Class: Rex::Proto::Kerberos::Pac::Krb5PacCredentialData

Inherits:

RubySMB::Dcerpc::Ndr::NdrStruct

Object
RubySMB::Dcerpc::Ndr::NdrStruct
Rex::Proto::Kerberos::Pac::Krb5PacCredentialData

show all

Defined in:: lib/rex/proto/kerberos/pac/krb5_pac.rb

Overview

See [2.6.2 PAC_CREDENTIAL_DATA](learn.microsoft.com/en-us/openspecs/windows_protocols/ms-pac/4927158e-c9d5-493d-a3f6-1826b88d22ba)

Direct Known Subclasses

Krb5PacCredentialDataPtr

Instance Method Summary collapse

#extract_ntlm_hash ⇒ String^?

Extract the NTLM hash from the credentials array if present.

Instance Method Details

#extract_ntlm_hash ⇒ `String`^?

Extract the NTLM hash from the credentials array if present

Returns:

(String, nil) —

The NTLM hash as “LMHASH:NTHASH” or ‘nil` if the credentials array does not contain any NTLM hash

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 618

def extract_ntlm_hash
  credential = credentials.find do |credential|
    credential.package_name.to_s == Krb5NtlmSupplementalCredential::PACKAGE_NAME
  end
  return unless credential

  ntlm_creds_raw = credential.credentials.to_ary.pack('C*')
  ntlm_creds = Krb5NtlmSupplementalCredential.read(ntlm_creds_raw)
  if ntlm_creds.lm_password.any? {|elem| elem != 0}
    lm_hash = ntlm_creds.lm_password.to_hex
  else
    # Empty LMHash
    lm_hash = 'aad3b435b51404eeaad3b435b51404ee'
  end
  nt_hash = ntlm_creds.nt_password.to_hex

  return "#{lm_hash}:#{nt_hash}"
end

Class: Rex::Proto::Kerberos::Pac::Krb5PacCredentialData

Overview

Direct Known Subclasses

Instance Method Summary collapse

Instance Method Details

#extract_ntlm_hash ⇒ String?

#extract_ntlm_hash ⇒ `String`^?