
51 | // * BYTE *pbPublicKey | |
52 | // PUBLICKEYBLOB structure of the DH key ( https://msdn.microsoft.com/en-us/library/windows/desktop/aa381970(v=vs.85).aspx#code-snippet-1 ) | |
53 | // | |
54 | // Example: | |
55 | // -------- | |
56 | // 06 02 00 00 PUBLICKEYBLOB (06), CUR_BLOB_VERSION (02), reserved (00 00) | |
57 | // 02 aa 00 00 ALG_ID: CALG_DH_EPHEM(0xaa02) | |
58 | // | |
59 | // 00 44 48 31 Magic : \0DH1 | |
60 | // 00 04 00 00 1024bits (128bytes bellow) | |
61 | // a9 90 e8 86 59 2d 88 a7 32 e1 05 35 26 24 d9 fd | |
62 | // ae f5 53 46 ca a4 79 cc a9 a3 57 45 e8 54 e7 fd | |
63 | // fe 99 24 df 71 6a 44 2c f7 0a 09 ac e4 e6 44 f8 | |
64 | // 4c 51 63 c3 86 1e 14 4a 9a f0 e0 a9 e0 38 26 72 | |
65 | // 75 27 cb 60 9f 0d 15 2c 37 39 a0 b0 72 b6 14 85 | |
66 | // 5f 18 7f c0 0d 26 d1 3b 6f 14 c1 99 22 8f 74 ef | |
67 | // 68 0c 24 bb 77 ff b3 c5 9e ed ff 76 71 c1 ee ce | |
68 | // eb 77 46 00 52 d8 4c 5c bc af fd 28 3d 76 83 b3 | |
69 | // | |
70 | // > Don't forget you may need to reverse some key bytearrays from Windows point of view, and to reset session key state between calls ;)⏎ |
Binary diff not shown
Binary diff not shown
Binary diff not shown