New upstream release.
Kali Janitor
1 year, 5 months ago
0 | 0 | Metadata-Version: 2.1 |
1 | 1 | Name: pypykatz |
2 | Version: 0.6.2 | |
2 | Version: 0.6.3 | |
3 | 3 | Summary: Python implementation of Mimikatz |
4 | 4 | Home-page: https://github.com/skelsec/pypykatz |
5 | 5 | Author: Tamas Jos |
0 | pypykatz (0.6.2-0kali1) UNRELEASED; urgency=low | |
0 | pypykatz (0.6.3-0kali1) UNRELEASED; urgency=low | |
1 | 1 | |
2 | 2 | * New upstream release. |
3 | * New upstream release. | |
3 | 4 | |
4 | -- Kali Janitor <[email protected]> Wed, 02 Nov 2022 22:47:11 -0000 | |
5 | -- Kali Janitor <[email protected]> Wed, 14 Dec 2022 10:46:03 -0000 | |
5 | 6 | |
6 | 7 | pypykatz (0.4.9-0kali1) kali-dev; urgency=medium |
7 | 8 |
2 | 2 | # Author: |
3 | 3 | # Tamas Jos (@skelsec) |
4 | 4 | # |
5 | import io | |
6 | ||
7 | ||
5 | from typing import List | |
8 | 6 | from pypykatz.commons.kerberosticket import KerberosTicket, KerberosTicketType |
9 | 7 | from pypykatz.alsadecryptor.package_commons import PackageDecryptor |
10 | 8 | from pypykatz.alsadecryptor.win_datatypes import PLIST_ENTRY, PRTL_AVL_TABLE |
12 | 10 | |
13 | 11 | class KerberosCredential: |
14 | 12 | def __init__(self): |
15 | self.credtype = 'kerberos' | |
16 | self.username = None | |
17 | self.password = None | |
18 | self.password_raw = b'' | |
19 | self.domainname = None | |
20 | self.luid = None | |
21 | self.tickets = [] | |
22 | self.pin = None | |
23 | self.pin_raw = None | |
13 | self.credtype:str = 'kerberos' | |
14 | self.username:str = None | |
15 | self.password:str = None | |
16 | self.password_raw:bytes = b'' | |
17 | self.domainname:str = None | |
18 | self.luid:int = None | |
19 | self.tickets:List[KerberosTicket] = [] | |
20 | self.pin:str = None | |
21 | self.pin_raw:bytes = None | |
24 | 22 | self.cardinfo = None |
25 | 23 | |
26 | 24 | def __str__(self): |
90 | 90 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
91 | 91 | |
92 | 92 | |
93 | elif sysinfo.buildnumber >= WindowsBuild.WIN_10_1607.value: | |
93 | elif WindowsBuild.WIN_10_1607.value <= sysinfo.buildnumber < WindowsBuild.WIN_11_2022.value: | |
94 | 94 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' |
95 | 95 | template.first_entry_offset = 6 |
96 | 96 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 |
97 | 97 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_10_1607 |
98 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 | |
99 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 | |
100 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 | |
101 | ||
102 | elif sysinfo.buildnumber >= WindowsBuild.WIN_11_2022.value: | |
103 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' | |
104 | template.first_entry_offset = 6 | |
105 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 | |
106 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_11 | |
98 | 107 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 |
99 | 108 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 |
100 | 109 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
1598 | 1607 | await reader.align() |
1599 | 1608 | res.Ticket = await KIWI_KERBEROS_BUFFER.load(reader) |
1600 | 1609 | |
1610 | class PKIWI_KERBEROS_INTERNAL_TICKET_11(POINTER): | |
1611 | def __init__(self): | |
1612 | super().__init__() | |
1613 | ||
1614 | @staticmethod | |
1615 | async def load(reader): | |
1616 | p = PKIWI_KERBEROS_INTERNAL_TICKET_11() | |
1617 | p.location = reader.tell() | |
1618 | p.value = await reader.read_uint() | |
1619 | p.finaltype = KIWI_KERBEROS_INTERNAL_TICKET_11 | |
1620 | return p | |
1621 | ||
1622 | ||
1623 | class KIWI_KERBEROS_INTERNAL_TICKET_11: | |
1624 | def __init__(self): | |
1625 | self.Flink = None | |
1626 | self.Blink = None | |
1627 | self.unk0 = None | |
1628 | self.unk1 = None | |
1629 | self.ServiceName = None | |
1630 | self.TargetName = None | |
1631 | self.DomainName = None | |
1632 | self.TargetDomainName = None | |
1633 | self.Description = None | |
1634 | self.AltTargetDomainName = None | |
1635 | self.KDCServer = None | |
1636 | self.unk10586_d = None | |
1637 | self.ClientName = None | |
1638 | self.name0 = None | |
1639 | self.TicketFlags = None | |
1640 | self.unk2 = None | |
1641 | self.unk14393_0 = None | |
1642 | self.unk2x = None | |
1643 | self.KeyType = None | |
1644 | self.Key = None | |
1645 | self.unk14393_1 = None | |
1646 | self.unk3 = None | |
1647 | self.unk4 = None | |
1648 | self.unk5 = None | |
1649 | self.StartTime = None | |
1650 | self.EndTime = None | |
1651 | self.RenewUntil = None | |
1652 | self.unk6 = None | |
1653 | self.unk7 = None | |
1654 | self.domain = None | |
1655 | self.unk8 = None | |
1656 | self.strangeNames = None | |
1657 | self.unk9 = None | |
1658 | self.TicketEncType = None | |
1659 | self.TicketKvno = None | |
1660 | self.Ticket = None | |
1661 | ||
1662 | ||
1663 | @staticmethod | |
1664 | async def load(reader): | |
1665 | res = KIWI_KERBEROS_INTERNAL_TICKET_11() | |
1666 | res.Flink = await PKIWI_KERBEROS_INTERNAL_TICKET_11.load(reader) | |
1667 | res.Blink = await PKIWI_KERBEROS_INTERNAL_TICKET_11.load(reader) | |
1668 | res.unk0 = await PVOID.loadvalue(reader) | |
1669 | res.unk1 = await PVOID.loadvalue(reader) | |
1670 | res.ServiceName = await PKERB_EXTERNAL_NAME.load(reader) | |
1671 | res.TargetName = await PKERB_EXTERNAL_NAME.load(reader) | |
1672 | res.DomainName = await LSA_UNICODE_STRING.load(reader) | |
1673 | res.TargetDomainName = await LSA_UNICODE_STRING.load(reader) | |
1674 | res.Description = await LSA_UNICODE_STRING.load(reader) | |
1675 | res.AltTargetDomainName = await LSA_UNICODE_STRING.load(reader) | |
1676 | res.KDCServer = await LSA_UNICODE_STRING.load(reader) # //?(reader).value | |
1677 | res.unk10586_d = await LSA_UNICODE_STRING.load(reader) #//?(reader).value | |
1678 | res.ClientName = await PKERB_EXTERNAL_NAME.load(reader) | |
1679 | res.name0 = await PVOID.loadvalue(reader) | |
1680 | x = await reader.read(4) | |
1681 | res.TicketFlags = int.from_bytes(x, byteorder = 'big', signed = False) | |
1682 | res.unk2 = await ULONG.loadvalue(reader) | |
1683 | res.unk14393_0 = await PVOID.loadvalue(reader) | |
1684 | res.unk2x = await ULONG.loadvalue(reader) | |
1685 | res.KeyType = await ULONG.loadvalue(reader) | |
1686 | res.Key = await KIWI_KERBEROS_BUFFER.load(reader) | |
1687 | res.unk14393_1 = await PVOID.loadvalue(reader) | |
1688 | res.unk3 = await PVOID.loadvalue(reader) # // ULONG KeyType2 = (reader).value | |
1689 | res.unk4 = await PVOID.loadvalue(reader) # // KIWI_KERBEROS_BUFFER Key2 = (reader).value | |
1690 | res.unk5 = await PVOID.loadvalue(reader) # // up(reader).value | |
1691 | res.StartTime = await FILETIME.loadvalue(reader) | |
1692 | res.EndTime = await FILETIME.loadvalue(reader) | |
1693 | res.RenewUntil = await FILETIME.loadvalue(reader) | |
1694 | res.unk6 = await ULONG.loadvalue(reader) | |
1695 | res.unk7 = await ULONG.loadvalue(reader) | |
1696 | res.domain = await PCWSTR.loadvalue(reader) | |
1697 | res.unk8 = await ULONG.loadvalue(reader) | |
1698 | await reader.align() | |
1699 | res.strangeNames = await PVOID.loadvalue(reader) | |
1700 | res.unk9 = await ULONG.loadvalue(reader) | |
1701 | res.TicketEncType = await ULONG.loadvalue(reader) | |
1702 | res.TicketKvno = await ULONG.loadvalue(reader) | |
1703 | await reader.align() | |
1704 | res.Ticket = await KIWI_KERBEROS_BUFFER.load(reader) | |
1705 | ||
1706 | return res | |
1707 | ||
1601 | 1708 | class PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(POINTER): |
1602 | 1709 | def __init__(self): |
1603 | 1710 | super().__init__() |
59 | 59 | json.dump(results, f, cls = UniversalEncoder, indent=4, sort_keys=True) |
60 | 60 | |
61 | 61 | elif args.outfile and args.grep: |
62 | with open(args.outfile, 'w', newline = '') as f: | |
62 | with open(args.outfile, 'w', newline = '', errors='replace') as f: | |
63 | 63 | f.write(':'.join(LogonSession.grep_header) + '\r\n') |
64 | 64 | for result in results: |
65 | 65 | for luid in results[result].logon_sessions: |
67 | 67 | f.write(':'.join(row) + '\r\n') |
68 | 68 | |
69 | 69 | elif args.outfile: |
70 | with open(args.outfile, 'w') as f: | |
70 | with open(args.outfile, 'w', errors='replace') as f: | |
71 | 71 | for result in results: |
72 | 72 | f.write('FILE: ======== %s =======\n' % result) |
73 | 73 |
2 | 2 | # Author: |
3 | 3 | # Tamas Jos (@skelsec) |
4 | 4 | # |
5 | import io | |
6 | ||
5 | from typing import List | |
7 | 6 | #from pypykatz.commons.common import * |
8 | 7 | #from pypykatz.commons.filetime import * |
9 | 8 | #from .templates import * |
14 | 13 | |
15 | 14 | class KerberosCredential: |
16 | 15 | def __init__(self): |
17 | self.credtype = 'kerberos' | |
18 | self.username = None | |
19 | self.password = None | |
20 | self.password_raw = b'' | |
21 | self.domainname = None | |
22 | self.luid = None | |
23 | self.tickets = [] | |
24 | self.pin = None | |
25 | self.pin_raw = None | |
16 | self.credtype:str = 'kerberos' | |
17 | self.username:str = None | |
18 | self.password:str = None | |
19 | self.password_raw:bytes = b'' | |
20 | self.domainname:str = None | |
21 | self.luid:int = None | |
22 | self.tickets:List[KerberosTicket] = [] | |
23 | self.pin:str = None | |
24 | self.pin_raw:bytes = None | |
26 | 25 | self.cardinfo = None |
27 | 26 | |
28 | 27 | def __str__(self): |
91 | 91 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
92 | 92 | |
93 | 93 | |
94 | elif sysinfo.buildnumber >= WindowsBuild.WIN_10_1607.value: | |
94 | elif WindowsBuild.WIN_10_1607.value <= sysinfo.buildnumber < WindowsBuild.WIN_11_2022.value: | |
95 | 95 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' |
96 | 96 | template.first_entry_offset = 6 |
97 | 97 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 |
98 | 98 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_10_1607 |
99 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 | |
100 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 | |
101 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 | |
102 | ||
103 | elif sysinfo.buildnumber >= WindowsBuild.WIN_11_2022.value: | |
104 | template.signature = b'\x48\x8b\x18\x48\x8d\x0d' | |
105 | template.first_entry_offset = 6 | |
106 | template.kerberos_session_struct = KIWI_KERBEROS_LOGON_SESSION_10_1607 | |
107 | template.kerberos_ticket_struct = KIWI_KERBEROS_INTERNAL_TICKET_11 | |
99 | 108 | template.keys_list_struct = KIWI_KERBEROS_KEYS_LIST_6 |
100 | 109 | template.hash_password_struct = KERB_HASHPASSWORD_6_1607 |
101 | 110 | template.csp_info_struct = KIWI_KERBEROS_CSP_INFOS_10 |
908 | 917 | reader.align() |
909 | 918 | self.Ticket = KIWI_KERBEROS_BUFFER(reader) |
910 | 919 | |
920 | class PKIWI_KERBEROS_INTERNAL_TICKET_11(POINTER): | |
921 | def __init__(self, reader): | |
922 | super().__init__(reader, KIWI_KERBEROS_INTERNAL_TICKET_11) | |
923 | ||
924 | ||
925 | class KIWI_KERBEROS_INTERNAL_TICKET_11: | |
926 | def __init__(self, reader): | |
927 | #input('KIWI_KERBEROS_INTERNAL_TICKET_11\n' + hexdump(reader.peek(0x300))) | |
928 | self.Flink = PKIWI_KERBEROS_INTERNAL_TICKET_11(reader) | |
929 | self.Blink = PKIWI_KERBEROS_INTERNAL_TICKET_11(reader) | |
930 | self.unk0 = PVOID(reader).value | |
931 | self.unk1 = PVOID(reader).value | |
932 | self.ServiceName = PKERB_EXTERNAL_NAME(reader) | |
933 | self.TargetName = PKERB_EXTERNAL_NAME(reader) | |
934 | self.DomainName = LSA_UNICODE_STRING(reader) | |
935 | self.TargetDomainName = LSA_UNICODE_STRING(reader) | |
936 | self.Description = LSA_UNICODE_STRING(reader) | |
937 | self.AltTargetDomainName = LSA_UNICODE_STRING(reader) | |
938 | self.KDCServer = LSA_UNICODE_STRING(reader) # //?(reader).value | |
939 | self.unk10586_d = LSA_UNICODE_STRING(reader) #//?(reader).value | |
940 | self.ClientName = PKERB_EXTERNAL_NAME(reader) | |
941 | self.name0 = PVOID(reader).value | |
942 | self.TicketFlags = int.from_bytes(reader.read(4), byteorder = 'big', signed = False) | |
943 | self.unk2 = ULONG(reader).value | |
944 | self.unk14393_0 = PVOID(reader).value | |
945 | self.unk2x = ULONG(reader).value | |
946 | self.KeyType = ULONG(reader).value | |
947 | self.Key = KIWI_KERBEROS_BUFFER(reader) | |
948 | self.unk14393_1 = PVOID(reader).value | |
949 | self.unk3 = PVOID(reader).value # // ULONG KeyType2 = (reader).value | |
950 | self.unk4 = PVOID(reader).value # // KIWI_KERBEROS_BUFFER Key2 = (reader).value | |
951 | self.unk5 = PVOID(reader).value # // up(reader).value | |
952 | self.StartTime = FILETIME(reader).value | |
953 | self.EndTime = FILETIME(reader).value | |
954 | self.RenewUntil = FILETIME(reader).value | |
955 | self.unk6 = ULONG(reader).value | |
956 | self.unk7 = ULONG(reader).value | |
957 | self.domain = PCWSTR(reader).value | |
958 | self.unk8 = ULONG(reader).value | |
959 | reader.align() | |
960 | self.strangeNames = PVOID(reader).value | |
961 | self.unk9 = ULONG(reader).value | |
962 | self.TicketEncType = ULONG(reader).value | |
963 | self.TicketKvno = ULONG(reader).value | |
964 | reader.align() | |
965 | self.Ticket = KIWI_KERBEROS_BUFFER(reader) | |
966 | ||
967 | ||
911 | 968 | class PKIWI_KERBEROS_INTERNAL_TICKET_10_1607(POINTER): |
912 | 969 | def __init__(self, reader): |
913 | 970 | super().__init__(reader, KIWI_KERBEROS_INTERNAL_TICKET_10_1607) |
0 | 0 | Metadata-Version: 2.1 |
1 | 1 | Name: pypykatz |
2 | Version: 0.6.2 | |
2 | Version: 0.6.3 | |
3 | 3 | Summary: Python implementation of Mimikatz |
4 | 4 | Home-page: https://github.com/skelsec/pypykatz |
5 | 5 | Author: Tamas Jos |