Class: Rex::Proto::Kerberos::Pac::Krb5PacCredentialData

Inherits:
RubySMB::Dcerpc::Ndr::NdrStruct
  • Object
show all
Defined in:
lib/rex/proto/kerberos/pac/krb5_pac.rb

Overview

Direct Known Subclasses

Krb5PacCredentialDataPtr

Instance Method Summary collapse

Instance Method Details

#extract_ntlm_hashString?

Extract the NTLM hash from the credentials array if present

Returns:

  • (String, nil)

    The NTLM hash as “LMHASH:NTHASH” or ‘nil` if the credentials array does not contain any NTLM hash



618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 618

def extract_ntlm_hash
  credential = credentials.find do |credential|
    credential.package_name.to_s == Krb5NtlmSupplementalCredential::PACKAGE_NAME
  end
  return unless credential

  ntlm_creds_raw = credential.credentials.to_ary.pack('C*')
  ntlm_creds = Krb5NtlmSupplementalCredential.read(ntlm_creds_raw)
  if ntlm_creds.lm_password.any? {|elem| elem != 0}
    lm_hash = ntlm_creds.lm_password.to_hex
  else
    # Empty LMHash
    lm_hash = 'aad3b435b51404eeaad3b435b51404ee'
  end
  nt_hash = ntlm_creds.nt_password.to_hex

  return "#{lm_hash}:#{nt_hash}"
end