aboutsummaryrefslogtreecommitdiff
path: root/Exfiltration/mimikatz-1.0/commun/secpkg.h
diff options
context:
space:
mode:
Diffstat (limited to 'Exfiltration/mimikatz-1.0/commun/secpkg.h')
-rw-r--r--Exfiltration/mimikatz-1.0/commun/secpkg.h239
1 files changed, 239 insertions, 0 deletions
diff --git a/Exfiltration/mimikatz-1.0/commun/secpkg.h b/Exfiltration/mimikatz-1.0/commun/secpkg.h
new file mode 100644
index 0000000..385307d
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/secpkg.h
@@ -0,0 +1,239 @@
+/* Benjamin DELPY `gentilkiwi`
+ http://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : http://creativecommons.org/licenses/by/3.0/fr/
+ Ce fichier : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#pragma once
+#include "globdefs.h"
+#include <sspi.h>
+#include <wincred.h>
+
+typedef struct _KIWI_GENERIC_PRIMARY_CREDENTIAL
+{
+ LSA_UNICODE_STRING UserName;
+ LSA_UNICODE_STRING Domaine;
+ LSA_UNICODE_STRING Password;
+} KIWI_GENERIC_PRIMARY_CREDENTIAL, * PKIWI_GENERIC_PRIMARY_CREDENTIAL;
+
+typedef NTSTATUS (WINAPIV * PLSA_INITIALIZE_PROTECTED_MEMORY) ();
+
+typedef PVOID *PLSA_CLIENT_REQUEST;
+typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
+typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
+
+typedef struct _SECPKG_CLIENT_INFO {
+ LUID LogonId; // Effective Logon Id
+ ULONG ProcessID; // Process Id of caller
+ ULONG ThreadID; // Thread Id of caller
+ BOOLEAN HasTcbPrivilege; // Client has TCB
+ BOOLEAN Impersonating; // Client is impersonating
+ BOOLEAN Restricted; // Client is restricted
+ // NT 5.1
+ UCHAR ClientFlags; // Extra flags about the client
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // Impersonation level of client
+ // NT 6
+ HANDLE ClientToken;
+} SECPKG_CLIENT_INFO, * PSECPKG_CLIENT_INFO;
+
+typedef enum _LSA_TOKEN_INFORMATION_TYPE {
+ LsaTokenInformationNull, // Implies LSA_TOKEN_INFORMATION_NULL data type
+ LsaTokenInformationV1, // Implies LSA_TOKEN_INFORMATION_V1 data type
+ LsaTokenInformationV2 // Implies LSA_TOKEN_INFORMATION_V2 data type
+} LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
+
+typedef enum _SECPKG_NAME_TYPE {
+ SecNameSamCompatible,
+ SecNameAlternateId,
+ SecNameFlat,
+ SecNameDN,
+ SecNameSPN
+} SECPKG_NAME_TYPE;
+
+typedef struct _SECPKG_CALL_INFO {
+ ULONG ProcessId;
+ ULONG ThreadId;
+ ULONG Attributes;
+ ULONG CallCount;
+ PVOID MechOid; // mechanism objection identifer
+} SECPKG_CALL_INFO, * PSECPKG_CALL_INFO;
+
+typedef enum _SECPKG_SESSIONINFO_TYPE {
+ SecSessionPrimaryCred // SessionInformation is SECPKG_PRIMARY_CRED
+} SECPKG_SESSIONINFO_TYPE;
+
+typedef struct _SECPKG_PRIMARY_CRED {
+ LUID LogonId;
+ UNICODE_STRING DownlevelName; // Sam Account Name
+ UNICODE_STRING DomainName; // Netbios domain name where account is located
+ UNICODE_STRING Password;
+ UNICODE_STRING OldPassword;
+ PSID UserSid;
+ ULONG Flags;
+ UNICODE_STRING DnsDomainName; // DNS domain name where account is located (if known)
+ UNICODE_STRING Upn; // UPN of account (if known)
+ UNICODE_STRING LogonServer;
+ UNICODE_STRING Spare1;
+ UNICODE_STRING Spare2;
+ UNICODE_STRING Spare3;
+ UNICODE_STRING Spare4;
+} SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED;
+
+typedef struct _SECPKG_SUPPLEMENTAL_CRED {
+ UNICODE_STRING PackageName;
+ ULONG CredentialSize;
+#ifdef MIDL_PASS
+ [size_is(CredentialSize)]
+#endif // MIDL_PASS
+ PUCHAR Credentials;
+} SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED;
+
+typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
+ ULONG CredentialCount;
+#ifdef MIDL_PASS
+ [size_is(CredentialCount)] SECPKG_SUPPLEMENTAL_CRED Credentials[*];
+#else // MIDL_PASS
+ SECPKG_SUPPLEMENTAL_CRED Credentials[1];
+#endif // MIDL_PASS
+} SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
+
+typedef NTSTATUS (WINAPI * PLSA_CALLBACK_FUNCTION) (ULONG_PTR Argument1, ULONG_PTR Argument2, PSecBuffer InputBuffer, PSecBuffer OutputBuffer);
+
+typedef NTSTATUS (WINAPI * PLSA_CREATE_LOGON_SESSION) (IN PLUID LogonId);
+typedef NTSTATUS (WINAPI * PLSA_DELETE_LOGON_SESSION) (IN PLUID LogonId);
+typedef NTSTATUS (WINAPI * PLSA_ADD_CREDENTIAL) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN PLSA_STRING PrimaryKeyValue, IN PLSA_STRING Credentials);
+typedef NTSTATUS (WINAPI * PLSA_GET_CREDENTIALS) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN OUT PULONG QueryContext, IN BOOLEAN RetrieveAllCredentials, IN PLSA_STRING PrimaryKeyValue, OUT PULONG PrimaryKeyLength, IN PLSA_STRING Credentials);
+typedef NTSTATUS (WINAPI * PLSA_DELETE_CREDENTIAL) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN PLSA_STRING PrimaryKeyValue);
+typedef PVOID (WINAPI * PLSA_ALLOCATE_LSA_HEAP) (IN ULONG Length);
+typedef VOID (WINAPI * PLSA_FREE_LSA_HEAP) (IN PVOID Base);
+typedef PVOID (WINAPI * PLSA_ALLOCATE_PRIVATE_HEAP) (IN SIZE_T Length);
+typedef VOID (WINAPI * PLSA_FREE_PRIVATE_HEAP) (IN PVOID Base);
+typedef NTSTATUS (WINAPI * PLSA_ALLOCATE_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG LengthRequired, OUT PVOID *ClientBaseAddress);
+typedef NTSTATUS (WINAPI * PLSA_FREE_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ClientBaseAddress);
+typedef NTSTATUS (WINAPI * PLSA_COPY_TO_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID ClientBaseAddress, IN PVOID BufferToCopy);
+typedef NTSTATUS (WINAPI * PLSA_COPY_FROM_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID BufferToCopy, IN PVOID ClientBaseAddress);
+typedef NTSTATUS (WINAPI * PLSA_IMPERSONATE_CLIENT) (VOID);
+typedef NTSTATUS (WINAPI * PLSA_UNLOAD_PACKAGE) (VOID);
+typedef NTSTATUS (WINAPI * PLSA_DUPLICATE_HANDLE) (IN HANDLE SourceHandle, OUT PHANDLE DestionationHandle);
+typedef NTSTATUS (WINAPI * PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS) (IN PLUID LogonId, IN ULONG SupplementalCredSize, IN PVOID SupplementalCreds, IN BOOLEAN Synchronous);
+typedef HANDLE (WINAPI * PLSA_CREATE_THREAD) (IN SEC_ATTRS SecurityAttributes, IN ULONG StackSize, IN SEC_THREAD_START StartFunction, IN PVOID ThreadParameter, IN ULONG CreationFlags, OUT PULONG ThreadId);
+typedef NTSTATUS (WINAPI * PLSA_GET_CLIENT_INFO) (OUT PSECPKG_CLIENT_INFO ClientInfo);
+typedef HANDLE (WINAPI * PLSA_REGISTER_NOTIFICATION) (IN SEC_THREAD_START StartFunction, IN PVOID Parameter, IN ULONG NotificationType, IN ULONG NotificationClass, IN ULONG NotificationFlags, IN ULONG IntervalMinutes, IN OPTIONAL HANDLE WaitEvent);
+typedef NTSTATUS (WINAPI * PLSA_CANCEL_NOTIFICATION) (IN HANDLE NotifyHandle);
+typedef NTSTATUS (WINAPI * PLSA_MAP_BUFFER) (IN PSecBuffer InputBuffer, OUT PSecBuffer OutputBuffer);
+typedef NTSTATUS (WINAPI * PLSA_CREATE_TOKEN) (IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthorityName, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, OUT PHANDLE Token, OUT PNTSTATUS SubStatus);
+typedef NTSTATUS (WINAPI * PLSA_CREATE_TOKEN_EX) (IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, IN PVOID SessionInformation, IN SECPKG_SESSIONINFO_TYPE SessionInformationType, OUT PHANDLE Token, OUT PNTSTATUS SubStatus);
+typedef VOID (WINAPI * PLSA_AUDIT_LOGON) (IN NTSTATUS Status, IN NTSTATUS SubStatus, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthenticatingAuthority, IN PUNICODE_STRING WorkstationName, IN OPTIONAL PSID UserSid, IN SECURITY_LOGON_TYPE LogonType, IN PTOKEN_SOURCE TokenSource, IN PLUID LogonId);
+typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGE) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
+typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGEEX) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
+typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGE_PASSTHROUGH) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
+typedef BOOLEAN (WINAPI * PLSA_GET_CALL_INFO) (OUT PSECPKG_CALL_INFO Info);
+typedef PVOID (WINAPI * PLSA_CREATE_SHARED_MEMORY) (ULONG MaxSize, ULONG InitialSize);
+typedef PVOID (WINAPI * PLSA_ALLOCATE_SHARED_MEMORY) (PVOID SharedMem, ULONG Size);
+typedef VOID (WINAPI * PLSA_FREE_SHARED_MEMORY) (PVOID SharedMem, PVOID Memory);
+typedef BOOLEAN (WINAPI * PLSA_DELETE_SHARED_MEMORY) (PVOID SharedMem);
+typedef NTSTATUS (WINAPI * PLSA_OPEN_SAM_USER) (PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, BOOLEAN AllowGuest, ULONG Reserved, PVOID * UserHandle);
+typedef NTSTATUS (WINAPI * PLSA_GET_USER_CREDENTIALS) (PVOID UserHandle, PVOID * PrimaryCreds, PULONG PrimaryCredsSize, PVOID * SupplementalCreds, PULONG SupplementalCredsSize);
+typedef NTSTATUS (WINAPI * PLSA_GET_USER_AUTH_DATA) (PVOID UserHandle, PUCHAR * UserAuthData, PULONG UserAuthDataSize);
+typedef NTSTATUS (WINAPI * PLSA_CLOSE_SAM_USER) (PVOID UserHandle);
+typedef NTSTATUS (WINAPI * PLSA_GET_AUTH_DATA_FOR_USER) (PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, PUCHAR * UserAuthData, PULONG UserAuthDataSize, PUNICODE_STRING UserFlatName);
+typedef NTSTATUS (WINAPI * PLSA_CONVERT_AUTH_DATA_TO_TOKEN) (IN PVOID UserAuthData, IN ULONG UserAuthDataSize, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN PUNICODE_STRING AuthorityName, OUT PHANDLE Token, OUT PLUID LogonId, OUT PUNICODE_STRING AccountName, OUT PNTSTATUS SubStatus);
+typedef NTSTATUS (WINAPI * PLSA_CRACK_SINGLE_NAME) (IN ULONG FormatOffered, IN BOOLEAN PerformAtGC, IN PUNICODE_STRING NameInput, IN PUNICODE_STRING Prefix OPTIONAL, IN ULONG RequestedFormat, OUT PUNICODE_STRING CrackedName, OUT PUNICODE_STRING DnsDomainName, OUT PULONG SubStatus);
+typedef NTSTATUS (WINAPI * PLSA_AUDIT_ACCOUNT_LOGON) (IN ULONG AuditId, IN BOOLEAN Success, IN PUNICODE_STRING Source, IN PUNICODE_STRING ClientName, IN PUNICODE_STRING MappedName, IN NTSTATUS Status);
+typedef NTSTATUS (WINAPI * PLSA_CLIENT_CALLBACK) (IN PCHAR Callback, IN ULONG_PTR Argument1, IN ULONG_PTR Argument2, IN PSecBuffer Input, OUT PSecBuffer Output);
+typedef NTSTATUS (WINAPI * PLSA_REGISTER_CALLBACK) (ULONG CallbackId, PLSA_CALLBACK_FUNCTION Callback);
+typedef NTSTATUS (WINAPI * PLSA_UPDATE_PRIMARY_CREDENTIALS) (IN PSECPKG_PRIMARY_CRED PrimaryCredentials, IN OPTIONAL PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials);
+typedef VOID (WINAPI * PLSA_PROTECT_MEMORY) (IN PVOID Buffer, IN ULONG BufferSize);
+typedef NTSTATUS (WINAPI * PLSA_OPEN_TOKEN_BY_LOGON_ID) (IN PLUID LogonId, OUT HANDLE *RetTokenHandle);
+typedef NTSTATUS (WINAPI * PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN) (IN PUCHAR UserAuthData, IN ULONG UserAuthDataSize, IN PVOID Reserved, OUT PUCHAR * ExpandedAuthData, OUT PULONG ExpandedAuthDataSize);
+
+
+
+#ifndef _ENCRYPTED_CREDENTIAL_DEFINED
+#define _ENCRYPTED_CREDENTIAL_DEFINED
+
+typedef struct _ENCRYPTED_CREDENTIALW {
+ CREDENTIALW Cred;
+ ULONG ClearCredentialBlobSize;
+} ENCRYPTED_CREDENTIALW, *PENCRYPTED_CREDENTIALW;
+#endif // _ENCRYPTED_CREDENTIAL_DEFINED
+
+#define CREDP_FLAGS_IN_PROCESS 0x01 // Caller is in-process. Password data may be returned
+#define CREDP_FLAGS_USE_MIDL_HEAP 0x02 // Allocated buffer should use MIDL_user_allocte
+#define CREDP_FLAGS_DONT_CACHE_TI 0x04 // TargetInformation shouldn't be cached for CredGetTargetInfo
+#define CREDP_FLAGS_CLEAR_PASSWORD 0x08 // Credential blob is passed in in-the-clear
+#define CREDP_FLAGS_USER_ENCRYPTED_PASSWORD 0x10 // Credential blob is passed protected by RtlEncryptMemory
+#define CREDP_FLAGS_TRUSTED_CALLER 0x20 // Caller is a trusted process (eg. logon process).
+
+typedef enum _CredParsedUserNameType
+{
+ parsedUsernameInvalid = 0,
+ parsedUsernameUpn,
+ parsedUsernameNt4Style,
+ parsedUsernameCertificate,
+ parsedUsernameNonQualified
+} CredParsedUserNameType;
+
+
+typedef NTSTATUS (NTAPI CredReadFn) (IN PLUID LogonId, IN ULONG CredFlags, IN LPWSTR TargetName, IN ULONG Type, IN ULONG Flags, OUT PENCRYPTED_CREDENTIALW *Credential);
+typedef NTSTATUS (NTAPI CredReadDomainCredentialsFn) (IN PLUID LogonId, IN ULONG CredFlags, IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo, IN ULONG Flags, OUT PULONG Count, OUT PENCRYPTED_CREDENTIALW **Credential);
+
+typedef VOID (NTAPI CredFreeCredentialsFn) (IN ULONG Count, IN PENCRYPTED_CREDENTIALW *Credentials OPTIONAL);
+typedef NTSTATUS (NTAPI CredWriteFn) (IN PLUID LogonId, IN ULONG CredFlags, IN PENCRYPTED_CREDENTIALW Credential, IN ULONG Flags);
+typedef NTSTATUS (NTAPI CrediUnmarshalandDecodeStringFn)(IN LPWSTR MarshaledString, OUT LPBYTE *Blob, OUT ULONG *BlobSize, OUT BOOLEAN *IsFailureFatal);
+
+typedef struct _LSA_SECPKG_FUNCTION_TABLE {
+ PLSA_CREATE_LOGON_SESSION CreateLogonSession;
+ PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
+ PLSA_ADD_CREDENTIAL AddCredential;
+ PLSA_GET_CREDENTIALS GetCredentials;
+ PLSA_DELETE_CREDENTIAL DeleteCredential;
+ PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
+ PLSA_FREE_LSA_HEAP FreeLsaHeap;
+ PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
+ PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
+ PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
+ PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
+ PLSA_IMPERSONATE_CLIENT ImpersonateClient;
+ PLSA_UNLOAD_PACKAGE UnloadPackage;
+ PLSA_DUPLICATE_HANDLE DuplicateHandle;
+ PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
+ PLSA_CREATE_THREAD CreateThread;
+ PLSA_GET_CLIENT_INFO GetClientInfo;
+ PLSA_REGISTER_NOTIFICATION RegisterNotification;
+ PLSA_CANCEL_NOTIFICATION CancelNotification;
+ PLSA_MAP_BUFFER MapBuffer;
+ PLSA_CREATE_TOKEN CreateToken;
+ PLSA_AUDIT_LOGON AuditLogon;
+ PLSA_CALL_PACKAGE CallPackage;
+ PLSA_FREE_LSA_HEAP FreeReturnBuffer;
+ PLSA_GET_CALL_INFO GetCallInfo;
+ PLSA_CALL_PACKAGEEX CallPackageEx;
+ PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
+ PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
+ PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
+ PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
+ PLSA_OPEN_SAM_USER OpenSamUser;
+ PLSA_GET_USER_CREDENTIALS GetUserCredentials;
+ PLSA_GET_USER_AUTH_DATA GetUserAuthData;
+ PLSA_CLOSE_SAM_USER CloseSamUser;
+ PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken;
+ PLSA_CLIENT_CALLBACK ClientCallback;
+ PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials;
+ PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser;
+ PLSA_CRACK_SINGLE_NAME CrackSingleName;
+ PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon;
+ PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
+ CredReadFn *CrediRead;
+ CredReadDomainCredentialsFn *CrediReadDomainCredentials;
+ CredFreeCredentialsFn *CrediFreeCredentials;
+ PLSA_PROTECT_MEMORY LsaProtectMemory;
+ PLSA_PROTECT_MEMORY LsaUnprotectMemory;
+ PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId;
+ PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain;
+ PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap;
+ PLSA_FREE_PRIVATE_HEAP FreePrivateHeap;
+ PLSA_CREATE_TOKEN_EX CreateTokenEx;
+ CredWriteFn *CrediWrite;
+ CrediUnmarshalandDecodeStringFn *CrediUnmarshalandDecodeString;
+} LSA_SECPKG_FUNCTION_TABLE, *PLSA_SECPKG_FUNCTION_TABLE;
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-28 21:52:27 +0000