1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-12-23 15:18:16 +00:00

Merge pull request #3014 from brouillamini/19700-computers

Added Computer account decoding for -m 19700
This commit is contained in:
Jens Steube 2021-10-24 21:45:33 +03:00 committed by GitHub
commit d9680a8f58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -26,6 +26,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$krb5tgs$18$srv_http$synacktiv.local$16ce51f6eba20c8ee534ff8a$57d07b23643a516834795f0c010da8f549b7e65063e5a367ca9240f9b800adad1734df7e7d5dd8307e785de4f40aacf901df41aa6ce695f8619ec579c1fa57ee93661cf402aeef4e3a42e7e3477645d52c09dc72feade03512dffe0df517344f673c63532b790c242cc1d50f4b4b34976cb6e08ab325b3aefb2684262a5ee9faacb14d059754f50553be5bfa5c4c51e833ff2b6ac02c6e5d4c4eb193e27d7dde301bd1ddf480e5e282b8c27ef37b136c8f140b56de105b73adeb1de16232fa1ab5c9f6";
//static const char *ST_HASH = "$krb5tgs$18$CLIENT1$$VALJEAN.LOCAL$*valjean.local/CLIENT1$*$89dcdcdf385512b99b21dfd7$1f3d349af8775987651876b9714f3a1ff4f7a18f4af2f544689201ea39ac3f905b886e14a73dfa5d1d903310abb633cbb13782cd3cf9761310af993ef86b0d88e32fdf0917e73503b3ab3d9c762a2e9d3f7607434f965e2750e5157e38333056b17d854460edb351e5b0f50c0becc3ceede14448b2af649175e0f53748349793540cfa97b3f184d69f36e61c334d2e8270c86a4f0daf532290826963075e859cdf535747aabdd2cf2f340575ebc3bdc8781d80c0d7178d99273562526fbaeec4866a6a61d1a5f9b3e480ba3c2d64af9839b7a5f611c3e80bc5cbde455df4ec667869e9bf3d3443737921b56a159d70e0a17c5ab8b8f70ef8920d31bd0f56bb9948eb40a1f08d6dfcb617ba5b539ce14ef3c4b37fdcbed6d5b079999dc9b51c7ae037f4116f96feb080b15a9e713402a0dfc46d151b478111940a595b685524f461fde02482d777dae07ae7417505f1d0aa4c1a1ccda3dd083b3c959105c23b061d2995b8c5e675d261cd11b5754264d283ab2d85c5cf5e4bdfaac39c46946a42830548f7815680e7f98f6596ebc0b0539dffe5d59a63590c1b3aeebf858e2b84e9eb4027e55da2726c2b3e94916e74b58bc269fed4b3e5da5476010f92970b93424290c5311303a6d9ea8fafea02331ab195df8c6c2a8221d2a893fa3573321700b130a3a300ebfa22b5e7996bd7ec7cdcae0a47165a43bc99087bed1a1e10477259206e7c7a4a13c8625cabe2baab7f2958783c1bd7f3ca516b5c67cdb62ec0f9519d4275b908bf7aeb2773d03262a4984e1a0e31756bea8b0610ec6690565d267b1a5bed3d9c51226ec2dd2ff8dd45a7c4e41637830640947b6fc23ef463c57b58e9fe30877e179742905e5a2e2daabc8a124356de818f55ef3957fe1d2f74095c2c040d145ef7d84a0df6ddc9eb6cb7e53b00ea21b84d43583bff3c9b3828e410fa8660dfc1e597e681ea94f49f9e4274d8e8661d33da26290c153ec6d5bca60d558727c96edb6ba6d4a9837f698dd748e3a1dc088f8827b3325abdbf9080c441967a6b8fd483500025119a53ed100084a8dd9816e3067b38ac9c98a2bd730048a401aaf45aeb2fe25c9e609830739a41300ed98dc28ab5249340f4e9d8c4d48f5ca0981e022705502798f39516c889ed74b8aac8d0438924b8a3b79ad6108ea551a6f9acdd56ad56383b8c0ba6ed7e3e06f3d09f8ee636cad9696d08282d64c42632f5ba6e066032b2484de8519ea5a27c5ab5eeace286cbce46b51ed68e6df845153a8be23d614a3351471c2e6e2b11f1"
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
@ -117,16 +118,26 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
char *spn_info_start = strchr ((const char *) line_buf + 12 + 1, '*');
int is_spn_provided = 0;
int is_machine_account = 0;
const char *usr_start = line_buf + strlen(SIGNATURE_KRB5TGS);
char *usr_end = strchr ((const char *) usr_start, '$');
if (*(usr_end+1) == '$'){
is_machine_account = 1;
usr_end++;
}
int usr_len = usr_end - usr_start;
usr_len++; // we want the $ char included
// assume $krb5tgs$17$user$realm$checksum$edata2
if (spn_info_start == NULL)
{
token.token_cnt = 5;
token.sep[1] = '$';
token.len_min[1] = 1;
token.len_max[1] = 512;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
token.len[1] = usr_len;
token.attr[1] = TOKEN_ATTR_FIXED_LENGTH;
token.sep[2] = '$';
token.len_min[2] = 1;
@ -160,10 +171,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
token.token_cnt = 6;
token.sep[1] = '$';
token.len_min[1] = 1;
token.len_max[1] = 512;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
token.len[1] = usr_len;
token.attr[1] = TOKEN_ATTR_FIXED_LENGTH;
token.sep[2] = '$';
token.len_min[2] = 1;
@ -202,6 +211,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
int data_len;
int account_info_len;
token.len[1]--; //Removing trailing '$' due to TOKEN_ATTR_FIXED_LENGTH
user_pos = token.buf[1];
user_len = token.len[1];
@ -217,9 +227,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
data_pos = token.buf[4 + is_spn_provided];
data_len = token.len[4 + is_spn_provided];
account_info_len = token.len[2] + token.len[1];
u8 *account_info_ptr = (u8 *) krb5tgs->account_info;
// domain must be uppercase
@ -228,8 +235,22 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
memcpy (domain, domain_pos, domain_len);
uppercase (domain, domain_len);
memcpy (account_info_ptr, domain, domain_len);
memcpy (account_info_ptr + domain_len, user_pos, user_len);
if (is_machine_account){
//Format = uppercase(domain) + "host" + lowercase(fqdn)(without $)
account_info_len = snprintf ((char *)krb5tgs->account_info, 512, "%shost%.*s.%s",
domain,
user_len - 1, //remove $
(char*)krb5tgs->user,
domain);
lowercase( (u8 *)(krb5tgs->account_info) + domain_len + 4, // domain_len + "host"
account_info_len - domain_len + 4);
} else {
//Format = uppercase(domain) + lowercase(username)
account_info_len = snprintf ((char *)krb5tgs->account_info, 512, "%s%s",
domain,
(char*)krb5tgs->user);
}
krb5tgs->account_info_len = account_info_len;