|
|
|
@ -47,10 +47,11 @@ typedef struct krb5asrep
|
|
|
|
|
u32 checksum[4];
|
|
|
|
|
u32 edata2[5120];
|
|
|
|
|
u32 edata2_len;
|
|
|
|
|
u32 format;
|
|
|
|
|
|
|
|
|
|
} krb5asrep_t;
|
|
|
|
|
|
|
|
|
|
static const char *SIGNATURE_KRB5ASREP = "$krb5asrep$23$";
|
|
|
|
|
static const char *SIGNATURE_KRB5ASREP = "$krb5asrep$";
|
|
|
|
|
|
|
|
|
|
char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
|
|
|
|
|
{
|
|
|
|
@ -122,47 +123,132 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
|
|
|
|
|
| TOKEN_ATTR_VERIFY_SIGNATURE;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* $krb5asrep$23$user_principal_name:checksum$edata2
|
|
|
|
|
* hc
|
|
|
|
|
* format 1: $krb5asrep$23$user_principal_name:checksum$edata2
|
|
|
|
|
*
|
|
|
|
|
* jtr
|
|
|
|
|
* format 2: $krb5asrep$user_principal_name:checksum$edata2
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (line_len < 16) return (PARSER_SALT_LENGTH);
|
|
|
|
|
if (line_len < (int) strlen (SIGNATURE_KRB5ASREP)) return (PARSER_SALT_LENGTH);
|
|
|
|
|
|
|
|
|
|
char *upn_info_start = (char *) line_buf + strlen (SIGNATURE_KRB5ASREP);
|
|
|
|
|
char *upn_info_stop = strchr ((const char *) upn_info_start, ':');
|
|
|
|
|
memset (krb5asrep, 0, sizeof (krb5asrep_t));
|
|
|
|
|
|
|
|
|
|
if (upn_info_stop == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
|
|
|
|
size_t parse_off = 0;
|
|
|
|
|
|
|
|
|
|
upn_info_stop++; // we want the : char included
|
|
|
|
|
if (line_buf[token.len[0]] == '2' && line_buf[token.len[0] + 1] == '3' && line_buf[token.len[0] + 2] == '$')
|
|
|
|
|
{
|
|
|
|
|
// hashcat format
|
|
|
|
|
|
|
|
|
|
const int upn_info_len = upn_info_stop - upn_info_start;
|
|
|
|
|
krb5asrep->format = 1;
|
|
|
|
|
|
|
|
|
|
parse_off += 2;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// jtr format
|
|
|
|
|
|
|
|
|
|
krb5asrep->format = 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char *account_info_start = (char *) line_buf + strlen (SIGNATURE_KRB5ASREP) + parse_off;
|
|
|
|
|
char *account_info_stop = strchr ((const char *) account_info_start, ':');
|
|
|
|
|
|
|
|
|
|
if (account_info_stop == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
|
|
|
|
|
|
|
|
|
account_info_stop++; // we want the : char included
|
|
|
|
|
|
|
|
|
|
const int account_info_len = account_info_stop - account_info_start;
|
|
|
|
|
|
|
|
|
|
token.token_cnt = 4;
|
|
|
|
|
|
|
|
|
|
token.len[1] = upn_info_len;
|
|
|
|
|
token.attr[1] = TOKEN_ATTR_FIXED_LENGTH;
|
|
|
|
|
if (krb5asrep->format == 1)
|
|
|
|
|
{
|
|
|
|
|
token.token_cnt++;
|
|
|
|
|
|
|
|
|
|
token.sep[2] = '$';
|
|
|
|
|
token.len_min[2] = 32;
|
|
|
|
|
token.len_max[2] = 32;
|
|
|
|
|
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
// etype
|
|
|
|
|
|
|
|
|
|
token.sep[3] = '$';
|
|
|
|
|
token.len_min[3] = 64;
|
|
|
|
|
token.len_max[3] = 40960;
|
|
|
|
|
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
token.sep[1] = '$';
|
|
|
|
|
token.len[1] = 2;
|
|
|
|
|
token.attr[1] = TOKEN_ATTR_FIXED_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_DIGIT;
|
|
|
|
|
|
|
|
|
|
// user_principal_name
|
|
|
|
|
|
|
|
|
|
token.sep[2] = ':';
|
|
|
|
|
token.len[2] = account_info_len;
|
|
|
|
|
token.attr[2] = TOKEN_ATTR_FIXED_LENGTH;
|
|
|
|
|
|
|
|
|
|
// checksum
|
|
|
|
|
|
|
|
|
|
token.sep[3] = '$';
|
|
|
|
|
token.len_min[3] = 32;
|
|
|
|
|
token.len_max[3] = 32;
|
|
|
|
|
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
|
|
|
|
|
// edata2
|
|
|
|
|
|
|
|
|
|
token.sep[4] = '$';
|
|
|
|
|
token.len_min[4] = 64;
|
|
|
|
|
token.len_max[4] = 40960;
|
|
|
|
|
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// user_principal_name
|
|
|
|
|
|
|
|
|
|
token.sep[1] = ':';
|
|
|
|
|
token.len[1] = account_info_len;
|
|
|
|
|
token.attr[1] = TOKEN_ATTR_FIXED_LENGTH;
|
|
|
|
|
|
|
|
|
|
// checksum
|
|
|
|
|
|
|
|
|
|
token.sep[2] = '$';
|
|
|
|
|
token.len_min[2] = 32;
|
|
|
|
|
token.len_max[2] = 32;
|
|
|
|
|
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
|
|
|
|
|
// edata2
|
|
|
|
|
|
|
|
|
|
token.sep[3] = '$';
|
|
|
|
|
token.len_min[3] = 64;
|
|
|
|
|
token.len_max[3] = 40960;
|
|
|
|
|
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
|
|
|
|
|
|
|
|
|
|
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
|
|
|
|
|
|
|
|
|
|
const u8 *checksum_pos = token.buf[2];
|
|
|
|
|
const u8 *checksum_pos = NULL;
|
|
|
|
|
const u8 *data_pos = NULL;
|
|
|
|
|
|
|
|
|
|
const u8 *data_pos = token.buf[3];
|
|
|
|
|
const int data_len = token.len[3];
|
|
|
|
|
int data_len = 0;
|
|
|
|
|
|
|
|
|
|
memcpy (krb5asrep->account_info, token.buf[1], token.len[1]);
|
|
|
|
|
if (krb5asrep->format == 1)
|
|
|
|
|
{
|
|
|
|
|
checksum_pos = token.buf[3];
|
|
|
|
|
|
|
|
|
|
data_pos = token.buf[4];
|
|
|
|
|
data_len = token.len[4];
|
|
|
|
|
|
|
|
|
|
memcpy (krb5asrep->account_info, token.buf[2], token.len[2]);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
checksum_pos = token.buf[2];
|
|
|
|
|
|
|
|
|
|
data_pos = token.buf[3];
|
|
|
|
|
data_len = token.len[3];
|
|
|
|
|
|
|
|
|
|
memcpy (krb5asrep->account_info, token.buf[1], token.len[1]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (checksum_pos == NULL || data_pos == NULL) return (PARSER_SALT_VALUE);
|
|
|
|
|
|
|
|
|
|
krb5asrep->checksum[0] = hex_to_u32 (checksum_pos + 0);
|
|
|
|
|
krb5asrep->checksum[1] = hex_to_u32 (checksum_pos + 8);
|
|
|
|
@ -213,14 +299,30 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
|
|
|
|
|
sprintf (data + j, "%02x", ptr_edata2[i]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const int line_len = snprintf (line_buf, line_size, "%s%s%08x%08x%08x%08x$%s",
|
|
|
|
|
SIGNATURE_KRB5ASREP,
|
|
|
|
|
(char *) krb5asrep->account_info,
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[0]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[1]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[2]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[3]),
|
|
|
|
|
data);
|
|
|
|
|
int line_len = 0;
|
|
|
|
|
|
|
|
|
|
if (krb5asrep->format == 1)
|
|
|
|
|
{
|
|
|
|
|
line_len = snprintf (line_buf, line_size, "%s23%s%08x%08x%08x%08x$%s",
|
|
|
|
|
SIGNATURE_KRB5ASREP,
|
|
|
|
|
(char *) krb5asrep->account_info,
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[0]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[1]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[2]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[3]),
|
|
|
|
|
data);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
line_len = snprintf (line_buf, line_size, "%s%s%08x%08x%08x%08x$%s",
|
|
|
|
|
SIGNATURE_KRB5ASREP,
|
|
|
|
|
(char *) krb5asrep->account_info,
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[0]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[1]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[2]),
|
|
|
|
|
byte_swap_32 (krb5asrep->checksum[3]),
|
|
|
|
|
data);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return line_len;
|
|
|
|
|
}
|
|
|
|
|