diff --git a/include/interface_migrate.h b/include/interface_migrate.h index 55f494cec..922efef52 100644 --- a/include/interface_migrate.h +++ b/include/interface_migrate.h @@ -91,16 +91,6 @@ typedef struct ikepsk } ikepsk_t; -typedef struct krb5pa -{ - u32 user[16]; - u32 realm[16]; - u32 salt[32]; - u32 timestamp[16]; - u32 checksum[4]; - -} krb5pa_t; - typedef struct krb5tgs { u32 account_info[512]; @@ -790,7 +780,6 @@ typedef enum hash_type HASH_TYPE_WHIRLPOOL = 19, HASH_TYPE_AES = 20, HASH_TYPE_GOST = 21, - HASH_TYPE_KRB5PA = 22, HASH_TYPE_SAPB = 23, HASH_TYPE_SAPG = 24, HASH_TYPE_MYSQL = 25, @@ -917,7 +906,6 @@ typedef enum kern_type KERN_TYPE_PBKDF2_SHA512 = 7100, KERN_TYPE_RAKP = 7300, KERN_TYPE_SHA256CRYPT = 7400, - KERN_TYPE_KRB5PA = 7500, KERN_TYPE_SAPB = 7700, KERN_TYPE_SAPB_MANGLED = 7701, KERN_TYPE_SAPG = 7800, @@ -1154,7 +1142,6 @@ int sha512macos_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu int episerver4_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int sha512grub_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int sha512b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); -int krb5pa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int krb5tgs_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int krb5asrep_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); int sapb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig); diff --git a/include/types.h b/include/types.h index 358c0f240..50be100ea 100644 --- a/include/types.h +++ b/include/types.h @@ -2429,7 +2429,6 @@ typedef enum hash_type * hash category is relevant in usage.c (--help screen) */ - typedef enum hash_category { HASH_CATEGORY_UNDEFINED = 0, diff --git a/src/interface_migrate.c b/src/interface_migrate.c index 05a60b816..19d71c8e5 100644 --- a/src/interface_migrate.c +++ b/src/interface_migrate.c @@ -60,7 +60,6 @@ " 5300 | IKE-PSK MD5 | Network Protocols", " 5400 | IKE-PSK SHA1 | Network Protocols", " 7300 | IPMI2 RAKP HMAC-SHA1 | Network Protocols", - " 7500 | Kerberos 5 AS-REQ Pre-Auth etype 23 | Network Protocols", " 8300 | DNSSEC (NSEC3) | Network Protocols", " 10200 | CRAM-MD5 | Network Protocols", " 11100 | PostgreSQL CRAM (MD5) | Network Protocols", @@ -356,7 +355,6 @@ static const char *ST_HASH_07100 = "$ml$1024$24843807311321316245062714671621235 static const char *ST_HASH_07200 = "grub.pbkdf2.sha512.1024.03510507805003756325721848020561235456073188241051876082416068104377357018503082587026352628170170411053726157658716047762755750.aac26b18c2b0c44bcf56514d46aabd52eea097d9c95122722087829982e9dd957b2b641cb1e015d4df16a84d0571e96cf6d3de6361431bdeed4ddb0940f2425b"; static const char *ST_HASH_07300 = "3437343735333336383831353232323433383333303236303337333338363232303135383237333638363532373231343030313131333838323734373138363632343133333335353030353633373533333133313530363533303738343334313330303630343633333237373037383537333630303233303830303437323838333237313438363238343434383831363634323431333430383735323038:f4b376e25868751fc0264f573ff1fe50b65ce5a2"; static const char *ST_HASH_07400 = "$5$7777657035274252$XftMj84MW.New1/ViLY5V4CM4Y7EBvfETaZsCW9vcJ8"; -static const char *ST_HASH_07500 = "$krb5pa$23$user$realm$salt$5cbb0c882a2b26956e81644edbdb746326f4f5f0e947144fb3095dffe4b4b03e854fc1d631323632303636373330383333353630"; static const char *ST_HASH_07700 = "027642760180$77EC38630C08DF8D"; static const char *ST_HASH_07701 = "027642760180$77EC386300000000"; static const char *ST_HASH_07800 = "604020408266$32837BA7B97672BA4E5AC74767A4E6E1AE802651"; @@ -539,7 +537,6 @@ static const char *HT_07100 = "macOS v10.8+ (PBKDF2-SHA512)"; static const char *HT_07200 = "GRUB 2"; static const char *HT_07300 = "IPMI2 RAKP HMAC-SHA1"; static const char *HT_07400 = "sha256crypt $5$, SHA256 (Unix)"; -static const char *HT_07500 = "Kerberos 5 AS-REQ Pre-Auth etype 23"; static const char *HT_07700 = "SAP CODVN B (BCODE)"; static const char *HT_07701 = "SAP CODVN B (BCODE) mangled from RFC_READ_TABLE"; static const char *HT_07800 = "SAP CODVN F/G (PASSCODE)"; @@ -727,7 +724,6 @@ static const char *SIGNATURE_DRUPAL7 = "$S$"; static const char *SIGNATURE_ECRYPTFS = "$ecryptfs$"; static const char *SIGNATURE_EPISERVER = "$episerver$"; static const char *SIGNATURE_KEEPASS = "$keepass$"; -static const char *SIGNATURE_KRB5PA = "$krb5pa$23$"; static const char *SIGNATURE_KRB5TGS = "$krb5tgs$23$"; static const char *SIGNATURE_KRB5ASREP = "$krb5asrep$23$"; static const char *SIGNATURE_MD5AIX = "{smd5}"; @@ -6427,122 +6423,6 @@ int sha512b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE return (PARSER_OK); } -int krb5pa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - krb5pa_t *krb5pa = (krb5pa_t *) hash_buf->esalt; - - token_t token; - - token.token_cnt = 6; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_KRB5PA; - - token.len[0] = 11; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len_min[1] = 0; - token.len_max[1] = 64; - token.sep[1] = '$'; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[2] = 0; - token.len_max[2] = 64; - token.sep[2] = '$'; - token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len_min[3] = 0; - token.len_max[3] = 128; - token.sep[3] = '$'; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; - - token.len[4] = 72; - token.attr[4] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - token.len[5] = 32; - token.attr[5] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_HEX; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - const u8 *user_pos = token.buf[1]; - const u8 *realm_pos = token.buf[2]; - const u8 *salt_pos = token.buf[3]; - - const int user_len = token.len[1]; - const int realm_len = token.len[2]; - const int salt_len = token.len[3]; - - /** - * copy data - */ - - memcpy (krb5pa->user, user_pos, user_len); - memcpy (krb5pa->realm, realm_pos, realm_len); - memcpy (krb5pa->salt, salt_pos, salt_len); - - /** - * decode data - */ - - const u8 *timestamp_pos = token.buf[4]; - - u8 *timestamp_ptr = (u8 *) krb5pa->timestamp; - - for (int i = 0; i < 72; i += 2) - { - const u8 p0 = timestamp_pos[i + 0]; - const u8 p1 = timestamp_pos[i + 1]; - - *timestamp_ptr++ = hex_convert (p1) << 0 - | hex_convert (p0) << 4; - } - - const u8 *checksum_pos = token.buf[5]; - - u8 *checksum_ptr = (u8 *) krb5pa->checksum; - - for (int i = 0; i < 32; i += 2) - { - const u8 p0 = checksum_pos[i + 0]; - const u8 p1 = checksum_pos[i + 1]; - - *checksum_ptr++ = hex_convert (p1) << 0 - | hex_convert (p0) << 4; - } - - /** - * copy some data to generic buffers to make sorting happy - */ - - salt->salt_buf[0] = krb5pa->timestamp[0]; - salt->salt_buf[1] = krb5pa->timestamp[1]; - salt->salt_buf[2] = krb5pa->timestamp[2]; - salt->salt_buf[3] = krb5pa->timestamp[3]; - salt->salt_buf[4] = krb5pa->timestamp[4]; - salt->salt_buf[5] = krb5pa->timestamp[5]; - salt->salt_buf[6] = krb5pa->timestamp[6]; - salt->salt_buf[7] = krb5pa->timestamp[7]; - salt->salt_buf[8] = krb5pa->timestamp[8]; - - salt->salt_len = 36; - - digest[0] = krb5pa->checksum[0]; - digest[1] = krb5pa->checksum[1]; - digest[2] = krb5pa->checksum[2]; - digest[3] = krb5pa->checksum[3]; - - return (PARSER_OK); -} - int sapb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -16022,7 +15902,6 @@ u32 kernel_threads_mxx (hashcat_ctx_t *hashcat_ctx) { - if (hashconfig->hash_mode == 7500) kernel_threads = 64; // RC4 if (hashconfig->hash_mode == 8900) kernel_threads = 16; // SCRYPT if (hashconfig->hash_mode == 9000) kernel_threads = 8; // Blowfish if (hashconfig->hash_mode == 9300) kernel_threads = 8; // SCRYPT @@ -17218,38 +17097,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, snprintf (out_buf, out_size, "$5$rounds=%u$%s$%s", salt.salt_iter, (char *) salt.salt_buf, ptr_plain); } } - else if (hash_mode == 7500) - { - krb5pa_t *krb5pas = (krb5pa_t *) esalts_buf; - - krb5pa_t *krb5pa = &krb5pas[digest_cur]; - - u8 *ptr_timestamp = (u8 *) krb5pa->timestamp; - u8 *ptr_checksum = (u8 *) krb5pa->checksum; - - char data[128] = { 0 }; - - char *ptr_data = data; - - for (u32 i = 0; i < 36; i++, ptr_data += 2) - { - sprintf (ptr_data, "%02x", ptr_timestamp[i]); - } - - for (u32 i = 0; i < 16; i++, ptr_data += 2) - { - sprintf (ptr_data, "%02x", ptr_checksum[i]); - } - - *ptr_data = 0; - - snprintf (out_buf, out_size, "%s%s$%s$%s$%s", - SIGNATURE_KRB5PA, - (char *) krb5pa->user, - (char *) krb5pa->realm, - (char *) krb5pa->salt, - data); - } else if ((hash_mode == 7700) || (hash_mode == 7701)) { snprintf (out_buf, out_size, "%s$%08X%08X", @@ -21832,23 +21679,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 7500: hashconfig->hash_type = HASH_TYPE_KRB5PA; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_KRB5PA; - hashconfig->dgst_size = DGST_SIZE_4_4; - hashconfig->parse_func = krb5pa_parse_hash; - hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 0; - hashconfig->dgst_pos1 = 1; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 3; - hashconfig->st_hash = ST_HASH_07500; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 7700: hashconfig->hash_type = HASH_TYPE_SAPB; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -24223,7 +24053,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) case 7100: hashconfig->esalt_size = sizeof (pbkdf2_sha512_t); break; case 7200: hashconfig->esalt_size = sizeof (pbkdf2_sha512_t); break; case 7300: hashconfig->esalt_size = sizeof (rakp_t); break; - case 7500: hashconfig->esalt_size = sizeof (krb5pa_t); break; case 8200: hashconfig->esalt_size = sizeof (cloudkey_t); break; case 8800: hashconfig->esalt_size = sizeof (androidfde_t); break; case 9200: hashconfig->esalt_size = sizeof (pbkdf2_sha256_t); break; diff --git a/src/modules/module_07500.c b/src/modules/module_07500.c new file mode 100644 index 000000000..60fe7815a --- /dev/null +++ b/src/modules/module_07500.c @@ -0,0 +1,297 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL; +static const char *HASH_NAME = "Kerberos 5 AS-REQ Pre-Auth etype 23"; +static const u32 HASH_TYPE = HASH_TYPE_GENERIC; +static const u64 KERN_TYPE = 7500; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 PWDUMP_COLUMN = PWDUMP_COLUMN_NTLM_HASH; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$krb5pa$23$user$realm$salt$5cbb0c882a2b26956e81644edbdb746326f4f5f0e947144fb3095dffe4b4b03e854fc1d631323632303636373330383333353630"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_pwdump_column (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return PWDUMP_COLUMN; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct krb5pa +{ + u32 user[16]; + u32 realm[16]; + u32 salt[32]; + u32 timestamp[16]; + u32 checksum[4]; + +} krb5pa_t; + +static const char *SIGNATURE_KRB5PA = "$krb5pa$23$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (krb5pa_t); + + return esalt_size; +} + +u32 module_kernel_threads_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_min = 64; + + return kernel_threads_min; +} + +u32 module_kernel_threads_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_threads_max = 64; + + return kernel_threads_max; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + krb5pa_t *krb5pa = (krb5pa_t *) esalt_buf; + + token_t token; + + token.token_cnt = 6; + + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_KRB5PA; + + token.len[0] = 11; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + token.len_min[1] = 0; + token.len_max[1] = 64; + token.sep[1] = '$'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[2] = 0; + token.len_max[2] = 64; + token.sep[2] = '$'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len_min[3] = 0; + token.len_max[3] = 128; + token.sep[3] = '$'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; + + token.len[4] = 72; + token.attr[4] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + token.len[5] = 32; + token.attr[5] = TOKEN_ATTR_FIXED_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const u8 *user_pos = token.buf[1]; + const u8 *realm_pos = token.buf[2]; + const u8 *salt_pos = token.buf[3]; + + const int user_len = token.len[1]; + const int realm_len = token.len[2]; + const int salt_len = token.len[3]; + + /** + * copy data + */ + + memcpy (krb5pa->user, user_pos, user_len); + memcpy (krb5pa->realm, realm_pos, realm_len); + memcpy (krb5pa->salt, salt_pos, salt_len); + + /** + * decode data + */ + + const u8 *timestamp_pos = token.buf[4]; + + u8 *timestamp_ptr = (u8 *) krb5pa->timestamp; + + for (int i = 0; i < 72; i += 2) + { + const u8 p0 = timestamp_pos[i + 0]; + const u8 p1 = timestamp_pos[i + 1]; + + *timestamp_ptr++ = hex_convert (p1) << 0 + | hex_convert (p0) << 4; + } + + const u8 *checksum_pos = token.buf[5]; + + u8 *checksum_ptr = (u8 *) krb5pa->checksum; + + for (int i = 0; i < 32; i += 2) + { + const u8 p0 = checksum_pos[i + 0]; + const u8 p1 = checksum_pos[i + 1]; + + *checksum_ptr++ = hex_convert (p1) << 0 + | hex_convert (p0) << 4; + } + + /** + * copy some data to generic buffers to make sorting happy + */ + + salt->salt_buf[0] = krb5pa->timestamp[0]; + salt->salt_buf[1] = krb5pa->timestamp[1]; + salt->salt_buf[2] = krb5pa->timestamp[2]; + salt->salt_buf[3] = krb5pa->timestamp[3]; + salt->salt_buf[4] = krb5pa->timestamp[4]; + salt->salt_buf[5] = krb5pa->timestamp[5]; + salt->salt_buf[6] = krb5pa->timestamp[6]; + salt->salt_buf[7] = krb5pa->timestamp[7]; + salt->salt_buf[8] = krb5pa->timestamp[8]; + + salt->salt_len = 36; + + digest[0] = krb5pa->checksum[0]; + digest[1] = krb5pa->checksum[1]; + digest[2] = krb5pa->checksum[2]; + digest[3] = krb5pa->checksum[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const u32 *digest = (const u32 *) digest_buf; + + const krb5pa_t *krb5pa = (const krb5pa_t *) esalt_buf; + + u8 *ptr_timestamp = (u8 *) krb5pa->timestamp; + u8 *ptr_checksum = (u8 *) krb5pa->checksum; + + char data[128] = { 0 }; + + char *ptr_data = data; + + for (u32 i = 0; i < 36; i++, ptr_data += 2) + { + sprintf (ptr_data, "%02x", ptr_timestamp[i]); + } + + for (u32 i = 0; i < 16; i++, ptr_data += 2) + { + sprintf (ptr_data, "%02x", ptr_checksum[i]); + } + + *ptr_data = 0; + + const int line_len = snprintf (line_buf, line_size, "%s%s$%s$%s$%s", + SIGNATURE_KRB5PA, + (char *) krb5pa->user, + (char *) krb5pa->realm, + (char *) krb5pa->salt, + data); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_binary_verify = MODULE_DEFAULT; + module_ctx->module_hash_decode_outfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hash_type = module_hash_type; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = module_kernel_threads_max; + module_ctx->module_kernel_threads_min = module_kernel_threads_min; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = module_pwdump_column; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m07500.pm b/tools/test_modules/m07500.pm new file mode 100644 index 000000000..fadb17306 --- /dev/null +++ b/tools/test_modules/m07500.pm @@ -0,0 +1,147 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Encode; +use Crypt::RC4; +use Digest::HMAC_MD5 qw (hmac_md5); +use Digest::MD4 qw (md4); +use Digest::MD5 qw (md5_hex); +use POSIX qw (strftime); + +sub get_random_kerberos5_salt +{ + my $custom_salt = shift; + + my $clear_data = random_bytes (14) . + strftime ("%Y%m%d%H%M%S", localtime) . + random_bytes (8); + + my $user = "user"; + my $realm = "realm"; + my $salt = "salt"; + + my $salt_buf = $user . "\$" . $realm . "\$" . $salt . "\$" . unpack ("H*", $custom_salt) . "\$" . unpack ("H*", $clear_data) . "\$"; + + return $salt_buf; +} + +sub module_constraints { [[0, 255], [16, 16], [0, 27], [16, 16], [-1, -1]] } + +sub module_generate_hash +{ + my $word_buf = shift; + my $salt_buf = shift; + + if ($salt_buf !~ /\$/) + { + $salt_buf = get_random_kerberos5_salt ($salt_buf); + } + + my @salt_arr = split ("\\\$", $salt_buf); + + my $user = $salt_arr[0]; + + my $realm = $salt_arr[1]; + + my $salt = $salt_arr[2]; + + my $hmac_salt = $salt_arr[3]; + my $hmac_salt_bin = pack ("H*", $hmac_salt); + + my $clear_data = $salt_arr[4]; + + my $k = md4 (encode ("UTF-16LE", $word_buf)); + + my $k1 = hmac_md5 ("\x01\x00\x00\x00", $k); + + my $k3 = hmac_md5 ($hmac_salt_bin, $k1); + + my $hash_buf; + + if (length ($clear_data) > 1) + { + my $clear_data_bin = pack ("H*", $clear_data); + + $hash_buf = RC4 ($k3, $clear_data_bin); + } + else + { + my $hash = $salt_arr[5]; + + my $hash_bin = pack ("H*", $hash); + + my $clear_data = RC4 ($k3, $hash_bin); + + my $timestamp = substr ($clear_data, 14, 14); + + my $is_numeric = 1; + + if ($timestamp !~ /^[[:digit:]]{14}$/) + { + $is_numeric = 0; + } + + if (! $is_numeric) + { + $hash_buf = "\x00" x 36; + + if ($hash_buf eq $hash_bin) + { + $hash_buf = "\x01" x 36; + } + } + else + { + $hash_buf = $hash_bin; + } + } + + my $tmp_hash = sprintf ("\$krb5pa\$23\$%s\$%s\$%s\$%s%s", $user, $realm, $salt, unpack ("H*", $hash_buf), $hmac_salt); + + return $tmp_hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $index1 = index ($line, "\$", 11); + + return if $index1 < 1; + + my $index2 = index ($line, "\$", $index1 + 1); + + return if $index2 < 1; + + my $index3 = index ($line, "\$", $index2 + 1); + + return if $index3 < 1; + + $index2 = index ($line, ":", $index3 + 1); + + return if $index2 < 1; + + my $hash_in = substr ($line, 0, $index2); + my $word = substr ($line, $index2 + 1); + + my $salt; + + $salt = substr ($hash_in, 11, $index3 - 10); + $salt .= substr ($hash_in, $index2 - 32) . "\$\$"; + $salt .= substr ($hash_in, $index3 + 1, $index2 - $index3 - 32 - 1); + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt); + + return ($new_hash, $word); +} + +1;