New upstream release.
Kali Janitor
1 year, 5 months ago
| 0 | 0 | Metadata-Version: 2.1 |
| 1 | 1 | Name: pypykatz |
| 2 | Version: 0.6.2 | |
| 2 | Version: 0.6.3 | |
| 3 | 3 | Summary: Python implementation of Mimikatz |
| 4 | 4 | Home-page: https://github.com/skelsec/pypykatz |
| 5 | 5 | Author: Tamas Jos |
| 0 | pypykatz (0.6.2-0kali1) UNRELEASED; urgency=low | |
| 0 | pypykatz (0.6.3-0kali1) UNRELEASED; urgency=low | |
| 1 | 1 | |
| 2 | 2 | * New upstream release. |
| 3 | * New upstream release. | |
| 3 | 4 | |
| 4 | -- Kali Janitor <[email protected]> Wed, 02 Nov 2022 01:19:51 -0000 | |
| 5 | -- Kali Janitor <[email protected]> Sun, 27 Nov 2022 01:16:05 -0000 | |
| 5 | 6 | |
| 6 | 7 | pypykatz (0.4.9-0kali1) kali-dev; urgency=medium |
| 7 | 8 |
| 2 | 2 | # Author: |
| 3 | 3 | # Tamas Jos (@skelsec) |
| 4 | 4 | # |
| 5 | import io | |
| 6 | ||
| 7 | ||
| 5 | from typing import List | |
| 8 | 6 | from pypykatz.commons.kerberosticket import KerberosTicket, KerberosTicketType |
| 9 | 7 | from pypykatz.alsadecryptor.package_commons import PackageDecryptor |
| 10 | 8 | from pypykatz.alsadecryptor.win_datatypes import PLIST_ENTRY, PRTL_AVL_TABLE |
| 12 | 10 | |
| 13 | 11 | class KerberosCredential: |
| 14 | 12 | def __init__(self): |
| 15 | self.credtype = 'kerberos' | |
| 16 | self.username = None | |
| 17 | self.password = None | |
| 18 | self.password_raw = b'' | |
| 19 | self.domainname = None | |
| 20 | self.luid = None | |
| 21 | self.tickets = [] | |
| 22 | self.pin = None | |
| 23 | self.pin_raw = None | |
| 13 | self.credtype:str = 'kerberos' | |
| 14 | self.username:str = None | |
| 15 | self.password:str = None | |
| 16 | self.password_raw:bytes = b'' | |
| 17 | self.domainname:str = None | |
| 18 | self.luid:int = None | |
| 19 | self.tickets:List[KerberosTicket] = [] | |
| 20 | self.pin:str = None | |
| 21 | self.pin_raw:bytes = None | |
| 24 | 22 | self.cardinfo = None |
| 25 | 23 | |
| 26 | 24 | def __str__(self): |
| 90 | 90 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
| 91 | 91 | |
| 92 | 92 | |
| 93 | elif sysinfo.buildnumber >= WindowsBuild.WIN_10_1607.value: | |
| 93 | elif WindowsBuild.WIN_10_1607.value <= sysinfo.buildnumber < WindowsBuild.WIN_11_2022.value: | |
| 94 | 94 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' |
| 95 | 95 | template.first_entry_offset = 6 |
| 96 | 96 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 |
| 97 | 97 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_10_1607 |
| 98 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 | |
| 99 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 | |
| 100 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 | |
| 101 | ||
| 102 | elif sysinfo.buildnumber >= WindowsBuild.WIN_11_2022.value: | |
| 103 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' | |
| 104 | template.first_entry_offset = 6 | |
| 105 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 | |
| 106 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_11 | |
| 98 | 107 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 |
| 99 | 108 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 |
| 100 | 109 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
| 1598 | 1607 | await reader.align() |
| 1599 | 1608 | res.Ticket = await KIWI_KERBEROS_BUFFER.load(reader) |
| 1600 | 1609 | |
| 1610 | class PKIWI_KERBEROS_INTERNAL_TICKET_11(POINTER): | |
| 1611 | def __init__(self): | |
| 1612 | super().__init__() | |
| 1613 | ||
| 1614 | @staticmethod | |
| 1615 | async def load(reader): | |
| 1616 | p = PKIWI_KERBEROS_INTERNAL_TICKET_11() | |
| 1617 | p.location = reader.tell() | |
| 1618 | p.value = await reader.read_uint() | |
| 1619 | p.finaltype = KIWI_KERBEROS_INTERNAL_TICKET_11 | |
| 1620 | return p | |
| 1621 | ||
| 1622 | ||
| 1623 | class KIWI_KERBEROS_INTERNAL_TICKET_11: | |
| 1624 | def __init__(self): | |
| 1625 | self.Flink = None | |
| 1626 | self.Blink = None | |
| 1627 | self.unk0 = None | |
| 1628 | self.unk1 = None | |
| 1629 | self.ServiceName = None | |
| 1630 | self.TargetName = None | |
| 1631 | self.DomainName = None | |
| 1632 | self.TargetDomainName = None | |
| 1633 | self.Description = None | |
| 1634 | self.AltTargetDomainName = None | |
| 1635 | self.KDCServer = None | |
| 1636 | self.unk10586_d = None | |
| 1637 | self.ClientName = None | |
| 1638 | self.name0 = None | |
| 1639 | self.TicketFlags = None | |
| 1640 | self.unk2 = None | |
| 1641 | self.unk14393_0 = None | |
| 1642 | self.unk2x = None | |
| 1643 | self.KeyType = None | |
| 1644 | self.Key = None | |
| 1645 | self.unk14393_1 = None | |
| 1646 | self.unk3 = None | |
| 1647 | self.unk4 = None | |
| 1648 | self.unk5 = None | |
| 1649 | self.StartTime = None | |
| 1650 | self.EndTime = None | |
| 1651 | self.RenewUntil = None | |
| 1652 | self.unk6 = None | |
| 1653 | self.unk7 = None | |
| 1654 | self.domain = None | |
| 1655 | self.unk8 = None | |
| 1656 | self.strangeNames = None | |
| 1657 | self.unk9 = None | |
| 1658 | self.TicketEncType = None | |
| 1659 | self.TicketKvno = None | |
| 1660 | self.Ticket = None | |
| 1661 | ||
| 1662 | ||
| 1663 | @staticmethod | |
| 1664 | async def load(reader): | |
| 1665 | res = KIWI_KERBEROS_INTERNAL_TICKET_11() | |
| 1666 | res.Flink = await PKIWI_KERBEROS_INTERNAL_TICKET_11.load(reader) | |
| 1667 | res.Blink = await PKIWI_KERBEROS_INTERNAL_TICKET_11.load(reader) | |
| 1668 | res.unk0 = await PVOID.loadvalue(reader) | |
| 1669 | res.unk1 = await PVOID.loadvalue(reader) | |
| 1670 | res.ServiceName = await PKERB_EXTERNAL_NAME.load(reader) | |
| 1671 | res.TargetName = await PKERB_EXTERNAL_NAME.load(reader) | |
| 1672 | res.DomainName = await LSA_UNICODE_STRING.load(reader) | |
| 1673 | res.TargetDomainName = await LSA_UNICODE_STRING.load(reader) | |
| 1674 | res.Description = await LSA_UNICODE_STRING.load(reader) | |
| 1675 | res.AltTargetDomainName = await LSA_UNICODE_STRING.load(reader) | |
| 1676 | res.KDCServer = await LSA_UNICODE_STRING.load(reader) # //?(reader).value | |
| 1677 | res.unk10586_d = await LSA_UNICODE_STRING.load(reader) #//?(reader).value | |
| 1678 | res.ClientName = await PKERB_EXTERNAL_NAME.load(reader) | |
| 1679 | res.name0 = await PVOID.loadvalue(reader) | |
| 1680 | x = await reader.read(4) | |
| 1681 | res.TicketFlags = int.from_bytes(x, byteorder = 'big', signed = False) | |
| 1682 | res.unk2 = await ULONG.loadvalue(reader) | |
| 1683 | res.unk14393_0 = await PVOID.loadvalue(reader) | |
| 1684 | res.unk2x = await ULONG.loadvalue(reader) | |
| 1685 | res.KeyType = await ULONG.loadvalue(reader) | |
| 1686 | res.Key = await KIWI_KERBEROS_BUFFER.load(reader) | |
| 1687 | res.unk14393_1 = await PVOID.loadvalue(reader) | |
| 1688 | res.unk3 = await PVOID.loadvalue(reader) # // ULONG KeyType2 = (reader).value | |
| 1689 | res.unk4 = await PVOID.loadvalue(reader) # // KIWI_KERBEROS_BUFFER Key2 = (reader).value | |
| 1690 | res.unk5 = await PVOID.loadvalue(reader) # // up(reader).value | |
| 1691 | res.StartTime = await FILETIME.loadvalue(reader) | |
| 1692 | res.EndTime = await FILETIME.loadvalue(reader) | |
| 1693 | res.RenewUntil = await FILETIME.loadvalue(reader) | |
| 1694 | res.unk6 = await ULONG.loadvalue(reader) | |
| 1695 | res.unk7 = await ULONG.loadvalue(reader) | |
| 1696 | res.domain = await PCWSTR.loadvalue(reader) | |
| 1697 | res.unk8 = await ULONG.loadvalue(reader) | |
| 1698 | await reader.align() | |
| 1699 | res.strangeNames = await PVOID.loadvalue(reader) | |
| 1700 | res.unk9 = await ULONG.loadvalue(reader) | |
| 1701 | res.TicketEncType = await ULONG.loadvalue(reader) | |
| 1702 | res.TicketKvno = await ULONG.loadvalue(reader) | |
| 1703 | await reader.align() | |
| 1704 | res.Ticket = await KIWI_KERBEROS_BUFFER.load(reader) | |
| 1705 | ||
| 1706 | return res | |
| 1707 | ||
| 1601 | 1708 | class PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(POINTER): |
| 1602 | 1709 | def __init__(self): |
| 1603 | 1710 | super().__init__() |
| 59 | 59 | json.dump(results, f, cls = UniversalEncoder, indent=4, sort_keys=True) |
| 60 | 60 | |
| 61 | 61 | elif args.outfile and args.grep: |
| 62 | with open(args.outfile, 'w', newline = '') as f: | |
| 62 | with open(args.outfile, 'w', newline = '', errors='replace') as f: | |
| 63 | 63 | f.write(':'.join(LogonSession.grep_header) + '\r\n') |
| 64 | 64 | for result in results: |
| 65 | 65 | for luid in results[result].logon_sessions: |
| 67 | 67 | f.write(':'.join(row) + '\r\n') |
| 68 | 68 | |
| 69 | 69 | elif args.outfile: |
| 70 | with open(args.outfile, 'w') as f: | |
| 70 | with open(args.outfile, 'w', errors='replace') as f: | |
| 71 | 71 | for result in results: |
| 72 | 72 | f.write('FILE: ======== %s =======\n' % result) |
| 73 | 73 | |
| 2 | 2 | # Author: |
| 3 | 3 | # Tamas Jos (@skelsec) |
| 4 | 4 | # |
| 5 | import io | |
| 6 | ||
| 5 | from typing import List | |
| 7 | 6 | #from pypykatz.commons.common import * |
| 8 | 7 | #from pypykatz.commons.filetime import * |
| 9 | 8 | #from .templates import * |
| 14 | 13 | |
| 15 | 14 | class KerberosCredential: |
| 16 | 15 | def __init__(self): |
| 17 | self.credtype = 'kerberos' | |
| 18 | self.username = None | |
| 19 | self.password = None | |
| 20 | self.password_raw = b'' | |
| 21 | self.domainname = None | |
| 22 | self.luid = None | |
| 23 | self.tickets = [] | |
| 24 | self.pin = None | |
| 25 | self.pin_raw = None | |
| 16 | self.credtype:str = 'kerberos' | |
| 17 | self.username:str = None | |
| 18 | self.password:str = None | |
| 19 | self.password_raw:bytes = b'' | |
| 20 | self.domainname:str = None | |
| 21 | self.luid:int = None | |
| 22 | self.tickets:List[KerberosTicket] = [] | |
| 23 | self.pin:str = None | |
| 24 | self.pin_raw:bytes = None | |
| 26 | 25 | self.cardinfo = None |
| 27 | 26 | |
| 28 | 27 | def __str__(self): |
| 91 | 91 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
| 92 | 92 | |
| 93 | 93 | |
| 94 | elif sysinfo.buildnumber >= WindowsBuild.WIN_10_1607.value: | |
| 94 | elif WindowsBuild.WIN_10_1607.value <= sysinfo.buildnumber < WindowsBuild.WIN_11_2022.value: | |
| 95 | 95 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' |
| 96 | 96 | template.first_entry_offset = 6 |
| 97 | 97 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 |
| 98 | 98 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_10_1607 |
| 99 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 | |
| 100 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 | |
| 101 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 | |
| 102 | ||
| 103 | elif sysinfo.buildnumber >= WindowsBuild.WIN_11_2022.value: | |
| 104 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' | |
| 105 | template.first_entry_offset = 6 | |
| 106 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 | |
| 107 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_11 | |
| 99 | 108 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 |
| 100 | 109 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 |
| 101 | 110 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
| 908 | 917 | reader.align() |
| 909 | 918 | self.Ticket = KIWI_KERBEROS_BUFFER(reader) |
| 910 | 919 | |
| 920 | class PKIWI_KERBEROS_INTERNAL_TICKET_11(POINTER): | |
| 921 | def __init__(self, reader): | |
| 922 | super().__init__(reader, KIWI_KERBEROS_INTERNAL_TICKET_11) | |
| 923 | ||
| 924 | ||
| 925 | class KIWI_KERBEROS_INTERNAL_TICKET_11: | |
| 926 | def __init__(self, reader): | |
| 927 | #input('KIWI_KERBEROS_INTERNAL_TICKET_11\n' + hexdump(reader.peek(0x300))) | |
| 928 | self.Flink = PKIWI_KERBEROS_INTERNAL_TICKET_11(reader) | |
| 929 | self.Blink = PKIWI_KERBEROS_INTERNAL_TICKET_11(reader) | |
| 930 | self.unk0 = PVOID(reader).value | |
| 931 | self.unk1 = PVOID(reader).value | |
| 932 | self.ServiceName = PKERB_EXTERNAL_NAME(reader) | |
| 933 | self.TargetName = PKERB_EXTERNAL_NAME(reader) | |
| 934 | self.DomainName = LSA_UNICODE_STRING(reader) | |
| 935 | self.TargetDomainName = LSA_UNICODE_STRING(reader) | |
| 936 | self.Description = LSA_UNICODE_STRING(reader) | |
| 937 | self.AltTargetDomainName = LSA_UNICODE_STRING(reader) | |
| 938 | self.KDCServer = LSA_UNICODE_STRING(reader) # //?(reader).value | |
| 939 | self.unk10586_d = LSA_UNICODE_STRING(reader) #//?(reader).value | |
| 940 | self.ClientName = PKERB_EXTERNAL_NAME(reader) | |
| 941 | self.name0 = PVOID(reader).value | |
| 942 | self.TicketFlags = int.from_bytes(reader.read(4), byteorder = 'big', signed = False) | |
| 943 | self.unk2 = ULONG(reader).value | |
| 944 | self.unk14393_0 = PVOID(reader).value | |
| 945 | self.unk2x = ULONG(reader).value | |
| 946 | self.KeyType = ULONG(reader).value | |
| 947 | self.Key = KIWI_KERBEROS_BUFFER(reader) | |
| 948 | self.unk14393_1 = PVOID(reader).value | |
| 949 | self.unk3 = PVOID(reader).value # // ULONG KeyType2 = (reader).value | |
| 950 | self.unk4 = PVOID(reader).value # // KIWI_KERBEROS_BUFFER Key2 = (reader).value | |
| 951 | self.unk5 = PVOID(reader).value # // up(reader).value | |
| 952 | self.StartTime = FILETIME(reader).value | |
| 953 | self.EndTime = FILETIME(reader).value | |
| 954 | self.RenewUntil = FILETIME(reader).value | |
| 955 | self.unk6 = ULONG(reader).value | |
| 956 | self.unk7 = ULONG(reader).value | |
| 957 | self.domain = PCWSTR(reader).value | |
| 958 | self.unk8 = ULONG(reader).value | |
| 959 | reader.align() | |
| 960 | self.strangeNames = PVOID(reader).value | |
| 961 | self.unk9 = ULONG(reader).value | |
| 962 | self.TicketEncType = ULONG(reader).value | |
| 963 | self.TicketKvno = ULONG(reader).value | |
| 964 | reader.align() | |
| 965 | self.Ticket = KIWI_KERBEROS_BUFFER(reader) | |
| 966 | ||
| 967 | ||
| 911 | 968 | class PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(POINTER): |
| 912 | 969 | def __init__(self, reader): |
| 913 | 970 | super().__init__(reader, KIWI_KERBEROS_INTERNAL_TICKET_10_1607) |
| 0 | 0 | Metadata-Version: 2.1 |
| 1 | 1 | Name: pypykatz |
| 2 | Version: 0.6.2 | |
| 2 | Version: 0.6.3 | |
| 3 | 3 | Summary: Python implementation of Mimikatz |
| 4 | 4 | Home-page: https://github.com/skelsec/pypykatz |
| 5 | 5 | Author: Tamas Jos |