5i^;ddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddlm Z ddlm Z ddl m Z dd lmZmZdd lmZmZmZdd lmZmZmZmZdd lmZdd lmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-ddl.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8ddl9m:Z:ddl;mZ>ddl?m@Z@dZAGddZBGddZCdS)N)hashlib)cms)algos)core)x509)keys) parse_pkcs12)rsa_pkcs1v15_signload_private_key) NAME_TYPE MESSAGE_TYPE PaDataType)Enctype_checksum_table_enctype_tableKey)AuthenticatorChecksum) KDC_REQ_BODY PrincipalName HostAddress KDCOptions EncASRepPartAP_REQAuthorizationDataChecksum krb5_pvnoRealm EncryptionKey AuthenticatorTicket APOptions EncryptedDataAS_REQAP_REP) PKAuthenticatorAuthPackDunno1Dunno2MetaDataInfo CertIssuer CertIssuers PA_PK_AS_REP KDCDHKeyInfo) KRB_FINISHED)LSAP_TOKEN_INFO_INTEGRITYKERB_AD_RESTRICTION_ENTRYKERB_AD_RESTRICTION_ENTRYS) GSSAPIFlagsc|dkr|dddS||dzdzd}dt|zddd}||zS) NbigFsigned)to_bytes bit_lengthlen)xlbts I/home/kali/Ninja/venv/lib/python3.11/site-packages/minikerberos/pkinit.py length_encoderD$suHH Auu - --zz1<<>>A%!+U33" c"gg~5599! 2+cbeZdZdZedZedZedZdZdZ dS)DirtyDHcd|_d|_d|_d|_t jd|_t|jd|_ t jd|_ dS)N ) pg shared_keyshared_key_intosurandom private_keyinthexprivate_key_intdh_nonceselfs rC__init__zDirtyDH.__init__.sc $& $&$/$Z^^$T-1133R88$*R..$---rEc>t}||_||_|SNrGrKrL)rKrLdds rC from_paramszDirtyDH.from_params7syy" "$ "$ )rEcVt}|d|_|d|_|S)NrKrLr[)dhpr\s rC from_dictzDirtyDH.from_dict>s&yy" S"$ S"$ )rEc~tj|j}t|SrZ)r DHParametersloadnativerGr`) asn1_bytesr_s rC from_asn1zDirtyDH.from_asn1Es/  ++2#   3  rEcBt|j|j|jSrZ)powrLrTrKrVs rCget_public_keyzDirtyDH.get_public_keyKs TVT)46 2 22rEct||j|j|_t |jdd}t |dzdkrd|z}t ||_|jS)Nr0) rhrTrKrNrSr?bytesfromhexrM)rWbob_intr@s rCexchangezDirtyDH.exchangeOskGT%946BB$ $ qrr"!VVaZ1__ Qw1MM!$$$/ rEN) __name__ __module__ __qualname__rX staticmethodr]r`rfrirprErCrGrG-s!!!  ,   ,   , 333rErGceZdZdZddZeddZeddZddZddgdfd Z e j e j ze j zfd Zdd Zdd ZdZddZdS)PKINITcd|_d|_d|_d|_d|_d|_d|_d|_d|_dSrZ) privkeyinfo certificate extra_certsuser_sid user_nameissuercnamediffie_PKINIT__hcertrVs rCrXzPKINIT.__init__YsH$$$$-$.$+$*$+$,,,rEMYNcDddlm}|||\|_|_dS)Nr)find_cert_by_cn)#minikerberos.common.windows.crypt32rrzr)rWusernamecertstore_name cert_serialrs rCinit_windows_certzPKINIT.init_windows_certes3AAAAAA#2?8^#L#L $DLLLrEc~t}|||||||S)N)rr dh_params)rwrsetup)rrrrpkinits rCfrom_windows_certstorezPKINIT.from_windows_certstorejs@ 88&8nT_```,,9,%%% -rEct}t|tr|}t |d5}t ||\|_|_|_ t|j|_ dddn #1swxYwY| ||S)Nrb)passwordr) rw isinstancestrencodeopenr readryrzr{r privkeyr)pfxfilepfxpassrrfs rCfrom_pfxzPKINIT.from_pfxrs 88& ^^  7 GT9a@LQVVXXbi@j@j@j=6v)6+=$V%7886>999999999999999 ,,9,%%% -sAB$$B(+B(c|jjjdD]?}|dr||_|ddkr||_@|jjjd|_dd|j|jg|_ |Qtdt tdj|_td dSt|t r!t ||_dSt|t"r!t||_dSt|tr ||_dSt'd ) N common_namezS-1-12@\AzureADzGenerating DH params...izDH params generated.z.DH params must be either a bytearray or a dict)rzsubjectrd startswithr|findr}r~joinrprintrGr`generate_dh_parametersrrdictrmrf Exception)rWrr@s rCrz PKINIT.setupsb   # *= 9all8DMM s rDN '.}=$+yy)T[$-@AA$* "###""$:4$@$@$GHH4;      D!!F##I..DKKK9e$$F##I..DKKK9g&&FDKKK D E EErE) forwardable renewable proxiable canonicalizec$t|trt|}|t|tr|g}n|jg}|t|tr|g}ndg}t jt jj}i}t||d<ttj j |d|d<d|d<ttj j |d|d<|t jd zd |d <|t jd zd |d <t!jd|d<ddg|d<t%dddg|d<t'|}t)j|}i}|j|d<|d |d<t!jd|d<||d<i} |jj| d<|jj| d<d | d<i} d| d<t9j| | d<i} t9j| | d<|j| d <i} tA|| d!<t9j!| | d"<|jj"| d#<tG| } |$| d$%} tKtM| | z}d&|z}d'tKtM|z|z} i}tNj(j |d(<| |d)<i}d*|d+<d,|d-<|g|d.<||d/<tS|S)0N 127.0.0.1z kdc-optionsz name-typez name-stringrWELLKNOWN:PKU2Urealmsnamer6)daysr microsecondtillrtimenonceetypes 127.0.0.1)z addr-typeaddress addressescusecctime paChecksumrKrLqz1.2.840.10046.2.1 algorithm parameters public_keypkAuthenticatorclientPublicValue clientDHNonceF) wrap_signed0 padata-type padata-valuepvno msg-typepadatazreq-body)*rlistsetrrdatetimenowtimezoneutcrrr MS_PRINCIPALvalue timedeltareplacesecretsrandbitsrrrsha1dumpdigestrrrKrLrDomainParametersPublicKeyAlgorithmrir% PublicKeyInforUr& sign_authpackrDr?r PK_AS_REQr#)rWtargetrkdcoptsrkdc_req_body_data kdc_req_bodychecksum authenticatordppkaspkiauthpacksigned_authpackpayload pa_data_1asreqs rC build_asreqzPKINIT.build_asreqs \\7  GE J<5 XF M6h/344#%/%8%8M",9;Q;Whm-n-nooG0G,9;Q;Whn-o-oppG #h&8a&@&@&@ @IIVWIXXF #h&8a&@&@&@ @IIVWIXXG&/33G "2wG$/b\0Z0Z$[$[#\K /00,\,++-- . . 5 5 7 7(-?-;;1;55-"+B//- (-  " KM"S' KM"S' "S' #(#k+B//#l $-c22${{1133$|( / > >( "&"4T":":( "k2(? h  (&&x}}e&LL/ #o.. / // A' g 'mCLL999GC/)'17)M-)N %%-% K%/"%      rEct|d}t|j|d}td} i} d| d<| |d|| d<i}t | |d<t |} d} | d d d t| d d d z| z} t}||_ d |_ i}d|d<|| z|d<t}d|_d|_t d|_i}d|d<||d<t'|}t)|g}t+d|dg}t,jt,jj}i}t4|d<t7|d|d<|d|d<|j|d<|d|d<t=||d<d|d<t+d|dg|d <t ||d!<||d"tA|d}d#g}i}t4|d$<tBj"j#|d%<tI|d&|d&<tKtM||d'<tO|j|d(|d)<tQ|S)*NkeytypekeyvaluerJ cksumtype)rzgss-micrkr7T) byteorderr9sir6i @7e303fffe6bff25146addca4fbddf1b94f1634178eb4528fb2731c669ca23cderzrestriction-type restriction)zad-typezad-datazauthenticator-vnocrealmrrrrsubkeyin,(z seq-numberzauthorization-datacksum zmutual-requiredrrticketz ap-options)rcipherr))rrenctyperrrr/rr=r?rflagschannel_bindingr0FlagsTokenILrmrn MachineIDr1r2rrrrrrrrrrencryptrr KRB_AP_REQrr r!rr"r)rWasrep session_keyr subkey_datakrb_finished_datar  subkey_cipher subkey_keysubkey_checksumkrb_finished_checksum_data krb_finishedaextensions_dataacchksumtiirestriction_datar@ restrictionsrauthenticator_dataauthenticator_data_encap_optsap_reqs rC build_apreqzPKINIT.build_apreqsQ!Y!78-=(+j*ABB*#B'/!,.[)+:+C+CJPRTe+f+fZ(!)*D!E!EI/005577,!JJqE$J??#lBSBSB\B\]^jox|B\B}B}}AMM/" "(!" &&{{}}6&!####)#+-- bcc#-)*%&$'LLNN=!./?@@ "2!34499;;!"#1$E$E#FGGLLNN, h/344#,5()!&uX!7!7X %gW #W #  : :W!.{!;!;X%.\"->A[g@h@h?i-j-j)* ( 0 0W ">>+r=I[;\;\;a;a;c;ceijj  ' &&.#.4&E(O,,&"3w<<00&)K4GSi*j*jkk&     rEFcl|jddlm}||j|S||||S)Nr) pkcs7_sign)rrr'sign_authpack_native)rWdatarr's rCrzPKINIT.sign_authpack>sH \====== *T\4 ( (( " "4{ ; ;;rEci}tjd|d<i}d|d<tj|jj|jjd|d<tj||d<tjdd gd tjd tj | gd g|d <tj dd i|d<t|jtj|d d|d<i}d |d<||d<i}d|d<tj|g|d<tj||d<|jg|d<tjtj|g|d<|durDi}d|d<tj||d<tj|Stj|S)a Creating PKCS7 blob which contains the following things: 1. 'data' blob which is an ASN1 encoded "AuthPack" structure 2. the certificate used to sign the data blob 3. the singed 'signed_attrs' structure (ASN1) which points to the "data" structure (in point 1) z 1.3.14.3.2.26rv1version)r~ serial_numbersiddigest_algorithm content_typez1.3.6.1.5.2.3.1)typevaluesmessage_digest signed_attrsz1.2.840.113549.1.1.1signature_algorithmr signaturecontentv3digest_algorithmsencap_content_info certificates signer_infosTz1.2.840.113549.1.7.2)rDigestAlgorithmIdrIssuerAndSerialNumberrzr~r-DigestAlgorithm CMSAttributerrrSignedDigestAlgorithmr r CMSAttributesrEncapsulatedContentInfo SignerInfos SignerInfo SignedData ContentInfo)rWr)rdasiecsdcis rCr(zPKINIT.sign_authpack_nativeEs "+O<<"[/ ""Y-'%%3))"U) !044"^8I7JKKLL-',t:L:L:S:S:U:U9VWWXX"^$9;I_:`aa"%dlS5Fr.GY5Z5Z5_5_5a5acijj"[/ "("^"Y- ""Y-"22667" 8<<"()"^r(:(:';<<"^D 2.2n>"%%2i= /"   " " $ $$    " ""rEcd}|dD]/}|ddkr!tj|dj}n0tdtj|dj}|d}|d d krtd t j|d j}td dgd|dDzd}t tj |d dddd}|j |} |d} | |j jz| z} |dd} t | } | t"jkr || d}n<| t"jkr || d}n| t"jkrt+dt-| j|}|dd}| |d|}t3j|j}t t|dd} t-| j|dd }||| fS)!Nc^d}d}t||krtjt|g|z}t|t|z|kr||d|t|z z }n||z }|dz }t||k|S)NrErr6)r?rrrmr)rkeysizeoutput currentNum currentDigests rC truncate_keyz*PKINIT.decrypt_asrep..truncate_key|s 6: Vw  L |!4!4u!<==DDFFM 6{{S''''11 }3gF 3344V  mF!OJ Vw   =rErrrrzPA_PK_AS_REP not found! dhSignedDatar:r0z1.3.6.1.5.2.3.2z%Keyinfo content type unexpected valuer71c,g|]}t|Sru)r).0r@s rC z(PKINIT.decrypt_asrep..sMMM1AMMMrEsubjectPublicKeyrkr:r7Fr8 serverDHNoncezenc-partrrIrJzBRC4 key truncation documentation missing. it is different from AESrkeyrr)r-rcrdrrrFr.rRr from_bytesr BitStringrrrprUrrAES256AES128RC4NotImplementedErrorrr decryptr)rWas_reprSpapkasreprKkeyinfoauthdatapubkeyrM server_noncefullKeyrrt_keyr]enc_datadec_dataencasreprs rC decrypt_asrepzPKINIT.decrypt_asrepxst    8 ..b2> 233:G E , - -- ~7>233:" # $' ^ 111 : ; ;;  wy1 2 2 9( rwwuMM9K0LMMMMNNPQ R R& >>$.2D)EFFKKMMabbQSXch> i i&{##F++*), - - <'  W %% % & gn < $ $55  < $ $55   a b bb FNE""# J  )( ^^CH - -(  x ( ( /( 3xy9:: ;&FNHUOJ$?@@+ ; &&rEc|t|tr|g}ndg}i}d|d<|j|d<t|g}t |g}i}d|d<t t jj|d|d<i}t||d <td | ig|d <t| S) Nrz2.5.4.3r1rrpku2ur clientInfor*r)rV) rrr~r'r(rr rrr*r+rr))rWrrLrinfomds rC get_metadatazPKINIT.get_metadatas XF M6 ""V* "W+ bTll! qc{{" $#$w-$93I3O`f%g%ghh$| "Dzz"V* "'')), - - ."S' "    rE)rN)rNNrZ)F)rqrrrsrXrrtrrrrr3GSS_C_MUTUAL_FLAGGSS_C_INTEG_FLAGGSS_C_EXTENDED_ERROR_FLAGr%rr(rqrwrurErCrwrwXsW   MMMM ,   , FFFFB!%d>u>u>uLLLL\\g[x|G|X\X\g\A\ANNNN`<<<<-#-#-#-#f6'6'6'rrErw)DrOrrplatform unicryptor asn1cryptorrrrr oscrypto.keysr oscrypto.asymmetricr r minikerberos.protocol.constantsr r r minikerberos.protocol.encryptionrrrr minikerberos.protocol.structuresr"minikerberos.protocol.asn1_structsrrrrrrrrrrrrr r!r"r#r$minikerberos.protocol.rfc4556r%r&r'r(r)r*r+r,r-r. minikerberos.protocol.rfc_iakerbr/minikerberos.protocol.mskiler0r1r2minikerberos.gssapi.gssapir3rDrGrwrurErCrs? &&&&&&CCCCCCCCOOOOOOOOOOZZZZZZZZZZZZBBBBBBPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPYYYYYYYYYYYYYYYYYYYYYYYY999999yyyyyyyyyy222222((((((((VssssssssssrE