private NetworkLayerObject GetKerberosTicketsHash(string source, string destination, byte[] data) { var kerberosPacket = KerberosPacketParser.GetKerberosPacket(data); if (kerberosPacket is null) { return(null); } if (kerberosPacket is KerberosTgsRepPacket) { var kerberosTgsRepPacket = kerberosPacket as KerberosTgsRepPacket; if (kerberosTgsRepPacket.Ticket.EncrytedPart.Etype == 23) { return(new KerberosTgsRepHash() { Source = source, Destination = destination, Realm = kerberosTgsRepPacket.Ticket.Realm, Etype = 23, Username = kerberosTgsRepPacket.Cname.Name, ServiceName = kerberosTgsRepPacket.Ticket.Sname.Name, Hash = NtlmsspHashParser.ByteArrayToHexString(kerberosTgsRepPacket.Ticket.EncrytedPart.Cipher), Protocol = "UDP", HashType = "Kerberos TGS Rep Etype 23" }); } } return(null); }
private NetworkLayerObject GetKerberosTicketsHash(string source, string destination, string protocol, byte[] data) { var kerberosPacket = KerberosPacketParser.GetKerberosPacket(data); if (kerberosPacket is null) { return(null); } // TODO: refactor this boilerplate code if (kerberosPacket is KerberosTgsRepPacket) { var kerberosTgsRepPacket = kerberosPacket as KerberosTgsRepPacket; if (kerberosTgsRepPacket.Ticket.EncrytedPart.Etype == 23) { return(new KerberosTgsRepHash() { Source = source, Destination = destination, Realm = kerberosTgsRepPacket.Ticket.Realm, Etype = 23, Username = kerberosTgsRepPacket.Cname.Name, ServiceName = kerberosTgsRepPacket.Ticket.Sname.Name, Hash = NtlmsspHashParser.ByteArrayToHexString(kerberosTgsRepPacket.Ticket.EncrytedPart.Cipher), Protocol = protocol, HashType = "Kerberos V5 TGS-REP etype 23" }); } } else if (kerberosPacket is KerberosAsRepPacket) { var kerberosAsRepPacket = kerberosPacket as KerberosAsRepPacket; if (kerberosAsRepPacket.Ticket.EncrytedPart.Etype == 23) { return(new KerberosAsRepHash() { Source = source, Destination = destination, Realm = kerberosAsRepPacket.Ticket.Realm, Etype = 23, Username = kerberosAsRepPacket.Cname.Name, ServiceName = kerberosAsRepPacket.Ticket.Sname.Name, Hash = NtlmsspHashParser.ByteArrayToHexString(kerberosAsRepPacket.Ticket.EncrytedPart.Cipher), Protocol = protocol, HashType = "Kerberos V5 AS-REP etype 23" }); } } return(null); }
private NetworkLayerObject GetKerberosTicketsHash(string source, string destination, string protocol, byte[] data) { var kerberosPacket = KerberosPacketParser.GetKerberosPacket(data, protocol); if (kerberosPacket is null) { return(null); } // TODO: use enum for hashes types if (kerberosPacket is KerberosTgsRepPacket) { var kerberosTgsRepPacket = kerberosPacket as KerberosTgsRepPacket; if (kerberosTgsRepPacket.Ticket.EncrytedPart.Etype == 23 || kerberosTgsRepPacket.Ticket.EncrytedPart.Etype == 18 || kerberosTgsRepPacket.Ticket.EncrytedPart.Etype == 17) { return(new KerberosTgsRepHash() { Source = source, Destination = destination, Realm = kerberosTgsRepPacket.Ticket.Realm, Etype = kerberosTgsRepPacket.Ticket.EncrytedPart.Etype, Username = kerberosTgsRepPacket.Cname.Name, ServiceName = kerberosTgsRepPacket.Ticket.Sname.Name, Hash = NtlmsspHashParser.ByteArrayToHexString(kerberosTgsRepPacket.Ticket.EncrytedPart.Cipher), Protocol = protocol, HashType = $"Kerberos V5 TGS-REP etype {kerberosTgsRepPacket.Ticket.EncrytedPart.Etype}" }); } } else if (kerberosPacket is KerberosAsRepPacket) { var kerberosAsRepPacket = kerberosPacket as KerberosAsRepPacket; if (kerberosAsRepPacket.Ticket.EncrytedPart.Etype == 23 || kerberosAsRepPacket.Ticket.EncrytedPart.Etype == 18) { return(new KerberosAsRepHash() { Source = source, Destination = destination, Realm = kerberosAsRepPacket.Ticket.Realm, Etype = kerberosAsRepPacket.Ticket.EncrytedPart.Etype, Username = kerberosAsRepPacket.Cname.Name, ServiceName = kerberosAsRepPacket.Ticket.Sname.Name, Hash = NtlmsspHashParser.ByteArrayToHexString(kerberosAsRepPacket.Ticket.EncrytedPart.Cipher), Protocol = protocol, HashType = $"Kerberos V5 AS-REP etype {kerberosAsRepPacket.Ticket.EncrytedPart.Etype}" }); } } return(null); }