Python impacket.krb5.types.Ticket() Examples
The following are 22
code examples of impacket.krb5.types.Ticket().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.krb5.types
, or try the search function
.
.
Example #1
| Source File: ccache.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def toTGT(self):
tgt_rep = AS_REP()
tgt_rep['pvno'] = 5
tgt_rep['msg-type'] = int(constants.ApplicationTagNumbers.AS_REP.value)
tgt_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgt_rep['enc-part'] = None
tgt_rep['enc-part']['etype'] = 1
tgt_rep['enc-part']['cipher'] = ''
seq_set(tgt_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
seq_set(tgt_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgt = dict()
tgt['KDC_REP'] = encoder.encode(tgt_rep)
tgt['cipher'] = cipher
tgt['sessionKey'] = crypto.Key(cipher.enctype, str(self['key']['keyvalue']))
return tgt
Example #2
| Source File: ccache.py From PiBunny with MIT License | 6 votes |
|
def toTGS(self):
tgs_rep = TGS_REP()
tgs_rep['pvno'] = 5
tgs_rep['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REP.value)
tgs_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgs_rep['enc-part'] = None
tgs_rep['enc-part']['etype'] = 1
tgs_rep['enc-part']['cipher'] = ''
seq_set(tgs_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
seq_set(tgs_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgs = dict()
tgs['KDC_REP'] = encoder.encode(tgs_rep)
tgs['cipher'] = cipher
tgs['sessionKey'] = crypto.Key(cipher.enctype, str(self['key']['keyvalue']))
return tgs
Example #3
| Source File: ccache.py From PiBunny with MIT License | 6 votes |
|
def toTGT(self):
tgt_rep = AS_REP()
tgt_rep['pvno'] = 5
tgt_rep['msg-type'] = int(constants.ApplicationTagNumbers.AP_REP.value)
tgt_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgt_rep['enc-part'] = None
tgt_rep['enc-part']['etype'] = 1
tgt_rep['enc-part']['cipher'] = ''
seq_set(tgt_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
seq_set(tgt_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgt = dict()
tgt['KDC_REP'] = encoder.encode(tgt_rep)
tgt['cipher'] = cipher
tgt['sessionKey'] = crypto.Key(cipher.enctype, str(self['key']['keyvalue']))
return tgt
Example #4
| Source File: ccache.py From PiBunny with MIT License | 6 votes |
|
def prettyPrint(self, indent=''):
print "%sClient: %s" % (indent, self.header['client'].prettyPrint())
print "%sServer: %s" % (indent, self.header['server'].prettyPrint())
print "%s%s" % (indent, self.header['key'].prettyPrint())
print "%sTimes: " % indent
self.header['time'].prettyPrint('\t\t')
print "%sSubKey: %s" % (indent, self.header['is_skey'])
print "%sFlags: 0x%x" % (indent, self.header['tktflags'])
print "%sAddresses: %d" % (indent, self.header['num_address'])
for address in self.addresses:
address.prettyPrint('\t\t')
print "%sAuth Data: %d" % (indent, len(self.authData))
for ad in self.authData:
ad.prettyPrint('\t\t')
print "%sTicket: %s" % (indent, self.ticket.prettyPrint())
print "%sSecond Ticket: %s" % (indent, self.secondTicket.prettyPrint())
Example #5
| Source File: ccache.py From cracke-dit with MIT License | 6 votes |
|
def prettyPrint(self, indent=''):
print "%sClient: %s" % (indent, self.header['client'].prettyPrint())
print "%sServer: %s" % (indent, self.header['server'].prettyPrint())
print "%s%s" % (indent, self.header['key'].prettyPrint())
print "%sTimes: " % indent
self.header['time'].prettyPrint('\t\t')
print "%sSubKey: %s" % (indent, self.header['is_skey'])
print "%sFlags: 0x%x" % (indent, self.header['tktflags'])
print "%sAddresses: %d" % (indent, self.header['num_address'])
for address in self.addresses:
address.prettyPrint('\t\t')
print "%sAuth Data: %d" % (indent, len(self.authData))
for ad in self.authData:
ad.prettyPrint('\t\t')
print "%sTicket: %s" % (indent, self.ticket.prettyPrint())
print "%sSecond Ticket: %s" % (indent, self.secondTicket.prettyPrint())
Example #6
| Source File: ccache.py From cracke-dit with MIT License | 6 votes |
|
def toTGT(self):
tgt_rep = AS_REP()
tgt_rep['pvno'] = 5
tgt_rep['msg-type'] = int(constants.ApplicationTagNumbers.AS_REP.value)
tgt_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgt_rep['enc-part'] = noValue
tgt_rep['enc-part']['etype'] = 1
tgt_rep['enc-part']['cipher'] = ''
seq_set(tgt_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
seq_set(tgt_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgt = dict()
tgt['KDC_REP'] = encoder.encode(tgt_rep)
tgt['cipher'] = cipher
tgt['sessionKey'] = crypto.Key(cipher.enctype, str(self['key']['keyvalue']))
return tgt
Example #7
| Source File: ccache.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def toTGT(self):
tgt_rep = AS_REP()
tgt_rep['pvno'] = 5
tgt_rep['msg-type'] = int(constants.ApplicationTagNumbers.AS_REP.value)
tgt_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgt_rep['enc-part'] = noValue
tgt_rep['enc-part']['etype'] = 1
tgt_rep['enc-part']['cipher'] = ''
seq_set(tgt_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
seq_set(tgt_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgt = dict()
tgt['KDC_REP'] = encoder.encode(tgt_rep)
tgt['cipher'] = cipher
tgt['sessionKey'] = crypto.Key(cipher.enctype, self['key']['keyvalue'])
return tgt
Example #8
| Source File: ccache.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def prettyPrint(self, indent=''):
print(("%sClient: %s" % (indent, self.header['client'].prettyPrint())))
print(("%sServer: %s" % (indent, self.header['server'].prettyPrint())))
print(("%s%s" % (indent, self.header['key'].prettyPrint())))
print(("%sTimes: " % indent))
self.header['time'].prettyPrint('\t\t')
print(("%sSubKey: %s" % (indent, self.header['is_skey'])))
print(("%sFlags: 0x%x" % (indent, self.header['tktflags'])))
print(("%sAddresses: %d" % (indent, self.header['num_address'])))
for address in self.addresses:
address.prettyPrint('\t\t')
print(("%sAuth Data: %d" % (indent, len(self.authData))))
for ad in self.authData:
ad.prettyPrint('\t\t')
print(("%sTicket: %s" % (indent, self.ticket.prettyPrint())))
print(("%sSecond Ticket: %s" % (indent, self.secondTicket.prettyPrint())))
Example #9
| Source File: ccache.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def prettyPrint(self, indent=''):
print "%sClient: %s" % (indent, self.header['client'].prettyPrint())
print "%sServer: %s" % (indent, self.header['server'].prettyPrint())
print "%s%s" % (indent, self.header['key'].prettyPrint())
print "%sTimes: " % indent
self.header['time'].prettyPrint('\t\t')
print "%sSubKey: %s" % (indent, self.header['is_skey'])
print "%sFlags: 0x%x" % (indent, self.header['tktflags'])
print "%sAddresses: %d" % (indent, self.header['num_address'])
for address in self.addresses:
address.prettyPrint('\t\t')
print "%sAuth Data: %d" % (indent, len(self.authData))
for ad in self.authData:
ad.prettyPrint('\t\t')
print "%sTicket: %s" % (indent, self.ticket.prettyPrint())
print "%sSecond Ticket: %s" % (indent, self.secondTicket.prettyPrint())
Example #10
| Source File: kerberos.py From krbrelayx with MIT License | 5 votes |
|
def ldap_kerberos(domain, kdc, tgt, username, ldapconnection, hostname):
# Hackery to authenticate with ldap3 using impacket Kerberos stack
# I originally wrote this for BloodHound.py, but it works fine (tm) here too
username = Principal(username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
servername = Principal('ldap/%s' % hostname, type=constants.PrincipalNameType.NT_SRV_INST.value)
tgs, cipher, _, sessionkey = getKerberosTGS(servername, domain, kdc,
tgt['KDC_REP'], tgt['cipher'], tgt['sessionKey'])
# Let's build a NegTokenInit with a Kerberos AP_REQ
blob = SPNEGO_NegTokenInit()
# Kerberos
blob['MechTypes'] = [TypesMech['MS KRB5 - Microsoft Kerberos 5']]
# Let's extract the ticket from the TGS
tgs = decoder.decode(tgs, asn1Spec=TGS_REP())[0]
ticket = Ticket()
ticket.from_asn1(tgs['ticket'])
# Now let's build the AP_REQ
apReq = AP_REQ()
apReq['pvno'] = 5
apReq['msg-type'] = int(constants.ApplicationTagNumbers.AP_REQ.value)
opts = []
apReq['ap-options'] = constants.encodeFlags(opts)
seq_set(apReq, 'ticket', ticket.to_asn1)
authenticator = Authenticator()
authenticator['authenticator-vno'] = 5
authenticator['crealm'] = domain
seq_set(authenticator, 'cname', username.components_to_asn1)
now = datetime.datetime.utcnow()
authenticator['cusec'] = now.microsecond
authenticator['ctime'] = KerberosTime.to_asn1(now)
encodedAuthenticator = encoder.encode(authenticator)
# Key Usage 11
# AP-REQ Authenticator (includes application authenticator
# subkey), encrypted with the application session key
# (Section 5.5.1)
encryptedEncodedAuthenticator = cipher.encrypt(sessionkey, 11, encodedAuthenticator, None)
apReq['authenticator'] = noValue
apReq['authenticator']['etype'] = cipher.enctype
apReq['authenticator']['cipher'] = encryptedEncodedAuthenticator
blob['MechToken'] = encoder.encode(apReq)
# From here back to ldap3
ldapconnection.open(read_server_info=False)
request = bind_operation(ldapconnection.version, SASL, None, None, ldapconnection.sasl_mechanism, blob.getData())
response = ldapconnection.post_send_single_response(ldapconnection.send('bindRequest', request, None))[0]
ldapconnection.result = response
if response['result'] == 0:
ldapconnection.bound = True
ldapconnection.refresh_server_info()
return response['result'] == 0
Example #11
| Source File: ccache.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def toTGS(self, newSPN=None):
tgs_rep = TGS_REP()
tgs_rep['pvno'] = 5
tgs_rep['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REP.value)
tgs_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgs_rep['enc-part'] = noValue
tgs_rep['enc-part']['etype'] = 1
tgs_rep['enc-part']['cipher'] = ''
seq_set(tgs_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
if newSPN is not None:
if newSPN.upper() != str(ticket.service_principal).upper():
LOG.debug('Changing sname from %s to %s and hoping for the best' % (ticket.service_principal, newSPN) )
ticket.service_principal = types.Principal(newSPN, type=int(ticket.service_principal.type))
seq_set(tgs_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgs = dict()
tgs['KDC_REP'] = encoder.encode(tgs_rep)
tgs['cipher'] = cipher
tgs['sessionKey'] = crypto.Key(cipher.enctype, self['key']['keyvalue'])
return tgs
Example #12
| Source File: kerberos.py From krbrelayx with MIT License | 5 votes |
|
def kirbi2ccache(kirbifile, ccachefile):
with open(kirbifile, 'rb') as infile:
data = infile.read()
creds = decoder.decode(data, asn1Spec=KRB_CRED())[0]
# This shouldn't be encrypted normally
if creds['enc-part']['etype'] != 0:
raise Exception('Ticket info is encrypted with cipher other than null')
enc_part = decoder.decode(creds['enc-part']['cipher'], asn1Spec=EncKrbCredPart())[0]
tinfo = enc_part['ticket-info']
ccache = KrbCredCCache()
# Enumerate all
for i, tinfo in enumerate(tinfo):
ccache.fromKrbCredTicket(creds['tickets'][i], tinfo)
ccache.saveFile(ccachefile)
Example #13
| Source File: ccache.py From cracke-dit with MIT License | 5 votes |
|
def toTGS(self, newSPN=None):
tgs_rep = TGS_REP()
tgs_rep['pvno'] = 5
tgs_rep['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REP.value)
tgs_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgs_rep['enc-part'] = noValue
tgs_rep['enc-part']['etype'] = 1
tgs_rep['enc-part']['cipher'] = ''
seq_set(tgs_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
if newSPN is not None:
if newSPN.upper() != str(ticket.service_principal).upper():
LOG.debug('Changing sname from %s to %s and hoping for the best' % (ticket.service_principal, newSPN) )
ticket.service_principal = types.Principal(newSPN, type=int(ticket.service_principal.type))
seq_set(tgs_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgs = dict()
tgs['KDC_REP'] = encoder.encode(tgs_rep)
tgs['cipher'] = cipher
tgs['sessionKey'] = crypto.Key(cipher.enctype, str(self['key']['keyvalue']))
return tgs
Example #14
| Source File: ccache.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def toTGS(self, newSPN=None):
tgs_rep = TGS_REP()
tgs_rep['pvno'] = 5
tgs_rep['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REP.value)
tgs_rep['crealm'] = self['server'].realm['data']
# Fake EncryptedData
tgs_rep['enc-part'] = None
tgs_rep['enc-part']['etype'] = 1
tgs_rep['enc-part']['cipher'] = ''
seq_set(tgs_rep, 'cname', self['client'].toPrincipal().components_to_asn1)
ticket = types.Ticket()
ticket.from_asn1(self.ticket['data'])
if newSPN is not None:
if newSPN.upper() != str(ticket.service_principal).upper():
LOG.debug('Changing sname from %s to %s and hoping for the best' % (ticket.service_principal, newSPN) )
ticket.service_principal = types.Principal(newSPN, type=int(ticket.service_principal.type))
seq_set(tgs_rep,'ticket', ticket.to_asn1)
cipher = crypto._enctype_table[self['key']['keytype']]()
tgs = dict()
tgs['KDC_REP'] = encoder.encode(tgs_rep)
tgs['cipher'] = cipher
tgs['sessionKey'] = crypto.Key(cipher.enctype, str(self['key']['keyvalue']))
return tgs
Example #15
| Source File: ccache.py From cracke-dit with MIT License | 4 votes |
|
def fromTGS(self, tgs, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = '\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGS = decoder.decode(tgs, asn1Spec = TGS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGS, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGS['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGS['enc-part']['etype']]
# Key Usage 8
# TGS-REP encrypted part (includes application session
# key), encrypted with the TGS session key (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 8, str(cipherText))
encTGSRepPart = decoder.decode(plainText, asn1Spec = EncTGSRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encTGSRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encTGSRepPart['key']['keytype'])
credential['key']['keyvalue'] = str(encTGSRepPart['key']['keyvalue'])
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['renew-till']))
flags = self.reverseFlags(encTGSRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGS['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = ''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
Example #16
| Source File: ccache.py From cracke-dit with MIT License | 4 votes |
|
def fromTGT(self, tgt, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = '\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGT = decoder.decode(tgt, asn1Spec = AS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGT, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGT['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGT['enc-part']['etype']]
# Key Usage 3
# AS-REP encrypted part (includes TGS session key or
# application session key), encrypted with the client key
# (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 3, str(cipherText))
encASRepPart = decoder.decode(plainText, asn1Spec = EncASRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encASRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encASRepPart['key']['keytype'])
credential['key']['keyvalue'] = str(encASRepPart['key']['keyvalue'])
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['renew-till']))
flags = self.reverseFlags(encASRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGT['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = ''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
Example #17
| Source File: ccache.py From Slackor with GNU General Public License v3.0 | 4 votes |
|
def fromTGT(self, tgt, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = b'\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGT = decoder.decode(tgt, asn1Spec = AS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGT, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGT['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGT['enc-part']['etype']]
# Key Usage 3
# AS-REP encrypted part (includes TGS session key or
# application session key), encrypted with the client key
# (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 3, cipherText)
encASRepPart = decoder.decode(plainText, asn1Spec = EncASRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encASRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encASRepPart['key']['keytype'])
credential['key']['keyvalue'] = encASRepPart['key']['keyvalue'].asOctets()
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['renew-till']))
flags = self.reverseFlags(encASRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGT['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = b''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
Example #18
| Source File: ccache.py From Slackor with GNU General Public License v3.0 | 4 votes |
|
def fromTGS(self, tgs, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = b'\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGS = decoder.decode(tgs, asn1Spec = TGS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGS, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGS['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGS['enc-part']['etype']]
# Key Usage 8
# TGS-REP encrypted part (includes application session
# key), encrypted with the TGS session key (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 8, cipherText)
encTGSRepPart = decoder.decode(plainText, asn1Spec = EncTGSRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encTGSRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encTGSRepPart['key']['keytype'])
credential['key']['keyvalue'] = encTGSRepPart['key']['keyvalue'].asOctets()
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['renew-till']))
flags = self.reverseFlags(encTGSRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGS['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = b''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
Example #19
| Source File: ccache.py From CVE-2017-7494 with GNU General Public License v3.0 | 4 votes |
|
def fromTGS(self, tgs, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = '\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGS = decoder.decode(tgs, asn1Spec = TGS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGS, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGS['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGS['enc-part']['etype']]
# Key Usage 8
# TGS-REP encrypted part (includes application session
# key), encrypted with the TGS session key (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 8, str(cipherText))
encTGSRepPart = decoder.decode(plainText, asn1Spec = EncTGSRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encTGSRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encTGSRepPart['key']['keytype'])
credential['key']['keyvalue'] = str(encTGSRepPart['key']['keyvalue'])
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['renew-till']))
flags = self.reverseFlags(encTGSRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGS['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = ''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
Example #20
| Source File: ccache.py From CVE-2017-7494 with GNU General Public License v3.0 | 4 votes |
|
def fromTGT(self, tgt, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = '\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGT = decoder.decode(tgt, asn1Spec = AS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGT, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGT['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGT['enc-part']['etype']]
# Key Usage 3
# AS-REP encrypted part (includes TGS session key or
# application session key), encrypted with the client key
# (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 3, str(cipherText))
encASRepPart = decoder.decode(plainText, asn1Spec = EncASRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encASRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encASRepPart['key']['keytype'])
credential['key']['keyvalue'] = str(encASRepPart['key']['keyvalue'])
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['renew-till']))
flags = self.reverseFlags(encASRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGT['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = ''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
Example #21
| Source File: ccache.py From PiBunny with MIT License | 4 votes |
|
def fromTGT(self, tgt, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = '\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGT = decoder.decode(tgt, asn1Spec = AS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGT, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGT['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGT['enc-part']['etype']]
# Key Usage 3
# AS-REP encrypted part (includes TGS session key or
# application session key), encrypted with the client key
# (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 3, str(cipherText))
encASRepPart = decoder.decode(plainText, asn1Spec = EncASRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encASRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encASRepPart['key']['keytype'])
credential['key']['keyvalue'] = str(encASRepPart['key']['keyvalue'])
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encASRepPart['renew-till']))
flags = self.reverseFlags(encASRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGT['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = ''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
Example #22
| Source File: ccache.py From PiBunny with MIT License | 4 votes |
|
def fromTGS(self, tgs, oldSessionKey, sessionKey):
self.headers = []
header = Header()
header['tag'] = 1
header['taglen'] = 8
header['tagdata'] = '\xff\xff\xff\xff\x00\x00\x00\x00'
self.headers.append(header)
decodedTGS = decoder.decode(tgs, asn1Spec = TGS_REP())[0]
tmpPrincipal = types.Principal()
tmpPrincipal.from_asn1(decodedTGS, 'crealm', 'cname')
self.principal = Principal()
self.principal.fromPrincipal(tmpPrincipal)
# Now let's add the credential
cipherText = decodedTGS['enc-part']['cipher']
cipher = crypto._enctype_table[decodedTGS['enc-part']['etype']]
# Key Usage 8
# TGS-REP encrypted part (includes application session
# key), encrypted with the TGS session key (Section 5.4.2)
plainText = cipher.decrypt(oldSessionKey, 8, str(cipherText))
encTGSRepPart = decoder.decode(plainText, asn1Spec = EncTGSRepPart())[0]
credential = Credential()
server = types.Principal()
server.from_asn1(encTGSRepPart, 'srealm', 'sname')
tmpServer = Principal()
tmpServer.fromPrincipal(server)
credential['client'] = self.principal
credential['server'] = tmpServer
credential['is_skey'] = 0
credential['key'] = KeyBlock()
credential['key']['keytype'] = int(encTGSRepPart['key']['keytype'])
credential['key']['keyvalue'] = str(encTGSRepPart['key']['keyvalue'])
credential['key']['keylen'] = len(credential['key']['keyvalue'])
credential['time'] = Times()
credential['time']['authtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['authtime']))
credential['time']['starttime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['starttime']))
credential['time']['endtime'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['endtime']))
credential['time']['renew_till'] = self.toTimeStamp(types.KerberosTime.from_asn1(encTGSRepPart['renew-till']))
flags = self.reverseFlags(encTGSRepPart['flags'])
credential['tktflags'] = flags
credential['num_address'] = 0
credential.ticket = CountedOctetString()
credential.ticket['data'] = encoder.encode(decodedTGS['ticket'].clone(tagSet=Ticket.tagSet, cloneValueFlag=True))
credential.ticket['length'] = len(credential.ticket['data'])
credential.secondTicket = CountedOctetString()
credential.secondTicket['data'] = ''
credential.secondTicket['length'] = 0
self.credentials.append(credential)
