hdZddlmZddlmZmZmZddlmZddlZddl Z ddl Z ddl Z ddl m Z ddlZddlmZmZddlmZmZmZmZmZmZmZmZdd lmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*dd l+m,Z,dd l-m.Z.m/Z/dd l0m1Z1dd l2m3Z3ddl m4Z4ddl5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;mZ>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFmGZGmHZHmIZImJZJmKZKmLZLmMZMmNZNddlOmPZPmQZQmRZRmSZSddlTmUZUddlVmWZWmXZXddlYmZZZm[Z[m\Z\ddl]m^Z^m_Z_m`Z`maZambZbmcZcmdZdmeZemfZfmgZgmhZhddlimjZjmkZkddllmmZmGddeZne ZoeoZpe"Zqe"Zrdddddddd d!d" ZsGd#d$e,Zte!Zue"Zvid%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKZwid%dLd'dMd)dNdOdPd+dQdRdSd-dTdUdVd/dWd1dXd5dYd7dZd9dXd;d[d=d\d?d]dAd^d_d`dadbdcZxGdddee,ZyGdfdge,ZzGdhdie(Z{Gdjdke,Z|eZ}dldmdndodpdqdrdsdtdu Z~Gdvdwe,ZdxZiZGdydze(Zid%d{d'd|d)d}dOd~d+ddRdd-ddUdddddddddddddddddddZGdde,ZGdde,ZeZeed%<Gdde,ZeedO<Gdde,Zeed+<eZeedU<id%dd'dd)dd3dd9dd;dd=dd?ddCddEdddddddddddddddidddddddddddddddddddd“ddēddƓddȓddʓdd̓ddΓddГddddԜZiZGdՄde(ZGdׄde,ZGdلde,Zeyed'<Gdۄde,ZGd݄de,Zeed3<Gd߄de,ZGdde,ZeedC<Gdde,ZGdde,Zeed<Gdde,Zeed<GddePZGdde(ZGdde,Zeed<GddePZeed<GddePZeed<Gdde,Zeed<GddePZeed<Gdde,Zeed<Gdde,Zeed<Gdde,Zeed<Gdde,ZGdde,ZGdde(ZGdde,ZGdd e,ZGd d e,ZGd d e,ZGdde,ZGdde,ZGdde,Zeefed<Gdde,ZGdde,Zeed=<Gdde,ZGdde,ZGdde,Zeed?<Gdde,Zeed<Gd d!e,ZGd"d#e,Zeed<id%d$d'd%d)d&d1d'd3d(d5d)d7d*d9d+d;d,d=d-d?d.dEd/d0d1d2d3d4d5d6d7d8d9d:d;d<d=ZGd>d?e,ZGd@dAe,ZgdBZGdCd&e,ZGdDdEe,Ze%e"dFd+d͐Ge)dHd1edϐGe*e&dIgedJGe$dKeedLGZGdMdNe,ZGdOdPe,ZGdQdRe,Ze%e"dFd+dSGe)dHd3ed͐Ge*e&dIgedϐGepdTdUdJGe$dVdetdLGe$dWdedGe$dXdeydYGZGdZd[e,ZGd\d]e,ZGd^d_e,Ze%e$d`dezdSGe&daged͐GerdbddϐGe*eudceZdJGe}dddUedLGeudeeZdGe*eudfeZdYGeudgeZdGe*eudheZdiGepdjdUdkGe$dletetdmGe*edndoGe*e&dpgedqG ZGdrd5e,ZGdsd7e,ZGdtdue,Zeed%<Gdvdwe,ZGdxdye,ZGdzd9e,ZGd{d|e,ZGd}d:e,ZGd~de,ZGdde,ZGdde,ZGdde,ZGdde(ZGdde,ZGddePZGdde(ZGdde,ZGdde,ZGdde,ZGdde,ZGddePZGddePZ֐ddd<dddd-d.dddd ZאdddddZؐddddZiZGddePZGdde^ZGddePZeeڐd<GddePZeeڐd<GddePZeeڐd<gdZGddePZeeڐd<GddePZeeڐd<Gdde,Zeeڐd<eegd<eehd<eegd<eegd<GdƄde,ZeQekedȐɦeQekedȐʦeSekedȐdȐ˦eeڐd<eeڐd<eeڐd<eeڐd<eeڐd<GdфdePZeSeeeQejedȐɦeSejedȐʦGdӄdePZGdՄde,ZGdׄdePZdِdڐdېdܐdݐdސdߐddZGddePZGddePZeQekedɦeQekedʦeRekedd˦eRekedd˦GddePZeSeeeQejedɦeSejedʦGdde.ZdZdZ ddZdddgddddfdZddZddZ ddZGddefZdS(a Kerberos V5 Implements parts of: - Kerberos Network Authentication Service (V5): RFC4120 - Kerberos Version 5 GSS-API: RFC1964, RFC4121 - Kerberos Pre-Authentication: RFC6113 (FAST) - Kerberos Principal Name Canonicalization and Cross-Realm Referrals: RFC6806 - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols: RFC3244 - User to User Kerberos Authentication: draft-ietf-cat-user2user-03 - Public Key Cryptography Based User-to-User Authentication (PKU2U): draft-zhu-pku2u-09 - Initial and Pass Through Authentication Using Kerberos V5 (IAKERB): draft-ietf-kitten-iakerb-03 - Kerberos Protocol Extensions: [MS-KILE] - Kerberos Protocol Extensions: Service for User: [MS-SFU] .. note:: You will find more complete documentation for this layer over at `Kerberos `_ Example decryption:: >>> from scapy.libs.rfc3961 import Key, EncryptionType >>> pkt = Ether(hex_bytes("525400695813525400216c2b08004500015da71840008006dc\ 83c0a87a9cc0a87a11c209005854f6ab2392c25bd650182014b6e00000000001316a8201\ 2d30820129a103020105a20302010aa3633061304ca103020102a24504433041a0030201\ 12a23a043848484decb01c9b62a1cabfbc3f2d1ed85aa5e093ba8358a8cea34d4393af93\ bf211e274fa58e814878db9f0d7a28d94e7327660db4f3704b3011a10402020080a20904\ 073005a0030101ffa481b73081b4a00703050040810010a1123010a003020101a1093007\ 1b0577696e3124a20e1b0c444f4d41494e2e4c4f43414ca321301fa003020102a1183016\ 1b066b72627467741b0c444f4d41494e2e4c4f43414ca511180f32303337303931333032\ 343830355aa611180f32303337303931333032343830355aa7060204701cc5d1a8153013\ 0201120201110201170201180202ff79020103a91d301b3019a003020114a11204105749\ 4e31202020202020202020202020")) >>> enc = pkt[Kerberos].root.padata[0].padataValue >>> k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23a\ e87127a819d42e69b5e22de0ddc63da80096d")) >>> enc.decrypt(k) ) namedtuple)datetime timedeltatimezone)IntEnumN)warning) BER_id_decBER_Decoding_Error)ASN1_BIT_STRING ASN1_BOOLEAN ASN1_ClassASN1_GENERAL_STRINGASN1_GENERALIZED_TIME ASN1_INTEGER ASN1_STRING ASN1_Codecs) ASN1F_BOOLEAN ASN1F_CHOICE ASN1F_FLAGSASN1F_GENERAL_STRINGASN1F_GENERALIZED_TIME ASN1F_INTEGER ASN1F_OID ASN1F_PACKETASN1F_SEQUENCEASN1F_SEQUENCE_OF ASN1F_STRINGASN1F_STRING_PacketFieldASN1F_enum_INTEGERASN1F_optional) ASN1_Packet) AutomatonATMT)conf) bytes_encode) log_runtime)ConditionalField FieldLenField FlagsField IntEnumFieldLEIntEnumFieldLenFieldLEShortEnumField LEShortField LongFieldMultipleTypeField PacketFieldPacketLenFieldPacketListFieldPadFieldShortEnumField ShortFieldStrField StrFieldUtf16StrFixedLenEnumField XByteField XLEIntField XLEShortFieldXStrFixedLenField XStrLenField XStrField)Packetbind_bottom_up bind_top_down bind_layers) StreamSocket)strrotstrxor)GeneralizedTimeRandNumRandBin) GSSAPI_BLOB GSS_C_FLAGSGSS_S_BAD_MECHGSS_S_COMPLETEGSS_S_CONTINUE_NEEDEDGSS_S_DEFECTIVE_TOKEN GSS_S_FAILUREGssChannelBindingsSSP _GSSAPI_OIDS_GSSAPI_SIGNATURE_OIDS)TCPUDP)OptionalcZeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdS)ASN1_Class_KRBKerberos`abcjklmnouvyz{|}~N)__name__ __module__ __qualname__nameTokenTicket Authenticator EncTicketPartAS_REQAS_REPTGS_REQTGS_REPAP_REQAP_REPPRIVCRED EncASRepPart EncTGSRepPart EncAPRepPartEncKrbPrivPartEncKrbCredPartERRORY/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/kerberos.pyrYrYsm D E FMM F FGG F F D DLMLNN EEErrYz NT-UNKNOWNz NT-PRINCIPALz NT-SRV-INSTz NT-SRV-HSTz NT-SRV-XHSTzNT-UIDzNT-X500-PRINCIPALz NT-SMTP-NAMEz NT-ENTERPRISE) r c eZdZejZeeddede dge dZ e de fdZe d efd Zd S) PrincipalNamenameTyper explicit_tag nameStringupnc~t|\}}tt|gtdS)Nrrr) _parse_upnrrr)ruser_s rfromUPNzPrincipalName.fromUPNs?S//a+D112!!__    rspnc<t|\}}|dr;td|dDt dStd|dDt dS)Nkrbtgtc,g|]}t|Srr.0xs r z)PrincipalName.fromSPN..!KKKq/22KKKr/rrc,g|]}t|Srrrs rrz)PrincipalName.fromSPN..rrr) _parse_spn startswithrsplitr)rrs rfromSPNzPrincipalName.fromSPNsCQ >>( # #  KKCIIcNNKKK%a  !KKCIIcNNKKK%a rN)rmrnrorBER ASN1_codecrr_PRINCIPAL_NAME_TYPESrKerberosString ASN1_root staticmethodstrrbytesrrrrrrsJ  !    ,NNNNI S   \  U   \   rrr DES-CBC-CRCrz DES-CBC-MD4r DES-CBC-MD5rz DES3-CBC-MD5rz DES3-CBC-SHA1 zDSAWITHSHA1-CMSOIDrzMD5WITHRSAENCRYPTION-CMSOID zSHA1WITHRSAENCRYPTION-CMSOID z RC2CBC-ENVOID zRSAENCRYPTION-ENVOIDzRSAES-OAEP-ENV-OIDzDES-EDE3-CBC-ENV-OIDzDES3-CBC-SHA1-KDAES128-CTS-HMAC-SHA1-96AES256-CTS-HMAC-SHA1-96zAES128-CTS-HMAC-SHA256-128zAES256-CTS-HMAC-SHA384-192RC4-HMACz RC4-HMAC-EXPzCAMELLIA128-CTS-CMACzCAMELLIA256-CTS-CMAC)CRC32zRSA-MD4z RSA-MD4-DESrzDES-MACz DES-MAC-Krz RSA-MD4-DES-KzRSA-MD5z RSA-MD5-DESz RSA-MD5-DES3SHA1zHMAC-SHA1-DES3-KDzHMAC-SHA1-DES3zHMAC-SHA1-96-AES128zHMAC-SHA1-96-AES256zCMAC-CAMELLIA128zCMAC-CAMELLIA256zHMAC-SHA256-128-AES128zHMAC-SHA384-192-AES256KRB-AUTHENTICATORMD5)rrlvc eZdZejZeeddede e ddde dd d Z d Z dd Zdd ZdS) EncryptedDataetyperrrkvnoNrciphercR|jrt|jtr|jj}|dkr dtfSnZt|jt r dt fSt|jtr dtfSt|jtr(t|jjtr dtfSt|jtr dtfSt|jtr dtfSt|jtr dtfSt|jtr dt fSt|jt"r d t$fSt|jt&r d t(fSt+d ) zB Get current key usage number and encrypted class rrrrrrrrr3ACould not guess key usage number. Please specify key_usage_number) underlayer isinstancePADATA padataType PA_ENC_TS_ENC KRB_Ticketrt KRB_AS_REPr} KRB_AP_REQKRB_Authenticator KRB_TGS_REPr~ KRB_AP_REPrKRB_PRIVrKRB_CREDrKrbFastArmoredReq KrbFastReq ValueError)selfpatypes r get_usagezEncryptedData.get_usage%s ?" &$/622! &3Q;;m++DOZ88 &-''DOZ88 &,&DOZ88 &Z*F>> &+++DO[99 &-''DOZ88 &,,,DOZ88 &<''DOX66 &>))DOX66 &>))DO->?? &:~% O   rc8||\}}|||jj}|r^ ||S#t$rE|t kr8 t |}tjd|cYS#t$rYnwxYwwxYw|S)ap Decrypt and return the data contained in cipher. :param key: the key to use for decryption :param key_usage_number: (optional) specify the key usage number. Guessed otherwise :param cls: (optional) the class of the decrypted payload Guessed otherwise (or bytes) Nz:Implementation bug detected. This looks like MIT Kerberos.) rdecryptrvalr r}r~r&r)rkeykey_usage_numberclsdress rrzEncryptedData.decryptQs  #$(NN$4$4 ! c KK($+/ : :   s1vv %   ,&& +A..$+X # -' (s/ AB$BB BBBBc||d}|j|_t|||||_dS)aj Encrypt text and set it into cipher. :param key: the key to use for encryption :param text: the bytes value to encode :param confounder: (optional) specify the confounder bytes. Random otherwise :param key_usage_number: (optional) specify the key usage number. Guessed otherwise Nr) confounder)rrrencryptr)rrtextrrs rrzEncryptedData.encryptwsS  ##~~//2 Y ! KK($:K F F   rNN)rmrnrorrrrr _KRB_E_TYPESr UInt32rrrrrrrrrrsJ7D,TJJJvvfd>>>?? Xr555I * * * X$$$$L      rrceZdZejZeeddede dddZ dZ e d Z d S) EncryptionKeykeytyperrrkeyvaluerrcPddlm}||jj|jjS)NrKey)rr)scapy.libs.rfc3961rrrr)rrs rtoKeyzEncryptionKey.toKeys=******s," !    rc8t|j|jS)N)rr)rrr)rrs rfromKeyzEncryptionKey.fromKeys#IW    rN)rmrnrorrrrrrrrr classmethodrrrrrrsJ9aDIII Z$777I      [   rrceZdZfdZxZS)_Checksum_Fieldctt|||}|djs|S|jjdkr$t |dj||dfS|S)Nrr _underlayerr)superrm2ir cksumtypeKRB_AuthenticatorChecksumrpktsr __class__s rr z_Checksum_Field.m2islOT**..sA661vz J =  & &,SVZSIII3q6Q Q rrmrnror  __classcell__rs@rrrs8rrc|eZdZejZeeddede dddZ dZ d d Z d d Z d S)ChecksumrrrrchecksumrrcF|jrt|jtrdSt|jtrdSt|jtrdSt|jt rdSt|jt rdStd)z. Get current key usage number rrr2r)rrr PA_FOR_USERPA_S4U_X509_USER AD_KDCIssuedrrrs rrzChecksum.get_usages ? $/+<== qDO[99 rDO-=>> rDO\:: rDO->?? r O   rNct||}||||jjdS)a" Decrypt and return the data contained in cipher. :param key: the key to use to check the checksum :param text: the bytes to verify :param key_usage_number: (optional) specify the key usage number. Guessed otherwise N)rverify_checksumrr)rrrrs rverifyzChecksum.verifys>  ##~~//  ,dDM4EFFFFFrc||}|p|j|_t||||j|_dS)a! Encrypt text and set it into cipher. :param key: the key to use to make the checksum :param text: the bytes to make a checksum of :param key_usage_number: (optional) specify the key usage number. Guessed otherwise N)keyusagerr)rrr make_checksumr)rrrrrs rmakez Checksum.makes`  ##~~// "3cm#   ).      rNr)rmrnrorrrrr _KRB_S_TYPESrrrr"r&rrrrrsJ       BT:::I   4 G G G G      rrIPv4 DirectionalChaosNetXNSISOzDECNET Phase IVz AppleTalk DDPNetBiosIPv6) rrrrrrrrrcfeZdZejZeeddede dddZ dS) HostAddressaddrTyperrraddressrrN) rmrnrorrrrr _ADDR_TYPESrrrrrr1r1s]J       Y666IIIrr1c *t|gtfi|Sr')rr1)rpkwargss rr7s%'8"k((#((rceZdZfdZxZS)_AuthorizationData_value_Fieldctt|||}|djs|S|jjt vr4t |jj|dj||dfS|SNrr r)r r9r radType_AUTHORIZATIONDATA_VALUESrs rr z"_AuthorizationData_value_Field.m2is~2D99==c1EE1vz J :>6 6 6)#*.9#a&*RUVVVA  rrrs@rr9r9s8         rr9AD-IF-RELEVANTzAD-INTENDED-FOR-SERVERz!AD-INTENDED-FOR-APPLICATION-CLASSz AD-KDC-ISSUEDz AD-AND-ORzAD-MANDATORY-TICKET-EXTENSIONSzAD-IN-TICKET-EXTENSIONSzAD-MANDATORY-FOR-KDC@zOSF-DCEASESAMEBzAD-OSD-DCE-PKI-CERTIDz AD-WIN2K-PACzAD-ETYPE-NEGOTIATION!KERB-AUTH-DATA-TOKEN-RESTRICTIONS KERB-LOCALzAD-AUTH-DATA-AP-OPTIONSzKERB-AUTH-DATA-CLIENT-TARGETcfeZdZejZeeddede dddZ dS) AuthorizationDataItemr<rrradDatarrN) rmrnrorrrrr _AD_TYPESr9rrrrrLrL>s^J      '&x$GGGIIIrrLcHeZdZejZedegeZdS)AuthorizationDataseqN) rmrnrorrrrrLrrrrrPrPKs<J!! %%''(*?IIIrrPc eZdZejZeedeede e ddde edde d ed de d Z dS) r adChecksumrriRealmrriSnameNrelements)rmrnrorrrrrrr RealmrrPrrrrrrVsJ \88::xdKKK E(BT 2 2 2   ||HdMPTUUUVV Z'8tLLL IIIrrc feZdZejZeedddedde dZ dS) AD_AND_ORconditionCountrrrrVNr) rmrnrorrrrInt32rrPrrrrrZrZesRJ 555 Z'8tLLLIIIrrZz PA-TGS-REQzPA-ENC-TIMESTAMPz PA-PW-SALTz PA-ETYPE-INFOzPA-PK-AS-REQ-OLDzPA-PK-AS-REP-OLDz PA-PK-AS-REQz PA-PK-AS-REPzPA-ETYPE-INFO2zPA-SVR-REFERRAL-INFOzPA-PAC-REQUESTz PA-FOR-USERzPA-FOR-X509-USERzPA-FOR-CHECK_DUPSzPA-AS-CHECKSUMz PA-FX-COOKIEzPA-AUTHENTICATION-SETzPA-AUTH-SET-SELECTEDz PA-FX-FASTz PA-FX-ERRORzPA-ENCRYPTED-CHALLENGEzPA-OTP-CHALLENGEzPA-OTP-REQUESTzPA-OTP-CONFIRMzPA-OTP-PIN-CHANGEzPA-EPAK-AS-REQzPA-EPAK-AS-REPz PA-PKINIT-KXz PA-PKU2U-NAMEzPA-REQ-ENC-PA-REPzPA-AS-FRESHNESSzPA-SPAKErzKERB-KEY-LIST-REQrzKERB-KEY-LIST-REPzPA-SUPPORTED-ENCTYPESzPA-EXTENDED-ERRORzPA-PAC-OPTIONS)c"eZdZdZfdZxZS)_PADATA_value_Fieldz A special field that properly dispatches PA-DATA values according to padata-type and if the paquet is a request or a response. ctt|||}|jjt vrt |jj}t |trV|jjduot |jjtp t |jttf}||}|djs|S||dj||dfS|Sr;) r rqr rr_PADATA_CLASSESrtupler KRB_ERRORrr)rrrrris_replyrs rr z_PADATA_value_Field.m2is'..223:: >  0 0!#."45C#u%% $N-T9I"3>#@QRRIIIrrc eZdZejZeedddee dddee ddd Z d S) PA_AUTHENTICATION_SET_ELEMpaTyperrrpaHintrrpaValuerN) rmrnrorrrrr\r rrrrrrrsJ h--- L2D 9 9 9    LBT : : :  IIIrrcHeZdZejZedegeZdS)PA_AUTHENTICATION_SETelemsN) rmrnrorrrrrrrrrrrs<J!!,,../1KIIIrrcJeZdZejZeedddZdS)PA_PAC_REQUEST includePacTrrN) rmrnrorrrrrrrrrrrs:J lDt<<<IIIrrc peZdZedddddiedddd d d d d dedddgZdS)LSAP_TOKEN_INFO_INTEGRITYFlagsrrzUAC-RestrictedTokenIL UntrustedLowMediumHighSystemzProtected process)rri0@iP MachineIDr lengthN)rmrnror)r+r= fields_descrrrrr)s  ,       '!$"$/     +s2666+KKKrrceZdZfdZxZS)_KerbAdRestrictionEntry_Fieldctt|||}|djs|S|jjdkr$t |dj||dfS|Sr;)r rr rrestrictionTyperrs rr z!_KerbAdRestrictionEntry_Field.m2iGsn1488<s///x!|///rr)zFAST-supportedzCompount-identity-supportedzClaims-supportedz!Resource-SID-compression-disabledN)rmrnror)rangerrrrrrsp     0/UU2YY/// 0    KKKrrrmcPeZdZejZeeddgddZdS)PA_PAC_OPTIONSoptionsr)Claimsz Branch-AwarezForward-to-Full-DC%Resource-based-constrained-delegationrrN) rmrnrorrrr KerberosFlagsrrrrrrsTJ         IIIrrroc LeZdZejZedgeddeZ dS)KERB_KEY_LIST_REQkeytypesrrN) rmrnrorrrrrrrrrrrrs?J!! 2q,//IIIrrc LeZdZejZedgeddeZ dS)KERB_KEY_LIST_REPkeysrN) rmrnrorrrrrrrrrrrrs>J!!  R}--IIIrrcfeZdZejZeeddede dddZ dS)KERB_SUPERSEDED_BY_USERrpNrrrealmr) rmrnrorrrrrrrXrrrrrrsPJ VT=tDDD gt$///IIIrrceZdZejZeedgedde de edgedde de de de d e d Z dS) KERB_DMSA_KEY_PACKAGE currentKeysrNrr previousKeysexpirationIntervalr fetchInterval)rmrnrorrrrrrrr r~rGrrrrrrsJ   LT= 1 1       R}55!        )??+<+<4PPP _oo&7&7dKKK!IIIrrceZdZfdZxZS)_KrbFastArmor_value_Fieldctt|||}|djs|S|jjdkr$t |dj||dfS|S)Nrrr )r rr r armorTyperrs rr z_KrbFastArmor_value_Field.m2ism-t4488a@@1vz J =  ! !c!fjc:::CFB B rrrs@rrrrrrcjeZdZejZeeddddidedddZ d S) KrbFastArmorrrFX_FAST_ARMOR_AP_REQUESTrr armorValuerrN) rmrnrorrrrrrrrrrrrsaJ Q :;$    "!,FFF IIIrrc eZdZejZeeeede e dede e dedde dZ dS) rarmorrr reqChecksumr encFastReqNr) rmrnrorrrrr rrrrrrrrrrsJ N WllnnlQUVVV   L H4 P P P Lt] N N N   IIIrrc beZdZejZededede e dZ dS)PA_FX_FAST_REQUEST armoredDatarreqr implicit_tagN) rmrnrorrrrrrrrrrrrr)LJ  B U-/@tTTTIIIrrc ^eZdZejZeeeddedZ dS)KrbFastArmoredRep encFastRepNrr) rmrnrorrrrrrrrrrrr5sKJ Lt] N N N  IIIrrc beZdZejZededede e dZ dS)PA_FX_FAST_REPLYrrrrrN) rmrnrorrrrrrrrrrrrr>rrrc eZdZejZeedede ddde ddd e d d e d e d e e dZd S)KrbFastFinished timestamprrusecrrcrealmrrcnameNrWticketChecksumr)rmrnrorrrrr~rGrrXrrrrrrrrrGsJ [//"3"3$GGG VQT222 h... WdMEEE %xxzz8$OOO IIIrrc eZdZejZeedegede e dde de e de e de d d d ZdS) KrbFastResponsepadatarr stengthenKeyNrfinishedrnoncerrW)rmrnrorrrrrrr rrrrrrrrrrRsJ(VVXXJTJJJ L}4 P P P    LOO--T     w---  IIIrrc eZdZejZeeedddeedddeedddZ d S) ExternalPrincipalIdentifier subjectNamerrrissuerAndSerialNumberrsubjectKeyIdentifierrN) rmrnrorrrrr rrrrrrrjsJ L > > >    L0"4 H H H    L/$ G G G    IIIrrc eZdZejZeedddee de ge deeddd Z d S) PA_PK_AS_REQsignedAuthpackrrrtrustedCertifiersrrkdcPkIdrN) rmrnrorrrrrr rrrrrrrrysJ %r===  #,,../+!        LBT : : :    IIIrrc veZdZejZeedddeedddZ dS) DHRepInfo dhSignedDatarrr serverDHNoncerrN) rmrnrorrrrrr rrrrrrs]J ^Rd;;; L"4 @ @ @  IIIrrc4eZdZejZeddZdS) EncKeyPack encKeyPackrN)rmrnrorrrrrrrrr r s&J \2..IIIrr c eZdZejZededede e dede e dZ dS) PA_PK_AS_REPreprdhInforrr rN) rmrnrorrrrrrrr rrrrrrslJ   B Xyy{{IDIII \::<<$OOO IIIrrc eZdZejZeedeede dddede e de d d d Z d S) ruserNamerr userRealmrrcksumr authPackagerZrWN) rmrnrorrrrrrrXrrrrrrrrsJ Z-dSSS k2D111 Whhjj(FFF}jtDDD IIIrrceZdZejZeedddee dde de dd d ee d dd ee d d gddZdS) S4UUserIDrrrrrNrrrrsubjectCertificaterWr)reserved!KDC_CHECK_LOGON_HOUR_RESTRICTIONSKDC_KEY_USAGE_27r)rmrnrorrrrrr rrrXrrrrrrrrsJw--- L$ D I I I   h... L-t$ G G G    K "    IIIrrc eZdZejZeedeedede e dZ dS)ruserIdrrrrN) rmrnrorrrrrrrrrrrrrs^J Xyy{{IDIII ZXDIIIIIIrrrrrsrtzAS-REQzAS-REPzTGS-REQzTGS-REPzAP-REQzAP-REPz KRB-TGT-REQz KRB-TGT-REPzKRB-SAFEzKRB-PRIVzKRB-CREDrr}rr~rrEnvKrbCredPartz KRB-ERROR)c eZdZejZeeedddeddde de e d e d e e d e j Zd ZdS)rtktVnorrrrrrsnamerencPartrWrcdd|jjDd|jjS)Nrc3HK|]}|jVdSr'rdecoders r z$KRB_Ticket.getSPN..s,CCQU\\^^CCCCCCr@)joinr'rrrr,rs rgetSPNzKRB_Ticket.getSPN sK HHCCTZ-BCCC C C C C JN ! ! # # #  rN)rmrnrorrrrrrXrrrrYrrrr0rrrrrsJ M(AD 9 9 9 E'2D 1 1 1 L--//=t T T T LMMOO]QU V V V   $*I     rrcdeZdZejZeedddedddZ dS) TransitedEncodingtrTyperrrcontentsrrN) rmrnrorrrrr\rrrrrr2r2sNJ h--- Z$777IIIrr2)r forwardable forwarded proxiableproxyz may-postdate postdatedinvalid renewableinitialz pre-authentz hw-authentztransited-since-policy-checkedzok-as-delegateunused canonicalize anonymousc.eZdZejZeeeddede de e de ddde d e e d e d e e d ed edeededededeededeeddee dded ejZdS)rtrrrrrrrrrrW transitedrauthtimerm starttimernendtimero renewTill addressesauthorizationDataNr)rmrnrorrrrr _TICKET_FLAGSrrrXrr2r~rGr HostAddressesrPrYrtrrrrrtrt1sJ M!     L T R R R E(BT 2 2 2 L--//=t T T T L..002CRV    L__%6%6T J J J N [//*;*;$OOO   LOO$5$5D I I I N [//*;*;$OOO   N k===   N '/@t  1  <$1?   IIIrcLeZdZejZeeddgddeddDzgdzd e e d d e d e d dd e e dd e d e e dd d e ded e e ded eddd edged e edd e e dd ed e ed ged!  Zd S)"KRB_KDC_REQ_BODY kdcOptionsr)rr5r6r7r8zallow-postdater9unused7r;unused9unused10zopt-hardware-authunused12unused13zcname-in-addl-tktr>zrequest-anonymouscg|]}d|zS)zunused%drrs rrzKRB_KDC_REQ_BODY.rs555!zA~555rrr)zdisable-transited-checkz renewable-okzenc-tkt-in-skeyunused29renewvalidaterrrNrrrr'rWfrom_rtillrmrtimernrrrorrFrGrHencAuthorizationDatarJadditionalTickets)rmrnrorrrrrrr rrrXr~rGrrr\rLrrrrrrrNrNYsJ     &65uuR}}555' 6() 8? B ||GT=tTTTUU gr--- L$ D I I I   ||GTEEEFF V__..TBBB||G__->->TRRRSSw---'2u4@@@ M+D 9 9 9    L&m$       12zPT U U U  i77IIIrrNpvnormsgTyperrWreqBodyrc eZdZejZeeddddgdeddDzdgzd e d e ge d e d de d Z dS)r fastOptionsrRESERVEDzhide-client-namescg|]}d|zS)zres%drrs rrzKrbFastReq.s111qw{111rrrzkdc-follow-referralsrrrrraNr)rmrnrorrrrrrrrrrNrrrrrrsJ  # 21EE!RLL111  2 &&  '   (VVXXJTJJJ Y&6TJJJIIIrrc@eZdZejZeeej Z dS) KRB_AS_REQrN) rmrnrorrrr KRB_KDC_REQrYrurrrrrgrg4J#*IIIrrgcVeZdZejZeeej Z e dZ dS) KRB_TGS_REQrrN) rmrnrorrrrrhrYrwrrr`rrrrkrksEJ#+Il2GGGrrkrrrrticketr(rnc@eZdZejZeeej Z dS)rrN) rmrnrorrrr KRB_KDC_REPrYrvrrrrrrrirrc@eZdZejZeeej Z dS)rrN) rmrnrorrrrrnrYrxrrrrrrs4J#+IIIrrcteZdZejZeedddede dZ dS) LastReqItemlrTyperrrlrValuerN) rmrnrorrrrr\r~rGrrrrrqrqsVJ h--- Y 1 1EEEIIIrrqrlastReqr keyExpirationrrBrCrDrErFsrealmrHr'rJcaddrr^encryptedPaDatac@eZdZejZeeej Z dS)r}rN) rmrnrorrrr EncKDCRepPartrYr}rrrrr}r} s4J#0IIIrc@eZdZejZeeej Z dS)r~rN) rmrnrorrrrr{rYr~rrrrr~r~s4J#1IIIrceZdZejZeeedddedde de dd gd d e d d e de dd e dejZd S)rr_rrrr`rrrr)rzuse-session-keyzmutual-requiredrrlNrW authenticatorrr)rmrnrorrrrrr KRB_MSG_TYPESrrrrrYryrrrrrrsJ M&!$ 7 7 7  y"m$ O O O M "    L4$ G G G L$ D Q Q Q  $*#IIIrrceZdZejZeeedddeddde dd e d e e d d e d e d ddedede e dd ede eddde e dd ed ejZd S)rauthenticatorPvnorrrrrrrNrrrWcusecrrctimermsubkeyrn seqNumberror\rFr)rmrnrorrrrrrXrrr rrr~rGrrrPrYrsrrrrrr7sRJ M-qt D D D E(BT 2 2 2 L$ D I I I N WdH4HHH   L!$ 7 7 7 L//"3"3$ G G G N Xt]NNN   N{AD999   N *D2CRV    *$1-IIIrrc eZdZejZeeedddedde de dd e d e j Zd S) rr_rrrr`rrr(Nrr)rmrnrorrrrrrrrrrYrzrrrrrrVsJ M&!$ 7 7 7  y"m$ O O O LD-d K K K  $* IIIrrceZdZejZeeedede ddde e dde d e e d dd ej ZdS) rrrrrrrrNrrrWr)rmrnrorrrrr~rGrr rrrrYrrrrrrrbsJ L//"3"3$ G G G L!$ 7 7 7 N Xt]NNN   N{AD999   $0   IIIrc eZdZejZeeedddedde de dd e d e j Zd S) rr_rrrr`rrr(NrWr)rmrnrorrrrrrrrrrYr{rrrrrrvsJ M&!$ 7 7 7  y"m$ O O O LD-d K K K  $( IIIrrcJeZdZejZeeededde e ddde e ddd e e d dd e d ded e e ddedejZdS)ruserDatarrrrNrrrrrWsAddressrcAddressrmr)rmrnrorrrrrrr r~rrrr1rYrrrrrrrsJ L[[__4 H H H N [$TBBB   N VT===   N{Dt<<<   LT;T J J J N Z{NNN    $2#IIIrc eZdZejZeeedddedde de de ge d e d d e d ej Zd S)rr_rrrr`rrticketsrr(NrWr)rmrnrorrrrrrrrrrrrYr|rrrrrrsJ M&!$ 7 7 7  y"m$ O O O  i**,,RV W W W LD-d K K K   $(IIIrrceZdZejZeedeede e ddde edde de e d de d e ed dd e ed dde eddde eddde e ddde edde de edd ZdS) KrbCredInforrrprealmNrpnamerrrWrBrrCrmrDrnrErorvrFr'rHrwrJ)rmrnrorrrrrrr rXrrrKr~rLrrrrrrsJ UMMOO]NNN E(Dt 4 4 4    L$ D I I I    M!        LT = = =   ||KDIIIJJ LDt < < <    Ld > > >    E(Dt 4 4 4    L$ D I I I    M' 5 5 5  A##IIIrrc^eZdZejZeeedegede e ddde e ddde e d dd e e d ded e e d dedejZdS)r ticketInforrrNrrrrrWrrrrmr)rmrnrorrrrrrr rr~rrr1rYrrrrrrrs(J  !     Nw4888   N [$TBBB   N VT===   N Z{NNN   N Z{NNN  '  .$21IIIrrcHeZdZejZedegeZdS) MethodDatarQN) rmrnrorrrrrrrrrrrs1J!!%&&((V<d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTidUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvidwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddde edd de edd ededddedeede eddde eddd ejZd S)rur_rrrr`r$rrNrrrWstimersusecrrmr KDC_ERR_NONErKDC_ERR_NAME_EXPrKDC_ERR_SERVICE_EXPrKDC_ERR_BAD_PVNOrKDC_ERR_C_OLD_MAST_KVNOKDC_ERR_S_OLD_MAST_KVNOrKDC_ERR_C_PRINCIPAL_UNKNOWNrKDC_ERR_S_PRINCIPAL_UNKNOWNrKDC_ERR_PRINCIPAL_NOT_UNIQUErKDC_ERR_NULL_KEYrKDC_ERR_CANNOT_POSTDATErKDC_ERR_NEVER_VALIDrKDC_ERR_POLICYrKDC_ERR_BADOPTIONrKDC_ERR_ETYPE_NOSUPPrKDC_ERR_SUMTYPE_NOSUPPrKDC_ERR_PADATA_TYPE_NOSUPPrKDC_ERR_TRTYPE_NOSUPPrKDC_ERR_CLIENT_REVOKEDrKDC_ERR_SERVICE_REVOKEDrKDC_ERR_TGT_REVOKEDrKDC_ERR_CLIENT_NOTYETrKDC_ERR_SERVICE_NOTYETrKDC_ERR_KEY_EXPIREDrKDC_ERR_PREAUTH_FAILEDrKDC_ERR_PREAUTH_REQUIREDrKDC_ERR_SERVER_NOMATCHr KDC_ERR_MUST_USE_USER2USERr"KDC_ERR_PATH_NOT_ACCEPTEDr#KDC_ERR_SVC_UNAVAILABLEKRB_AP_ERR_BAD_INTEGRITYrKRB_AP_ERR_TKT_EXPIRED!KRB_AP_ERR_TKT_NYV"KRB_AP_ERR_REPEAT#KRB_AP_ERR_NOT_US$KRB_AP_ERR_BADMATCH%KRB_AP_ERR_SKEW&KRB_AP_ERR_BADADDR'KRB_AP_ERR_BADVERSION(KRB_AP_ERR_MSG_TYPErKRB_AP_ERR_MODIFIED*KRB_AP_ERR_BADORDER,KRB_AP_ERR_BADKEYVER-KRB_AP_ERR_NOKEY.KRB_AP_ERR_MUT_FAIL/KRB_AP_ERR_BADDIRECTION0KRB_AP_ERR_METHOD1KRB_AP_ERR_BADSEQrKRB_AP_ERR_INAPP_CKSUMrKRB_AP_PATH_NOT_ACCEPTED4KRB_ERR_RESPONSE_TOO_BIGrKRB_ERR_GENERIC=KRB_ERR_FIELD_TOOLONG>KDC_ERROR_CLIENT_NOT_TRUSTED?KDC_ERROR_KDC_NOT_TRUSTEDr?KDC_ERROR_INVALID_SIGr@KDC_ERR_KEY_TOO_WEAKrBKDC_ERR_CERTIFICATE_MISMATCHCKRB_AP_ERR_NO_TGTDKDC_ERR_WRONG_REALMr KRB_AP_ERR_USER_TO_USER_REQUIREDFKDC_ERR_CANT_VERIFY_CERTIFICATEGKDC_ERR_INVALID_CERTIFICATEHKDC_ERR_REVOKED_CERTIFICATEI!KDC_ERR_REVOCATION_STATUS_UNKNOWNJ%KDC_ERR_REVOCATION_STATUS_UNAVAILABLEKKDC_ERR_CLIENT_NAME_MISMATCHLKDC_ERR_KDC_NAME_MISMATCHKRB_AP_ERR_IAKERB_KDC_NOT_FOUND!KRB_AP_ERR_IAKERB_KDC_NO_RESPONSEKDC_ERR_PREAUTH_EXPIRED"KDC_ERR_MORE_PREAUTH_DATA_REQUIRED&KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET%KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS)UVZ[\]rnrrorrFrrrHr'rJeTextr^eDataryr)rmrnrorrrrrrrr r~rrGrXrrrrrYrrrrrrurusJ M&!$ 7 7 7  y"m$ O O O N Wd>>>   N Wd>>>   L//"3"3$ G G G L!$ 7 7 7  N~N)N, N ) N 0 N0N4N4N5N)N1N-N(N+N .!N"0#N$4%NN&/'N(0)N*1+N,--N.//N001N2-3N405N627N809N:4;N<3=N>1?N@2ANB0CND,ENF+GNNNH+INJ-KNL)MNN,ONP/QNR-SNT-UNV-WNX.YNZ*[N\-]N^1_N`+aNb+cNd0eNf2gNh2iNNNj)kNl/mNn6oNp3qNr/sNt.uNv6wNx+yNz-{N|:}N~9N@5ANB5CND;ENF?GNH6INJ3KNNN:;1<@?[NNN^"eS S S h N554dCCC D D N WdMMMM   E'2D 1 1 1 L--//=t T T T N>>'2DIII J J N//$OOO P PMg g P$)SjjjIIIrrucTeZdZeddeddeddgZdS)KERB_EXT_ERRORstatusrrrrN)rmrnror;rrrrrrsB Ha   J"" GZ((KKKrrceZdZfdZxZS) _Error_Fieldctt|||}|djs|S|jjdkr$t |dj||dfS|S)Nrrr r)r rr rdataTyperrs rr z_Error_Field.m2islL$''++C331vz J < q !#a&*#>>>AF F rrrs@rrrrrrc eZdZejZeedddddddee d d d Z d S) rrrKERB_AP_ERR_TYPE_NTSTATUSKERB_AP_ERR_TYPE_SKEW_RECOVERYKERB_ERR_TYPE_EXTENDED)rrrrr dataValueNr) rmrnrorrrrrr rrrrrrrsyJ  .3+     ||KDIIIJJ  IIIrrc eZdZejZeedddedde de e dd e d e e d d d Zd S) KRB_TGT_REQr_rrrr`rrr'NrrrW)rmrnrorrrrrrrr rrrXrrrrrrsJ fad3339b-dKKK L$ D I I I    E'4d 3 3 3   IIIrrc eZdZejZeedddedde de dd e d Z d S) rr_rrrr`rrrlNr) rmrnrorrrrrrrrrrrrrrrsgJ fad3339b-dKKK XtZdCCCIIIrrc\eZdZejZeedeedZ dS) KRB_FINISHEDgssMicrrN) rmrnrorrrrrrrrrrr"r"sBJ Xxxzz8$GGGIIIrr"c eZdZeddddddeddd d eed eed fged d dgZ dS) KRB_GSS_EXTtyperGSS_EXTS_CHANNEL_BINDINGGSS_EXTS_IAKERB_FINISHEDGSS_EXTS_FINISHED)rrrrNdata!I length_offmtc|jdkS)Nr)r&rs rr7zKRB_GSS_EXT.s J 6rrc|jSr'rr0s rr7zKRB_GSS_EXT.scjr length_from) rmrnror*r(r0r1r"r>rrrrr%r%s  76/      hDAAA K  EE66  L2H2H I I I  KKKrr%cReZdZeddddedeededd d d d d ddddddd eedd deeddddeede e dde de e gZ dS)rLgthNBndsCHrr2rrrGSS_C_DELEG_FLAGGSS_C_MUTUAL_FLAGGSS_C_REPLAY_FLAGGSS_C_SEQUENCE_FLAGGSS_C_CONF_FLAGGSS_C_INTEG_FLAGGSS_C_DCE_STYLEGSS_C_IDENTIFY_FLAGGSS_C_EXTENDED_ERROR_FLAG) rrrrrrrrrDlgOptc|jjSr'rr9r0s rr7z"KRB_AuthenticatorChecksum.  2rDlgthDeleg)r-c|jjSr'rDr0s rr7z"KRB_AuthenticatorChecksum. rErc|jSr')rFr0s rr7z"KRB_AuthenticatorChecksum.ssyrc|jjSr'rDr0s rr7z"KRB_AuthenticatorChecksum.rErExts) rmrnror(r2rQr)r'r.rr3r%rrrrrrsD fde>>>    ,,      ())+'()-3     "  L1 % % 2 2    M'47 ; ; ; 2 2    NX;P;P    3 2     {;;Q)KKKrrz KRB-AP-REQz KRB-AP-REPzGSS_GetMIC-RFC1964zGSS_Wrap-RFC1964zGSS_Delete_sec_context-RFC1964 GSS_GetMICGSS_Wrap IAKERB_PROXY) z DES MAC MD5zMD2.5zDES MACHMAC)rrrrDESnoneRC4)rrceZdZdZeddedededgZdZ d Z e d d Z d S) KRB_InnerTokenzKerberos v5 InnerTokenTOK_IDrOrrrootc6t|j|Sr')_InitialContextTokensra)r_parents rr7zKRB_InnerToken.Gs4W^DQGGrc |dt|jt |jzS)Nz Kerberos %s)sprintf_TOK_IDSgetrareprrs r mysummaryzKRB_InnerToken.mysummaryKs:|| HLLd4;6G6GHH H   rc:|jdvr tjStS)N)rRrSrWrX)rar$ padding_layerrZrpayloads rguess_payload_classz"KRB_InnerToken.guess_payload_classPs ;N N N% %rNcZ|r(t|dkr|dddkrtS|S)Nrrs  *H)lenKRB_GSSAPI_Token)r_pktargskargss r dispatch_hookzKRB_InnerToken.dispatch_hookUs7  (CIIOOAbDzDDD'' rr') rmrnrorpr9rhr1rrrkrprrwrrrr`r`@s #DX{HQGGG  JLL G G  K    [rr`c eZdZdZejZeedde de e de j Z dS)rszKerberos GSSAPI-TokenMechType1.2.840.113554.1.2.2 innerTokenrrN)rmrnrorprrrrrrr`rYrqrrrrrsrsasp "DJ *455  N       $)   IIIrrsc eZdZdZeddeeddeddd eed dd dd gZ d Z dS)KRB_GSS_MIC_RFC1964zKerberos v5 MIC Token (RFC1964)SGN_ALGrFillerlSND_SEQrrr SGN_CKSUMalignpadwithctjSr'r$rmrns rdefault_payload_classz)KRB_GSS_MIC_RFC1964.default_payload_class !!rN) rmrnrorpr- _SGN_ALGSr;r=r4rrrrrr}r}ss ,DAy11 Hj)))S333  k3q 9 9 9   K"""""rr}rRc eZdZdZeddeeddeeddeddd e ed dd d d eddd gZ dZ dS)KRB_GSS_Wrap_RFC1964zKerberos v5 GSS_Wrap (RFC1964)r~rSEAL_ALGrr^rrrrrrr CONFOUNDERctjSr'rrns rrz*KRB_GSS_Wrap_RFC1964.default_payload_classrrN) rmrnrorpr-r _SEAL_ALGSr<r=r4rrrrrrrs +DAy11Q 33 h'')S333  k3q 9 9 9   ,A666 K"""""rrrSc eZdZdZejZdS)"KRB_GSS_Delete_sec_context_RFC1964z,Kerberos v5 GSS_Delete_sec_context (RFC1964)N)rmrnrorpr}rrrrrrs 9D%1KKKrrrT)SentByAcceptorSealedAcceptorSubkeyc|eZdZdZedddeeddded ded d gZ d Z d S) KRB_GSS_MICzKerberos v5 MIC Tokenrrrrsrrrrs ctjSr'rrns rrz!KRB_GSS_MIC.default_payload_classrrN) rmrnrorpr)_KRB5_GSS_Flagsr=r/r?rrrrrrrsv "D 7Aq/22($;AFFF )Q +|,, K"""""rrrWc eZdZdZedddeeddeddedded de e d d d fge d d d gZ dZ dS) KRB_GSS_WrapzKerberos v5 Wrap TokenrrrrECRRCrDatarc|jjSr')rrr0s rr7zKRB_GSS_Wrap.s  0rc|jSr')rr0s rr7zKRB_GSS_Wrap.scfrr2ctjSr'rrns rrz"KRB_GSS_Wrap.default_payload_classrrN)rmrnrorpr)rr:r6r/r0r?r>rrrrrrrs #D 7Aq/22 8T"" 4 5! )QIfc**00  L2D2D E E E  K""""""rrrXc veZdZejZeedddee dddZ dS) IAKERB_HEADER targetRealmrrrcookieNr) rmrnrorrrrrXr rrrrrrrs]J mRd333 L4d ; ; ;  IIIrrrYrz1.2.840.113554.1.2.2.3z 1.3.6.1.5.2.5cNeZdZejZeddeee e e e e eee ZdZdS)rZrbNc4|jSr')rbsummaryrs rrkzKerberos.mysummary sy  """r)rmrnrorrrrrsrrrgrrkrrrrurrkrrrrZrZ s_J  I"#####rrZX)sport)dport)rrrOrPrQrUrVcBeZdZedddgZedZdS)KerberosTCPHeaderrrNr+r.ct|dkrdStjd|ddd}t||dzkr ||SdSNrr+rrrstructunpackrr*rur6rs rtcp_reassemblez KerberosTCPHeader.tcp_reassemble. _ t99q==4tT"1"X..q1 t99 " "3t99  # "rrmrnror,rrrrrrrr( sH8E4T2223K[rrc eZdZeddeddeddedeedeed eed d eed eed dgZ dZ dS) KPASSWD_REQrrNr_apreqlenapreqc|jSr'rr0s rr7zKPASSWD_REQ.F s|rr2krbprivc&|jdz |jz SNr)rrrr0s rr7zKPASSWD_REQ.M ! cl(Brc|jdkSNrrr0s rr7zKPASSWD_REQ.O  )rerrorc|jdz Srrrr0s rr7zKPASSWD_REQ.S STrc|jdkSrrr0s rr7zKPASSWD_REQ.U rrc |j-tjdt||ddz}|jD|j=|ddtjdt|jz|ddz}||zSNz!Hrrr)rrrpackrrrrppays r post_buildzKPASSWD_REQ.post_buildY y 8  D#a&&))AabbE1A = T\%="1" D#dj//:::QqrrUBA3wr) rmrnror6r2rr'rrurrrrrrr@ s 5$ 66"" :t$$ ZZ\\:;S;S     N BB     * )    Ni=T=T    * )   !K0rrc eZdZejZeededde e dde de e ddd Z dS) ChangePasswdData newpasswdrrrtargnameNr targrealmr)rmrnrorrrrrrr rrrXrrrrrra sJ [++b//EEE LT=t L L L   uu[$TBBBCC IIIrrc eZdZeddeddeddedeedeed eed d eed eed dgZ dZ dZ dS) KPASSWD_REPrrNr_rapreplenaprepc|jSr'rr0s rr7zKPASSWD_REP.r rrr2rc&|jdz |jz Sr)rrrr0s rr7zKPASSWD_REP.y rrc|jdkSrrr0s rr7zKPASSWD_REP.{ rrrc|jdz Srrr0s rr7zKPASSWD_REP. rrc|jdkSrrr0s rr7zKPASSWD_REP. rrc |j-tjdt||ddz}|jD|j=|ddtjdt|jz|ddz}||zSr)rrrrrrrrs rrzKPASSWD_REP.post_build rrc,t|tSr')rr)rothers ranswerszKPASSWD_REP.answers s%---r) rmrnror6r2rr'rrurrrrrrrrl s 5$ 66"" :t$$ ZZ\\:;S;S     N BB     * )    Ni=T=T    * )   !K0.....rrKRB5_KPASSWD_SUCCESSKRB5_KPASSWD_MALFORMEDKRB5_KPASSWD_HARDERRORKRB5_KPASSWD_AUTHERRORKRB5_KPASSWD_SOFTERRORKRB5_KPASSWD_ACCESSDENIEDKRB5_KPASSWD_BAD_VERSION KRB5_KPASSWD_INITIAL_FLAG_NEEDED)rrrrrrrrc@eZdZeddeeddgZdS)KPasswdRepData resultCoder resultStringrN)rmrnror5KPASSWD_RESULTSr7rrrrrr s5|Q88$$KKKrrc&eZdZeddZdS)KpasswdNc|rpt|dkr]|dddkrtS|dddkr:t|ddddz}|d krtS|d krtStS) Nrrssrrrrrr)rrrr r)rrtrurvasn1_tags rrwzKpasswd.dispatch_hook s  'CIINNAaCyK''""ack))%d1Q3i003d:r>>&&^^&&rr')rmrnrorrwrrrrr s2   [   rrcBeZdZedddgZedZdS)KpasswdTCPHeaderrrNr+rct|dkrdStjd|ddd}t||dzkr ||SdSrrrs rrzKpasswdTCPHeader.tcp_reassemble rrrrrrrr sF8E4T2223K[rrceZdZedgdZedgdZGddeZejddddddddgdddddd d ffd Z d Z fd Z dZ dZ dZejddZejedZejedZejedZejedZejdZejdZdZejeddZejeddZejedd Zejed!Z ejed"Z!ejed#Z"ejed$Z#eje#d%Z$ejd&d'Z%xZ&S)(KerberosClient AS_Result)asrep sessionkeykdcrep TGS_Result)tgsreprrceZdZdZdZdZdS)KerberosClient.MODErrrN)rmrnrorurwGET_SALTrrrMODEr srr NFrrc <ddl}ddlm}|std|std|||jj|jjfvrt|\}}nT||jjkr5t|\}}|s |r|j j }ntd||jj|jjfvr|stdn!||jjkr|std|s)|||d|| d d j}||jjkr&|td dd lm}|j|jg}n"| dd lm}|j|j|j|jg}||_||_d|_||_||_||_|}|j|jj|jjfvr/||_|ot;||_||_||_ ||_ ||_!| |_"| |_#| |_$| |_%| |_&||_'d |_(d |_)d|_*tWtX|j-dd|i|dS)Nr dclocatorz Invalid upnz Invalid spnz Invalid realmz Invalid hostzInvalid ticketconnectdebugtimeoutmodeportrz(Cannot specify etypes in GET_SALT mode !EncryptionTypeFsockr).rscapy.layers.ldapr rr rurrrwrrrr,riiprAES256_CTS_HMAC_SHA1_96AES128_CTS_HMAC_SHA1_96RC4_HMAC DES_CBC_MD5etypesrresult_timeout_ip_port_connectupperhostr%passwordrrrlrWadditional_ticketsu2ufor_user s4u2proxyrshould_followuppre_authfxcookier r__init__)rrrr#rr$rrrlrWr%r&r'r(rrrrr6scapyr rrrrs rr,zKerberosClient.__init__ s* "!!!////// ,]++ + ,]++ + = ($)*<===%c??55***%c??566#L,3355E 111 DI$di&89 9 9 1 000 1 TY& & & 3 !1222 jj!,,  49% % %! !KLLL 9 9 9 9 9 966FF^ 9 9 9 9 9 966'* F      }} 9)49+=> > > DI$?h)?)?DM[[]]   "4  " %  ,nd##,        rctj}||j||j|jft |t}|Sr')socket settimeoutrr rr rDr)rrs rr!zKerberosClient._connectG sQ}  &&& dh +,,,D"344 rcvtt|t|z dSr')r rsendr)rrrs rr2zKerberosClient.sendN s3 nd##(():)<).S s888q<??888rz"forwardable+renewable+canonicalizer)hoursr)rr]rOrrrZr[rr$r) rNrrrrrrrH_fixrWrOset)rnow_timekdcreqs r _base_kdc_reqzKerberosClient._base_kdc_reqQ s!88DK888";%dj11&x)"2E2E2E'EFF'923F3F3F(FGGwq*55::<<==     : )   ! !"a ( ( ( rc tjtjd}||}t tdt|j ddg|_ t |j|_t|j|_t't)t+tdt-t/d   g|  }|jr|jjdt+dt9 |jjdj|jtAtC||j"r4|jjdt+d|j" |S)Nr microsecondr9rr r2r3rC)rrryrrarbr)r|r`)#rnowrutcreplacer;r1rrr#ljustrGrrrrrrr'rZrgrrr r*rbrinsertrryrrrrr+)rr9kdc_reqasreqs ras_reqzKerberosClient.as_reqa s< --55!5DD$$h$77 %b))#DIOOB$<$<==     &--dh77 %--dh77 #/#4#4$2l2>N>N$O$O$O       =  J  $ $" -    J a , 4 4-4I(4S4STTT    =  J  $ $" $     rc *tjtjd}||}t |j\}}tt|t |jdt|tdddd}t|jt!}|jr |j|_|jr|jddt|j|_t3t5t7td|g|  }|jBdd lm}t?t |jtt |jdtA } tCj"d | j#j$j%d&d| j#j'D| j(j%z| j)j%z*z} | j+,|j-| |j.|j/j01t7td| |j2rd|j/j01t7tdtgd|jdd|j-j4r@tA|_+|j+,|j-tk||j67|j-||S)Nrr=r?rrrrrrrr\)rlr~r"rrCrDrE) ChecksumType)rrrr7rc3$K|] }|jV dSr')rrs rr-z)KerberosClient.tgs_req.. s$IIaAEIIIIIIr)rrDror)rr)8rrFrrGrHr;rrrrrrrrrrlrr%r]r&rOr8rrr'rZrkrr'rrPrrrrrrrr/rrrencoderr&rHMAC_MD5rbrappendr(rrrr~r) rr9rKrrr~rtgsreqrP paforuser S4UByteArrays rtgs_reqzKerberosClient.tgs_req s{< --55!5DD$$h$77tx(( 6)&v..''11'11q//!%    $+]__MMM  " @(,(?G % 8 *   " "2q ) ) )%--dh77 #/??$)       = $ 7 7 7 7 7 7#&..t}==-j.G.G.JKKjjI ";i(15GGII9+=+HIIIII)-.+/0&((L O &/ !    K  % %+C00 )    > * K  % %+C00 . G!!!      " "2q ) ) ) 8  "***M    $ $g    ##DHm<<< rr)r<cdSr'rrs rBEGINzKerberosClient.BEGIN  rcl|j|jj|jjfvr|dSr')rr rur SENT_AP_REQrs rshould_send_as_reqz!KerberosClient.should_send_as_req s8 9)49+=> > >""$$ $ ? >rcX|j|jjkr|dSr')rr rw SENT_TGS_REQrs rshould_send_tgs_reqz"KerberosClient.should_send_tgs_req s. 9 ) ) )##%% % * )rcT||dSr')r2rMrs r send_as_reqzKerberosClient.send_as_req s" $++--     rcT||dSr')r2rXrs r send_tgs_reqzKerberosClient.send_tgs_req s" $,,..!!!!!rcdSr'rrs rr]zKerberosClient.SENT_AP_REQ r[rcdSr'rrs rr`zKerberosClient.SENT_TGS_REQ r[rcxddlm}m}d}d}|r|D]o}|jdkrK|I|jjd}|jj|jvr#|jj}||j kr |j j}X|jdkr |j|_ p|p |jd}|j #| ||j||_ dSdS)Nr)rrrrr`)rrrrryrQrrrrrr+r string_to_keyr$)rpadatasrrrrrelts r_process_padatas_and_keyz'KerberosClient._process_padatas_and_key s::::::::  ! 7 7$,, ,03Cy} 33 #  N$;;;#&8>?x!R''x'''%?**,,&--chn.@AAA'+$ $ jjll"!"6777 jjll" ???rrct|vrAt|jtr)||dSdSr')rZrrbrroaction_parametersrts rreceive_as_repzKerberosClient.receive_as_repQ sB s??z#(J???**,,0055 5 ???rc|jrBd|_|||t jd|)NFz(Socket was closed in an unexpected state)r) update_sockr!rZr&rrors rretry_after_eof_in_apreqz'KerberosClient.retry_after_eof_in_apreqV s_   #(D   T]]__ - - -**,,   H I I I**,, rc6||jj|jst jd|jj}||j}| |j|j ||_ dS)Nz2Pre-authentication was disabled for this account !) rlrbrr*r&rr(rr RES_AS_MODErrrrencrs rdecrypt_as_repzKerberosClient.decrypt_as_repa s} %%cho666} V   T U U Uhkk$(##&&sx#FF rct|vrVt|jtr>t jd||dSdS)Nrr)rZrrbrur&rrsrorts rreceive_krb_error_tgs_reqz(KerberosClient.receive_krb_error_tgs_reqk sS s??z#(I>>?   4 5 5 5 HHJJJ**,,  ???rct|vrt|jtri|js9|jjjjdjdkrtj d| |dSdS)Nrskrbtgtz(Received a cross-realm referral ticket !) rZrrbrrWrlr'rrr&rrorwrts rreceive_tgs_repzKerberosClient.receive_tgs_repr s{ s??z#(K@@?: P#(/"7"B1"E"IY"V"V#$NOOO**,,0055 5 ???rc|jj}||j}||j|j||_dSr')rbr(rr RES_TGS_MODErrr~s rdecrypt_tgs_repzKerberosClient.decrypt_tgs_repy sJhkk$(##''#'--//3GG r)finalcdSr'rrs rrozKerberosClient.FINAL r[r)'rmrnrorr}rrr rur,r!r2r;rMrXr#staterZ conditionr^raactionrcrer]r`rlreceive_conditionrprurxeofr{rrrrrorrs@rrr s*[*K*K*KLLK:l,N,N,NOOLw[       %o o o o o o bDDDDD ---^]]]~TZ   T^E%%%T^E&&&T[#$$!!%$!T[$%%""&%"TZ\\  \ TZ\\  \ 4TKa000##10#(TKa000##10#(TKa00066106TXkT[  GG! GTL))*) TL))66*)6 T[!!HH"!H TZa       rrc8tjd|}|std|z|ddkr+|d}|d}n*|d}|d}||fS)Nz^([^@\\/]+)(@|\\|/)([^@\\/]+)$zInvalid UPN: '%s'rr.rrrematchrgroup)rmrdomains rrr s 2C88A 4,s2333wwqzzSwwqzzwwqzz <rctjd|}|std|z|d|dfS)Nz-^((?:[^@\\/]+)/(?:[^@\\/]+))(?:@([^@\\/]+))?$zInvalid SPN: '%s'rrr)rrs rrr sO A3GGA 4,s2333 771::qwwqzz !!rWIN10c J|t|\}}|6|4 ddlm} | dd}n#t$rt d}YnwxYwt d t jj|||pd|z||||d|} | | | j S) a Kerberos AS-Req :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" or "user@DOMAIN" :param spn: (optional) the full service principal name. Defaults to "krbtgt/" :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local). :param key: (optional) pass the Key object. :param password: (optional) otherwise, pass the user's password :param realm: (optional) the realm to use. Otherwise use the one from UPN. :param host: (optional) the host performing the AS-Req. WIN10 by default. :return: returns a named tuple (asrep=<...>, sessionkey=<...>) Example:: >>> # The KDC is on 192.168.122.17, we ask a TGT for user1 >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") Equivalent:: >>> from scapy.libs.rfc3961 import Key, EncryptionType >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key) NrpromptzEnter password: T is_passwordkrbtgt/)rrrrr#rr$rr) rprompt_toolkitr ImportErrorinputrr rurunstopr) rrrrr$rr#r6rrclis r krb_as_reqr s> }c??5 {   5111111!6"4$GGG 5 5 5 !344 5    '  $9u$        CGGIIIHHJJJ :s.A  A Fc  tdtjj|||||||||| | | d | } | | | jS)a- Kerberos TGS-Req :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" or "user@DOMAIN" :param spn: the full service principal name (e.g. "cifs/srv1") :param sessionkey: the session key retrieved from the tgt :param ticket: the tgt ticket :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local). :param renew: ask for renewal :param realm: (optional) the realm to use. Otherwise use the one from SPN. :param additional_tickets: (optional) a list of additional tickets to pass. :param u2u: (optional) if specified, enable U2U and request the ticket to be signed using the session key from the first additional ticket. :param etypes: array of EncryptionType values. By default: AES128, AES256, RC4, DES_MD5 :param for_user: a user principal name to request the ticket for. This is the S4U2Self extension. :return: returns a named tuple (tgsrep=<...>, sessionkey=<...>) Example:: >>> # The KDC is on 192.168.122.17, we ask a TGT for user1 >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") Equivalent:: >>> from scapy.libs.rfc3961 import Key, EncryptionType >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key) ) rrrrrrrlrWr%r&rr'r(r)rr rwrrr)rrrrlrrWrr%r&rr'r(r6rs r krb_tgs_reqr syb    (   -      C GGIIIHHJJJ :rc ntd||||d|}|sdStd|||j|jj|d|S)z& Kerberos AS-Req then TGS-Req )rrrr$N)rrrrlrr)rrrrrl)rrrrr$r6rs rkrb_as_and_tgsr sk  Jx J J6 J JC     >y       rc |t|\}}tdtjj||d|z||d|}|||jS)zG Kerberos AS-Req only to get the salt associated with the UPN. Nr)rrrrrr#r)rrr rrrr)rrrr#r6rrs r krb_get_saltr) s| }c??5    )          CGGIIIHHJJJ :rc  xddlm}|st|\}}d|z}|||| d| | j}|||dd}|dvs Jd |z|d krBt jd d } t|||||| }|dS|j j }|j }| t|} n| r||}| s |r Jd|A|,t|||||| }|dS|jj }|j }td%|||||| d| }|dd\}}}|t"kr't%d|r|dS|jj}t-j}|| ||| ft3|t4}|4 ddlm}|dd }n#t:$rt=d}YnwxYwt?tA}|j!"|j#tItKtMdtOdtO| r7tQtS|tT+||n|dd|j,|-t5t]| rdnd||z | d}|st_d t`|vr#|tcd!|||j2\}}}|tfkr't%d"|r|dS|j4j!5|j#}tm|j7j8}|j9dkr8t%|:d#|dStw|:d$dS)&a Change a password using RFC3244's Kerberos Set / Change Password. :param upn: the UPN to use for authentication :param targetupn: (optional) the UPN to change the password of. If not specified, same as upn. :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for _kerberos._tcp.dc._msdcs.domain.local). :param key: (optional) pass the Key object. :param ticket: (optional) a ticket to use. Either a TGT or ST for kadmin/changepw. :param password: (optional) otherwise, pass the user's password :param realm: (optional) the realm to use. Otherwise use the one from UPN. :param setpassword: (optional) use "Set Password" mechanism. :param ssp: (optional) a Kerberos SSP for the service kadmin/changepw@REALM. If provided, you probably don't need anything else. Otherwise built. rr zkadmin/changepw@%sNr rr)rkadminzUnexpected ticket type ! %srzAUsing 'Set Password' mode. This only works with admin privileges.T)rrrlrrrz-Cannot use targetupn in changepassword mode !)rrrrr$r)UPNSPNSTKEYDC_IPr req_flagsz,SSP failed on initial GSS_Init_sec_context !rzEnter NEW password: rr(rserA)rrr)rrrrrrr)r_rr)rverbosezKPASSWD_REQ timed out !z!Invalid response to KPASSWD_REQ !z/SSP failed on subsequent GSS_Init_sec_context !zKPASSWD failed !z %resultCode%r)! D|Z&F/C      "66 7GS))))>???   HHJJJ N E =??DOOGLL"d . / /D 8 - - - - - - &!7TJJJKK 8 8 8 677KKK 8}///G O %a#$455!!$"-!.!6!6y!A!A"'!  (%   . 88 &-A       D 64555$ <===!66w KKGS)N""ABBB   HHJJJ $,,W-BCCIY/344GQ 233444  '//. ) )*****sG..H  H ceZdZdZdZdZGddejZGddejZ dfd Z dd Z d Z ddZ dZ ddedeefdZdZddefdZddefdZddefdZdefdZdefdZxZS)ra The KerberosSSP Client settings: :param ST: the service ticket to use for access. If not provided, will be retrieved :param SPN: the SPN of the service to use :param UPN: The client UPN :param DC_IP: (optional) is ST+KEY are not provided, will need to contact the KDC at this IP. If not provided, will perform dc locator. :param TGT: (optional) pass a TGT to use to get the ST. :param KEY: the session key associated with the ST if it is provided, OR the session key associated with the TGT OR the kerberos key associated with the UPN :param PASSWORD: (optional) if a UPN is provided and not a KEY, this is the password of the UPN. :param U2U: (optional) use U2U when requesting the ST. Server settings: :param SPN: the SPN of the service to use :param KEY: the kerberos key to use to decrypt the AP-req :param TGT: (optional) pass a TGT to use for U2U :param DC_IP: (optional) if TGT is not provided, request one on the KDC at this IP using using the KEY when using U2U. :param REQUIRE_U2U: (optional, default False) require U2U rzrc"eZdZdZdZdZdZdZdS)KerberosSSP.STATErrrrrN)rmrnroINITCLI_SENT_TGTREQCLI_SENT_APREQCLI_RCVD_APREPSRV_SENT_APREPrrrSTATEr s'rrc4eZdZgdZdfd ZdZdZxZS)KerberosSSP.CONTEXT) SessionKeyServerHostnameU2Ur STSessionKeySeqNumr RecvSeqNum IsAcceptorSendSealKeyUsageSendSignKeyUsageRecvSealKeyUsageRecvSignKeyUsageNcvtjj|_d|_d|_d|_d|_d|_d|_ d|_ ||_ |rd|_ d|_ d|_d|_nd|_ d|_ d|_d|_t!tj||dS)NFrrrrrr)rrrrrrrrrrrrrrrrr CONTEXTr,)rrrrs rr,zKerberosSSP.CONTEXT.__init__) s$*/DJ"DO"&D DHDODO!%D  $D (DO +(*%(*%(*%(*%%(*%(*%(*%(*% +%t , , 5 5 5 J J J J JrcH||j|jdS)Nr)r,rrrs r clifailurezKerberosSSP.CONTEXT.clifailure@ s" MM$/TZM @ @ @ @ @rc|jrdSdS)NzKerberosSSP-U2Ur)rrs r__repr__zKerberosSSP.CONTEXT.__repr__C sx )(( =rr')rmrnro __slots__r,rrrrs@rrr su    K K K K K K. A A A ! ! ! ! ! ! !rrNFrc  ||_||_||_||_||_||_||_||_| |_| |_ | ddl m } | j } | |_ tt|jdi| dS)Nrrr)rrrrTGTPASSWORDrr REQUIRE_U2Urrrr SKEY_TYPEr rr,)rrrrrrrrrrrrr6rrs rr,zKerberosSSP.__init__H s   &   9 9 9 9 9 9&>I")k4  )33F33333rc||jjdvrdd|D}tdt d|jrdndz|j }|t|d d z }|j|j | |j _ nt|xjd z c_|S)zM [MS-KILE] sect 3.4.5.6 - AES: RFC4121 sect 4.2.6.1 rrrc32K|]}|j |jVdSr'signr*rs rr-z+KerberosSSP.GSS_GetMICEx..p +==af=af======rrWr+SentByAcceptorr)rrrarbNrr$rr) rrr/r`rrrrr%rrbrNotImplementedError)rrmsgsqop_reqToSignsigs r GSS_GetMICExzKerberosSSP.GSS_GetMICExh s  &( 2 2XX==d=====F " *,3,>F((BH#.C eCjj"o %F!(!6!D!D 1"E""CH   & %a rcF|jj|_|jjdvr[dd|D}|t |ddz }|j|j|}nt||jj krtddS)zM [MS-KILE] sect 3.4.5.7 - AES: RFC4121 sect 4.2.6.1 rrc32K|]}|j |jVdSr'rrs rr-z.KerberosSSP.GSS_VerifyMICEx.. rrNrrERROR: Checksums don't match) rbrrrrr/rr%rrrr)rrr signaturerrs rGSS_VerifyMICExzKerberosSSP.GSS_VerifyMICEx s '^3  &( 2 2XX==d=====F eI&&ss+ +F'55 16CC & % ).* * *;<< < + *rc t |jtjzotd|D}|jjdvrt dtd|jrdndz|rdndz|j d  }|xj d z c_ |rtj |jj j }d d |D}t|}| |jj j zpd|j_d|jjz} || z }t%|dd} || z }|} | d d|Dz } | | z } | | z } d|j_|j|j||| }t-||jj|jjz}t||z } |d| |j_| } |D]4}t|j}|jr|| | |z|_| |z } 5||fSd d|D}t|}|} | t%|ddz } |j|j| }d|j_d|j_|D]}|jrd |_||z}t-||jj|j_||fS|jjdvrOddlm}m}m}m }tCj"d|j }t dtGd|rdnd||jrdndz  }|xj d z c_ |d d!|D} d d"|D}|jj$}tj d#}tK|t|d$z}|jjd%kr,||&d&}|dd'd(z}n||&d}||&|}|jd)t%|dd#|z| zdd#|j_'|r||(|d*)}|*||j_+|*|}d} |D]4}t|j}|jr|| | |z|_| |z } 5n ||j_+|jjd%kr,||&d&}|dd'd(z}n||&d}||&|jj'}||(|d*)}|*|jj,|j_,t[d+|,}||fSt\)-z [MS-KILE] sect 3.4.5.4 - AES: RFC4121 sect 4.2.6.2 and [MS-KILE] sect 3.4.5.4.1 - HMAC-RC4: RFC4757 sect 7.3 and [MS-KILE] sect 3.4.5.4.1 c3$K|] }|jV dSr') conf_req_flagrs rr-z)KerberosSSP.GSS_WrapEx.. s=P P !AOP P P P P P rrrXrrrz+Sealedr)rrrrrrc32K|]}|j |jVdSr'rr*rs rr-z)KerberosSSP.GSS_WrapEx.. s+HH1HHHHHHHrrNc32K|]}|j |jVdSr'rrs rr-z)KerberosSSP.GSS_WrapEx.. s+"B"Ba16"B16"B"B"B"B"B"Brr")r$ plaintextrsigntextc32K|]}|j |jVdSr'rrs rr-z)KerberosSSP.GSS_WrapEx.. s+??1???????rrrrrCipherHmac_MD5 _rfc1964paddecrepit_algorithmsz>IrSrZr]r\s)r~rrc32K|]}|j |jVdSr'rrs rr-z)KerberosSSP.GSS_WrapEx..+)I)IQ!&)I!&)I)I)I)I)I)Irc32K|]}|j |jVdSr'rrs rr-z)KerberosSSP.GSS_WrapEx..+ I IA I I I I I I Irrrfortybitsr rrrzryr{)/rrKr=anyrrr`rrrosurandomep blocksizer/rrrbrrrrrrErr*rr%rrr rrrrrrrrFdigestrARC4 encryptorupdaterrrsr)rrrrconfidentialityr ConfounderrDataLenr PlainHeaderrtoklenoffsetmsgmsglenMicr rrrrQ ToEncryptKssKlocalKcryptrc4Kseqs r GSS_WrapExzKerberosSSP.GSS_WrapEx s#=;+FF CP P %)P P P M M   &( 2 2 "!*,3,>F((BH$3;yy=$.    C   ! #  G ! Z(=(@(JKK xxHHHHHHHd))!(G,A,D,NNUSU  38;.#Cjj"o  ###(("B"B4"B"B"BBBB& +% " ,44$5")# 5dCHL38;$>??TW, $WfW  ))C ]]F()#'&(@#A&(Sy xx???????d))%**SbS/)+99$5: !  " ''Cx'#&cz &tSX\ : : Sy  " (H 4 4            +dG$677C ")"&5AUU6#-1++0       C   ! #   [)I)I$)I)I)I!I!IJJF I I I I IIII'+CAJCSG!344F$*b00!&))001WXXk1!&))001DEEXf%%,,S11F!(!6!D!D3ZZ^j069"E""qb"CH   1f055f==DIIISSUU&)jj&<&<#zz),,))C ]]F()#'&(@#A&( )'1#$*b00x}}++,RSSBQBx+-x}}++,?@@8D>>(();<.TrrF)rightcd}|}D]D}t|j}|jr|||||zz }||z }3|jr ||jz }E|||dz }|Sr)rrr*rr)r%DecTextr)rr*r+rs r MakeToSignz,KerberosSSP.GSS_UnwrapEx..MakeToSignYsF'F#//!$SX,/"gfv.F&GGF"f,FF X/"ch.Fgfgg..F!Mr)r$ ciphertext presignfuncNirrzERROR: Headers don't matchrc32K|]}|j |jVdSr'rrs rr-z+KerberosSSP.GSS_UnwrapEx..s+ @ @A @ @ @ @ @ @ @rrrr r r^c32K|]}|j |jVdSr'rrs rr-z+KerberosSSP.GSS_UnwrapEx..rrrrrrrrrrc32K|]}|j |jVdSr'rrs rr-z+KerberosSSP.GSS_UnwrapEx..rrrr)r$rr)%rrrbrrrr/rErrrrcopyrrrrr*rr%rr rrrr{rrr rr!r"r#rrFrr!r)rrrrr$rr9 f16headerhdrr)r*r+r,rrr rrrr ToDecryptr.r2r1rQr/r0r%s ` r GSS_UnwrapExzKerberosSSP.GSS_UnwrapExGs  &( 2 2'n29OP  ~* I I I I IIIIdIN$69J$JRWXXX"""""",44$5# *5#JJ   nn&&  c 3B3//$%ABBB))C ]]F()#'&(@#A&(t99>>$q',>#'DGL !~* @ @ @ @ @@@@dIN$6eDDD !5IN$5#5!56in>O=O=Q=Q8Rcnn&&   %**SbS/)+99$5: #::$%CDDDt99>>$q',>#'DGL  " (H 4 4            &C"h/69O I I I I IIII'+C$*b00x}}++,RSSBQBx+-x}}++,?@@8D>>(();<fS|j j|j!c|_|_n|jstd|j|_"tG|jj$j%dkr3|jj$j%dj&'|_(tSd}|j*tVj,zr|-dd|jr|-ddd|_t]||jt_} taj1tdj34d} |5|j6toj8d|_9tudd;|_<t{|j \} } | j>?|j"t| tB|j tdtt|j*t| tdtI|j9|j<ttdttdttttd !td"d#!g$!g$%|jjP|_|j*tVjQzr || tfS|tt| &'tfS|j|jjPkrt)|tr|} nh |jjj} nU#t$$rH |jj} n7#t$$r* |j} n#t$$r|dt&fcYcYcYSwxYwYnwxYwYnwxYwt)| ts |dt&fS| jST|j"}|jU4|jUjVj&|_W|jUX|_9|jjY|_|j*tVjQzrtaj1tdj34d} tt_(}|jS?|j"tt| |j[d)||tfS|dtfS|j|jjYkr|j*tVjQzr |dtfStd*)+NFrrrrrrUrrzMissing UPN attributeMissing SPN attributezKerberosSSP: Unexpected token !zCannot use TGT without the KEY)rrrrrlr%r&r)rrrrr$r%r&rzMust provide KEY with STrr0001T)rrlr~r=rr6r)r)rrr>rFr)r)r)r<rMrHs)rQrOrEr{r)rrrzKerberosSSP: Unknown state)]rrrrrrrrrsr`rrNrrrrrbr{AttributeErrorrOrrrsrlrrrrrrrrPrrrrrr'rrr,rr rrKr:r8rrrrFrrGrH random_to_keyrrrrrHr7rrr~rrrrrrintrrrrrPrLrrrrIrr?rr(rrrrrrrrrM)rrrrrr%tgt_reprrap_reqr9rrap_reprepPart cli_ap_reps rrz KerberosSSP.GSS_Init_sec_contexts ?lleylIIG****** =DJO + + + J6GM 5-*(]]   &   =TZ_dj.HI I I8 : !8999wx>$%<===%'"8 :H"%("5":)HHHH&)n&9GG-HHH#*D2G#GGGGGGH$GH &g{;;L ()JKKK*1.)9&8'8K()IJJJ% H H:#'8#x+= H"j   CC) H H: H!%+= H"j   C8"D-77$'J$5s~!X = !;<<<#'8G 47=+,,11)-)A!)D)H)O)O)Q)Q&'..I}{<< & a%%%x # a%%%" #w+ooF  |HL1199a9HHH$'$5$5 2%%G !")J!7!7!!>G "48,,IAv  ( ($!!'//99""5!:W]ASAS!T!T!T099&q//(001FGG%0):1'7'8(=3V3LCGBKK>P>P=2=2=24.4.4.)*)*)*)>3?3?)*)*)* )&("("("***###& & & N!J5GM}{:: (===$#1!'$$$ *]dj7 7 7#z** H H X05FF% H H HH!$!4)HHHH%(XFF-HHH#*D2G#GGGGGGGGH#FH Hfj11 <&;;;n,,W-ABBG~)%,^%<%@"(/(<(<(>(>% J5GM}{:: ; $< 55==!=LL' @@@ "**( 3H==")"3# N::D.0 0 MTZ6 6 6 ;; 7D.0 09:: :sC11 D(< D D( D"D(!D""D('D(V W(! V.-W(. W"9WW"WW"W(WW"W(!W""W('W(cX|js d|jdddd}n#t$rt dwxYwt ||j|j}|j j |j c|_|_dSdS)Nr.rr.z+Couldn't transform the SPN into a valid UPN)r) rr/rrKeyErrorrrrrrrlr)rrrs r _setup_u2uzKerberosSSP._setup_u2usx B Phhtx~~c2215;;CCCDD P P P !NOOO PS$*$(;;;C!$!13> DHdhhh B Bs AAA+c ||dd}ddlm}|j|jjkr)|jstdt|tr|}nH |j j j }n5#t$r( |j }n#t$r|dtfcYcYSwxYwYnwxYwt|trV|d|_dt#dt%dt'|j  t*fSt|ts#|td |jstd d d|jjjddD}||j|jdddfvr$t=d|d|j|dt>fS|j r|j!j"ddkr|d|_tGj$tJj&'d}t#t%dtQdtS||jj*|jjt'|j }||t*fS |jj+,|j}n#t$r} t=d| ztGj$tJj&'d}t#t%dtQdtS||jj*|jjd }||tfcYd} ~ Sd} ~ wwxYw|j-.|_/|j0,|j/} d} |j!j"ddkr[|1|j2tgj4d} | |_5| j-|_6tn8| } n|j|_5|jj-|_6| j9r&| j9j:dkr| j9j;j<|_=t}t} | j+@|j/t| jB| jCd| |jjD|_|j=tjFzr || t*fS|| tfS|j|jjDkr|j=tjFzr|s |dtfSt|t|r|} nH |j j j } n5#t$r( |j } n#t$r|dtfcYcYSwxYwYnwxYw | j+,|j/n3#t$r&} t=d| z|dtfcYd} ~ Sd} ~ wwxYw|dtfStd t|jz)!NTrrErrFrrV)rlrrzUnexpected type in KerberosSSPzMissing KEY attributerc3HK|]}|jVdSr'r+rs rr-z5KerberosSSP.GSS_Accept_sec_context..s=#$ rrrSrzKerberosSSP: bad SPN: z != rHr=rQr)rrrr'rrIzKerberosSSP: %s (bad KEY?)rrrr)rrrrzKerberosSSP: Unknown state %s)Irrrrrrrrrrrbr{rJrOrrUrrsr`rrrNrsrr/rlr'rlowerrrrLrrrrrFrrGrHrurrr(rrrrr~rKrrrrrrrrrrrrrrrrrrrrKr?rMrj)rrrrrNtkt_spnr9errtktexr~rappkeyrOs rGSS_Accept_sec_contextz"KerberosSSP.GSS_Accept_sec_contexts! ?lldal@@G****** =DJO + +8 : !8999#z** DD X05FF%DDDD!$)DDD&.CCCCCCCDD &+.. C!!!" $!9#1#.!,'+x"""$$$*    33 C  !ABBB8 : !8999hh(. (;(Frr(Jegg tx~~//1A1A1G1GQ1O1OPQ1RSSSGGGTXXNOOOn44 ;F$4$8$;s$B$B!!!" #< 55==!=LL&-*&&H"7"A"A"(-"5"(-"5"-'+x###       %::: ;m+33DH== ; ; ;4r9:::#< 55==!=LL&-*&&;"7"A"A"(-"5"(-"5"&       %:::::::: ;"$'7==??G "0889MNNMF#A&#--**NJrNN)/%%+Z"&..v66(,%%)X\"" G &0F::$1$7$@$FGM 888F N " "$'-'-"!    !J5GM}{:: >(===FN2 2 MTZ6 6 6 ;; 7  <&;;;#z** DD X05FF%DDDD!$)DDD&.CCCCCCCDD <&&w';<<<< < < <4r9:::&;;;;;;;; <D.0 0r? scapy.packetr@rArBrCscapy.supersocketrD scapy.utilsrErFscapy.volatilerGrHrIscapy.layers.gssapirJrKrLrMrNrOrPrQrRrSrTscapy.layers.inetrUrVtypingrWrYrrXr\rrrr~rrr(rrrrrr4r1rLr=r9rNrLrPAD_IF_RELEVANTrrZADMANDATORYFORKDCrzrsrqrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrr2rKrtrNrhrrgrkrnrrrqr{r}r~rrrrrrrrrrrrurrrrrr"r%rrhrrrdr`rsr}rrrrrrrZrrrrrrrrrrrrrrrrrrrrrs" ((T#"""""2222222222 99999999                     )(((((++++++++%%%%%%######6LKKKKKKKKKKK******&&&&&&&&<<<<<<<<<<                          '&&&&&&&Z4&        K   F&  }}}~     %&!! $!"$#$ + 4wy}y  {   y}~ !"#$ ! / 6i i i i i Ki i i X     K   ..E E E E E {E E E P                  +         %=      *      {  '             ,! "# $ "% & ''  .     K    #-!     ;    ,!  )!%0!&|&&|& &  &  &&&&& && & & & !&" #&&$ %&&'&()&* !+&, -&. /&0 1&2 3&4 5&6 7&89&:;&< =&> ?&@A&B C&D E&&F !  K&&& P2,     [   K# {QQQQQQQQ !        SSSSS+SSS "        K- [& :$<         ";#        ";# 6"># UUUUU+UUU !4" F0- ["&  )  ) kK2 8;         {k     k    +,<=     +   ;$#  //////// ;# +#  4{( x            !"#$ ) 4        &  *"""""K"""P99999{999xnM&!$///y"m$GGGN$$Xr6MMMNNL,,..0@tTTT  (+nM&!$///y"m$GGGN(BTBBB E(BT***L$ DAAAL4$???LD-dCCC   ++Lm$???i[tDDD F7AD)))N _oo&7&7dKKKM   L__..TBBBN [//"3"3$GGGLOO--DAAAN [//"3"3$GGG E(BT***L--//=tLLLN gD111N+RdKKK7 B;K.  >        ;(     {   [4     {   %%%%%+%%%P[B======== 32lllll llldV+k(     +   +;&8********b%#1  $            VB     {   $"""""&""""&9k" """""6"""(&:k" 22222222 &Hk" " " " " "& " " "&1k" """""6""".&2k" K&3k" (6 #$1?-.)7 %& . _#####{###.sHB''''sHB'''' C2....%/k"%/k"%.k"%0k"%0k"         x(((s%R0000 C""---- &B{!.!.!.!.!.&!.!.!.J"!)  V     f   sG3''''sG3'''' c;c5555 c;c5555     v    g&&&s$C0000 C!---- u u u u u Yu u u p   """GN6666|    CCCCL",     m+m+m+m+fX+X+X+X+X+#X+X+X+X+X+r