Coverage for /private/tmp/im/impacket/impacket/dcerpc/v5/mimilib.py : 48%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # Author: Alberto Solino (@agsolino) # # Description: # Mimikatz Interface implementation, based on @gentilkiwi IDL # # Best way to learn how to use these calls is to grab the protocol standard # so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. #
DCERPCException.__init__(self, error_string, error_code, packet)
key = self.error_code if key in nt_errors.ERROR_MESSAGES: error_msg_short = nt_errors.ERROR_MESSAGES[key][0] error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] return 'Mimikatz SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) else: return 'Mimikatz SessionError: unknown error code: 0x%x' % self.error_code
################################################################################ # CONSTANTS ################################################################################
################################################################################ # STRUCTURES ################################################################################ ('bType','B=0'), ('bVersion','B=0'), ('reserved','<H=0'), ('aiKeyAlg','<L=0'), ) Structure.__init__(self,data,alignment) self['bType'] = TPUBLICKEYBLOB self['bVersion'] = CUR_BLOB_VERSION self['aiKeyAlg'] = CALG_DH_EPHEM
('magic','<L=0'), ('bitlen','<L=0'), ) Structure.__init__(self,data,alignment) self['magic'] = 0x31484400 self['bitlen'] = 1024
('publickeystruc',':', PUBLICKEYSTRUC), ('dhpubkey',':', DHPUBKEY), ('yLen', '_-y','128'), ('y',':'), ) Structure.__init__(self,data,alignment) self['publickeystruc'] = PUBLICKEYSTRUC().getData() self['dhpubkey'] = DHPUBKEY().getData()
('Data','20s=""'), ) if self._isNDR64 is True: return 8 else: return 4
('Data',BYTE_ARRAY), )
('sessionType',ALG_ID), ('cbPublicKey',DWORD), ('pbPublicKey',PBYTE_ARRAY), )
('Data',MIMI_PUBLICKEY), )
################################################################################ # RPC CALLS ################################################################################ ('clientPublicKey',MIMI_PUBLICKEY), )
('serverPublicKey',MIMI_PUBLICKEY), ('phMimi',MIMI_HANDLE), ('ErrorCode',ULONG), )
('phMimi',MIMI_HANDLE), )
('phMimi',MIMI_HANDLE), ('ErrorCode',ULONG), )
('phMimi',MIMI_HANDLE), ('szEncCommand',DWORD), ('encCommand',PBYTE_ARRAY), )
('szEncResult',DWORD), ('encResult',PBYTE_ARRAY), ('ErrorCode',ULONG), )
################################################################################ # OPNUMs and their corresponding structures ################################################################################ 0 : (MimiBind, MimiBindResponse), 1 : (MimiUnbind, MimiUnbindResponse), 2 : (MimiCommand, MimiCommandResponse), }
################################################################################ # HELPER FUNCTIONS ################################################################################
self.G = 2 self.P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF self.privateKey = random.getrandbits(1024) #self.privateKey = int('A'*128, base=16)
self.publicKey = pow(self.G, self.privateKey, self.P) tmp = hex(self.publicKey)[2:].rstrip('L') if len(tmp) & 1: tmp = '0' + tmp return binascii.unhexlify(tmp)
pubKey = int(binascii.hexlify(serverPublicKey), base=16) self.sharedSecret = pow(pubKey, self.privateKey, self.P) tmp = hex(self.sharedSecret)[2:].rstrip('L') if len(tmp) & 1: tmp = '0' + tmp return binascii.unhexlify(tmp)
request = MimiBind() request['clientPublicKey'] = clientPublicKey return dce.request(request)
request = MimiCommand() request['phMimi'] = phMimi request['szEncCommand'] = len(encCommand) request['encCommand'] = list(encCommand) return dce.request(request)
from impacket.winregistry import hexdump alice = MimiDiffeH() alice.G = 5 alice.P = 23 alice.privateKey = 6
bob = MimiDiffeH() bob.G = 5 bob.P = 23 bob.privateKey = 15
print('Alice pubKey') hexdump(alice.genPublicKey()) print('Bob pubKey') hexdump(bob.genPublicKey())
print('Secret') hexdump(alice.getSharedSecret(bob.genPublicKey())) hexdump(bob.getSharedSecret(alice.genPublicKey())) |