Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # -*- coding: utf-8 -*-
- from Crypto.Hash import MD5
- from Crypto.Cipher import ARC4,DES
- from struct import unpack,pack
- odd_parity = [
- 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
- 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
- 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
- 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
- 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
- 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
- 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
- 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
- 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
- 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
- ]
- # Permutation matrix for boot key
- p = [ 0x8, 0x5, 0x4, 0x2, 0xb, 0x9, 0xd, 0x3,
- 0x0, 0x6, 0x1, 0xc, 0xe, 0xa, 0xf, 0x7 ]
- # Constants for SAM decrypt algorithm
- aqwerty = "!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%\0"
- anum = "0123456789012345678901234567890123456789\0"
- antpassword = "NTPASSWORD\0"
- almpassword = "LMPASSWORD\0"
- empty_lm = "aad3b435b51404eeaad3b435b51404ee".decode('hex')
- empty_nt = "31d6cfe0d16ae931b73c59d7e0c089c0".decode('hex')
- def decrypt_single_hash(rid, hbootkey, enc_hash, lmntstr):
- (des_k1,des_k2) = sid_to_key(rid)
- d1 = DES.new(des_k1, DES.MODE_ECB)
- d2 = DES.new(des_k2, DES.MODE_ECB)
- md5 = MD5.new()
- md5.update(hbootkey[:0x10] + pack("<L",rid) + lmntstr)
- rc4_key = md5.digest()
- rc4 = ARC4.new(rc4_key)
- obfkey = rc4.encrypt(enc_hash)
- hash = d1.decrypt(obfkey[:8]) + d2.decrypt(obfkey[8:])
- return hash
- def sid_to_key(sid):
- s1 = ""
- s1 += chr(sid & 0xFF)
- s1 += chr((sid>>8) & 0xFF)
- s1 += chr((sid>>16) & 0xFF)
- s1 += chr((sid>>24) & 0xFF)
- s1 += s1[0];
- s1 += s1[1];
- s1 += s1[2];
- s2 = s1[3] + s1[0] + s1[1] + s1[2]
- s2 += s2[0] + s2[1] + s2[2]
- return str_to_key(s1),str_to_key(s2)
- def decrypt_hashes(rid, enc_lm_hash, enc_nt_hash, hbootkey):
- # LM Hash
- if enc_lm_hash:
- lmhash = decrypt_single_hash(rid, hbootkey, enc_lm_hash, almpassword)
- else:
- lmhash = ""
- # NT Hash
- if enc_nt_hash:
- nthash = decrypt_single_hash(rid, hbootkey, enc_nt_hash, antpassword)
- else:
- nthash = ""
- return lmhash,nthash
- decrypt_single_hash("john",0x205e12a85593537b36b1acd6b4f62cb9,0x1b8cdcdbd68f2c8f7b683d741edcd872e7d52c1bfa379e9f1f2679be921faaaf,"LMPASSWORD\0")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement