public void NTHash_String_TestVector1() { string result = NTHash.ComputeHash("Pa$$w0rd").ToHex(true); string expected = "92937945B518814341DE3F726500D4FF"; Assert.AreEqual(expected, result); }
protected override void ProcessRecord() { this.WriteVerbose("Calculating OrgId hash."); try { byte[] binarySalt = null; if (Salt != null) { binarySalt = Salt.HexToBinary(); } string orgIdHash; // TODO: Switch by parametersetname if (NTHash != null) { // Calculate OrgId hash from NT Hash: byte[] binaryNTHash = NTHash.HexToBinary(); orgIdHash = OrgIdHash.ComputeFormattedHash(binaryNTHash, binarySalt); } else { // Calculate OrgId hash from password: orgIdHash = OrgIdHash.ComputeFormattedHash(Password, binarySalt); } this.WriteObject(orgIdHash); } catch (Exception ex) { ErrorRecord error = new ErrorRecord(ex, "Error1", ErrorCategory.NotSpecified, this.Password); this.WriteError(error); } }
protected bool SetAccountPassword(DatastoreObject targetObject, object targetObjectIdentifier, SecureString newPassword, byte[] bootKey, bool skipMetaUpdate) { // Validate input Validator.AssertNotNull(newPassword, "newPassword"); // Calculate NT hash byte[] ntHash = NTHash.ComputeHash(newPassword); // TODO TODO TODO: Change parameter to DSAccount from DatastoreObject var account = this.GetAccount(targetObject, targetObjectIdentifier, bootKey); var supplementalCredentials = new SupplementalCredentials( newPassword, account.SamAccountName, account.UserPrincipalName, this.context.DomainController.NetBIOSDomainName, this.context.DomainController.Domain); return(this.SetAccountPasswordHash( targetObject, targetObjectIdentifier, ntHash, supplementalCredentials, bootKey, skipMetaUpdate)); }
protected bool SetAccountPassword(DatastoreObject targetObject, object targetObjectIdentifier, SecureString newPassword, byte[] bootKey, bool skipMetaUpdate) { // Validate input Validator.AssertNotNull(newPassword, "newPassword"); // Calculate NT hash byte[] ntHash = NTHash.ComputeHash(newPassword); // We need to read sAMAccountName and userPrincipalName to be able to generate the supplementalCredentials. string samAccountName; targetObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out samAccountName); string userPrincipalName; targetObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out userPrincipalName); var supplementalCredentials = new SupplementalCredentials( newPassword, samAccountName, userPrincipalName, this.context.DomainController.NetBIOSDomainName, this.context.DomainController.DomainName); return(this.SetAccountPasswordHash( targetObject, targetObjectIdentifier, ntHash, supplementalCredentials, bootKey, skipMetaUpdate)); }
public void NTHash_String_EmptyInput() { string result = NTHash.ComputeHash(string.Empty).ToHex(true); string expected = "31D6CFE0D16AE931B73C59D7E0C089C0"; Assert.AreEqual(expected, result); }
protected override void ProcessRecord() { // TODO: Extract as resource this.WriteVerbose("Calculating NT hash."); try { byte[] hashBytes = NTHash.ComputeHash(Password); string hashHex = hashBytes.ToHex(); this.WriteObject(hashHex); } catch (ArgumentException ex) { ErrorRecord error = new ErrorRecord(ex, "Error1", ErrorCategory.InvalidArgument, this.Password); this.WriteError(error); } catch (Win32Exception ex) { ErrorCategory category = ((Win32ErrorCode)ex.NativeErrorCode).ToPSCategory(); ErrorRecord error = new ErrorRecord(ex, "Error2", category, this.Password); // Allow the processing to continue on this error: this.WriteError(error); } catch (Exception ex) { ErrorRecord error = new ErrorRecord(ex, "Error3", ErrorCategory.NotSpecified, this.Password); this.WriteError(error); } }
public void NTHash_EmptyInput() { SecureString password = string.Empty.ToSecureString(); string result = NTHash.ComputeHash(password).ToHex(true); string expected = "31D6CFE0D16AE931B73C59D7E0C089C0"; Assert.AreEqual(expected, result); }
public void NTHash_TestVector1() { SecureString password = "******".ToSecureString(); string result = NTHash.ComputeHash(password).ToHex(true); string expected = "92937945B518814341DE3F726500D4FF"; Assert.AreEqual(expected, result); }
private void TestWeakPassword(string weakPassword) { // Windows has a hard limit on password length, so we ignore long ones if (weakPassword.Length <= NTHash.MaxInputLength) { byte[] weakHash = NTHash.ComputeHash(weakPassword); this.TestWeakNTHash(weakHash); } }
private void TestComputerDefaultPassword() { string defaultPassword = this.Account.SamAccountName.TrimEnd('$').ToLower(); byte[] defaultHash = NTHash.ComputeHash(defaultPassword); if (HashEqualityComparer.GetInstance().Equals(this.Account.NTHash, defaultHash)) { // The computer has the default password. this.result.DefaultComputerPassword.Add(this.Account.LogonName); } }
public void NTHash_GenerateRandom() { byte[] randomHash1 = NTHash.GetRandom(); byte[] randomHash2 = NTHash.GetRandom(); // Check hash size Assert.AreEqual(NTHash.HashSize, randomHash1.Length); // Check that the hashes are not the same Assert.AreNotEqual(randomHash1.ToHex(), randomHash2.ToHex()); }
public void ManagedPassword_Vector1() { // Sample value taken from a GMSA in AD byte[] blob = "01000000220100001000000012011a011609f270f541c315ffee9fcd22a98447b5c6e6fb7151cb020a2b017bb4e003647949967fc96f7c9ec3426b80901bb9c162867cbc68c520c4d7a431c3d9a670f8aa41d2ae5c0c08f27f8698b90c18a5a576e9933fb0cadaf8e661be2f58308c580866b1ae582ee50a9aa7c5d65a312dbbc3542c51c7e0b2d4c61e9763de481d9963367273aa72b53c2e402e31c6cd38e7785ad06639cdfa07738d19ae20c370e06787ad2f600823c505fc9dd32b3f06505da37b86b298d3650140af83c1f01c907964d182ea0efb19e74c949f58123fdecb41f78ed0eabbde31bb46afd3134da82550380ed36038d100f71095404a97e52d661dbe4f74deef4122a102dca698960000864973f96017000086eba24660170000".HexToBinary(); // Its corresponding NT hash, also taken from AD string expectedHash = "1fe07f47bfa7f511d902ed5cfb79cc4d"; // Try parsing the blob ManagedPassword pwd = new ManagedPassword(blob); string actualHash = NTHash.ComputeHash(pwd.CurrentPassword.ToSecureString()).ToHex(false); Assert.AreEqual(expectedHash, actualHash); }
private void crackPasses() { FileStream passList = new FileStream(passwordList, FileMode.Open); StreamReader passStream = new StreamReader(passList, System.Text.Encoding.ASCII, true, 128); string currPass; while ((currPass = passStream.ReadLine()) != null) { currPass = currPass.TrimEnd(); if (currPass.Length < 4) { continue; } string currHash = NTHash.ComputeHash(currPass).ToHex(); if (currHash != null && currHash.Length > 0 && hashDict.ContainsKey(currHash)) { cracked.Add(currPass, new List <DSAccount>(hashDict[currHash])); } } }
public SupplementalCredentials(SecureString password, string samAccountName, string userPrincipalName, string netBiosDomainName, string dnsDomainName) { // Input validation Validator.AssertNotNull(password, "password"); Validator.AssertNotNull(samAccountName, "samAccountName"); // Note that UPN can be NULL, as it is an optional user attribute. Validator.AssertNotNull(netBiosDomainName, "netBiosDomainName"); Validator.AssertNotNull(dnsDomainName, "dnsDomainName"); // Generate Kerberos keys this.Kerberos = new KerberosCredential(password, samAccountName, dnsDomainName); this.KerberosNew = new KerberosCredentialNew(password, samAccountName, dnsDomainName); // Generate WDigest hashes this.WDigest = WDigestHash.ComputeHash(password, userPrincipalName, samAccountName, netBiosDomainName, dnsDomainName); // Generate a random NTLM strong hash that is definitely not based on a password. this.NTLMStrongHash = NTHash.GetRandom(); // Note that we do not want to store the password in cleartext. }
protected override void ProcessRecord() { foreach (string password in this.Input) { if (string.IsNullOrEmpty(password)) { // Skip empty lines from the input. continue; } try { byte[] hash = NTHash.ComputeHash(password); if (!this.hashDictionary.ContainsKey(hash)) { // Do not try to add duplicate hashes, because the Add method would throw an ArgumentException. this.hashDictionary.Add(hash, password); } } catch (ArgumentException ex) { ErrorRecord error = new ErrorRecord(ex, "Error1", ErrorCategory.InvalidArgument, password); this.WriteError(error); } catch (Win32Exception ex) { ErrorCategory category = ((Win32ErrorCode)ex.NativeErrorCode).ToPSCategory(); ErrorRecord error = new ErrorRecord(ex, "Error2", category, password); this.WriteError(error); } catch (Exception ex) { ErrorRecord error = new ErrorRecord(ex, "Error3", ErrorCategory.NotSpecified, password); this.WriteError(error); } } }
public void Execute(Dictionary <string, string> arguments) { string[] user; string domain = ""; string[] computernames; var hash = new NTHash(); var password = new ClearText(); string module = ""; string moduleargument = ""; List <string> flags = new List <string>(); if (arguments.ContainsKey("/m")) { module = arguments["/m"]; } if (arguments.ContainsKey("/module")) { module = arguments["/module"]; } if (arguments.ContainsKey("/a")) { moduleargument = arguments["/a"]; } if (arguments.ContainsKey("/argument")) { moduleargument = arguments["/argument"]; } if (arguments.ContainsKey("/domain")) { domain = arguments["/domain"]; } else { domain = "."; } if (arguments.ContainsKey("/user")) { if (File.Exists(arguments["/user"])) { user = File.ReadAllLines(arguments["/user"]); } else { string[] parts = arguments["/user"].Split('\\'); if (parts.Length == 2) { domain = parts[0]; user = parts[1].Split(','); } else { user = arguments["/user"].Split(','); } } } else { Console.WriteLine("[-] /user must be supplied!"); return; } if (arguments.ContainsKey("/computername")) { if (File.Exists(arguments["/computername"])) { computernames = File.ReadAllLines(arguments["/computername"]); } else { computernames = arguments["/computername"].Split(','); } } else { Console.WriteLine("[-] /computername must be supplied!"); return; } if (arguments.ContainsKey("/password")) { if (File.Exists(arguments["/password"])) { password.Cleartext = File.ReadAllLines(arguments["/password"]); } else { password.Cleartext = arguments["/password"].Split(','); } } else if (arguments.ContainsKey("/ntlm")) { if (File.Exists(arguments["/ntlm"])) { hash.Nthash = File.ReadAllLines(arguments["/ntlm"]); } else { hash.Nthash = arguments["/ntlm"].Split(','); } } else { Console.WriteLine("[-] /password or /ntlm must be supplied"); return; } if (password.Cleartext != null) { NtlmSmb(user, domain, password, computernames, module, moduleargument); } else { NtlmSmb(user, domain, hash, computernames, module, moduleargument); } }
public void NTHash_String_LongInput() { string password = "******"; string result = NTHash.ComputeHash(password).ToHex(true); }
public void NTHash_LongInput() { SecureString password = "******".ToSecureString(); string result = NTHash.ComputeHash(password).ToHex(true); }
public void NTHash_NullInput() { NTHash.ComputeHash(null); }
public void NTHash_String_NullInput() { NTHash.ComputeHash((string)null); }
public void Execute(Dictionary <string, string> arguments) { string[] user; string domain = ""; string path = ""; string destination = ""; string[] computernames; var hash = new NTHash(); var password = new ClearText(); string module = ""; string moduleargument = ""; List <string> flags = new List <string>(); if (arguments.ContainsKey("/module")) { module = arguments["/module"]; } if (arguments.ContainsKey("/m")) { module = arguments["/m"]; } if (arguments.ContainsKey("/impersonate") || arguments.ContainsKey("/imprs")) { flags.Add("impersonate"); } // if (arguments.ContainsKey("/domain")) { domain = arguments["/domain"]; } else { domain = "."; } if (arguments.ContainsKey("/user")) { if (File.Exists(arguments["/user"])) { user = File.ReadAllLines(arguments["/user"]); } else { string[] parts = arguments["/user"].Split('\\'); if (parts.Length == 2) { domain = parts[0]; user = parts[1].Split(','); } else { user = arguments["/user"].Split(','); } } } else { Console.WriteLine("[-] /user must be supplied!"); return; } if (arguments.ContainsKey("/computername")) { if (File.Exists(arguments["/computername"])) { computernames = File.ReadAllLines(arguments["/computername"]); } else { computernames = arguments["/computername"].Split(','); } } else { Console.WriteLine("[-] /computername must be supplied!"); return; } if (arguments.ContainsKey("/password")) { if (File.Exists(arguments["/password"])) { password.Cleartext = File.ReadAllLines(arguments["/password"]); } else { password.Cleartext = arguments["/password"].Split(','); } } else if (arguments.ContainsKey("/ntlm")) { if (File.Exists(arguments["/ntlm"])) { hash.Nthash = File.ReadAllLines(arguments["/ntlm"]); } else { hash.Nthash = arguments["/ntlm"].Split(','); } } else { Console.WriteLine("[-] /password or /ntlm must be supplied"); return; } if (module.Contains("exec") && moduleargument.Length == 0) { Console.WriteLine("[-] Missing exec argument"); return; } if (module.Contains("assembly") && !File.Exists(path)) { Console.WriteLine("[-] Missing assembly path"); return; } if (module.Contains("download") && (String.IsNullOrEmpty(path) || String.IsNullOrEmpty(destination))) { Console.WriteLine("[-] Need path and destination"); return; } if (module.Contains("upload") && (String.IsNullOrEmpty(path) || String.IsNullOrEmpty(destination))) { Console.WriteLine("[-] Need path and destination"); return; } if (flags.Contains("impersonate")) { foreach (string computername in computernames) { CimSession cimSession; cimSession = Cim.newSession(computername, "", "", "", true); Scan.CIM(cimSession, module); } } else if (password.Cleartext != null) { Lib.ntlm.Ntlm(user, domain, password, computernames, module, moduleargument, path, destination, flags, "cim"); } else { Console.WriteLine("[-] Need plaintext password or /impersonate for cim"); return; } }