API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 8th, 2017
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.97 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3.  
  4.  
  5.  
  6. from Crypto.Hash import MD5
  7. from Crypto.Cipher import ARC4,DES
  8. from struct import unpack,pack
  9.  
  10.  
  11. odd_parity = [
  12. 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
  13. 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
  14. 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
  15. 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
  16. 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
  17. 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
  18. 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
  19. 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
  20. 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
  21. 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
  22. 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
  23. 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
  24. 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
  25. 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
  26. 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
  27. 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254
  28. ]
  29.  
  30. # Permutation matrix for boot key
  31. p = [ 0x8, 0x5, 0x4, 0x2, 0xb, 0x9, 0xd, 0x3,
  32. 0x0, 0x6, 0x1, 0xc, 0xe, 0xa, 0xf, 0x7 ]
  33.  
  34. # Constants for SAM decrypt algorithm
  35. aqwerty = "!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%\0"
  36. anum = "0123456789012345678901234567890123456789\0"
  37. antpassword = "NTPASSWORD\0"
  38. almpassword = "LMPASSWORD\0"
  39.  
  40. empty_lm = "aad3b435b51404eeaad3b435b51404ee".decode('hex')
  41. empty_nt = "31d6cfe0d16ae931b73c59d7e0c089c0".decode('hex')
  42.  
  43. def decrypt_single_hash(rid, hbootkey, enc_hash, lmntstr):
  44. (des_k1,des_k2) = sid_to_key(rid)
  45. d1 = DES.new(des_k1, DES.MODE_ECB)
  46. d2 = DES.new(des_k2, DES.MODE_ECB)
  47.  
  48. md5 = MD5.new()
  49. md5.update(hbootkey[:0x10] + pack("<L",rid) + lmntstr)
  50. rc4_key = md5.digest()
  51. rc4 = ARC4.new(rc4_key)
  52. obfkey = rc4.encrypt(enc_hash)
  53. hash = d1.decrypt(obfkey[:8]) + d2.decrypt(obfkey[8:])
  54.  
  55. return hash
  56.  
  57.  
  58. def sid_to_key(sid):
  59. s1 = ""
  60. s1 += chr(sid & 0xFF)
  61. s1 += chr((sid>>8) & 0xFF)
  62. s1 += chr((sid>>16) & 0xFF)
  63. s1 += chr((sid>>24) & 0xFF)
  64. s1 += s1[0];
  65. s1 += s1[1];
  66. s1 += s1[2];
  67. s2 = s1[3] + s1[0] + s1[1] + s1[2]
  68. s2 += s2[0] + s2[1] + s2[2]
  69.  
  70. return str_to_key(s1),str_to_key(s2)
  71.  
  72.  
  73. def decrypt_hashes(rid, enc_lm_hash, enc_nt_hash, hbootkey):
  74. # LM Hash
  75. if enc_lm_hash:
  76. lmhash = decrypt_single_hash(rid, hbootkey, enc_lm_hash, almpassword)
  77. else:
  78. lmhash = ""
  79.  
  80. # NT Hash
  81. if enc_nt_hash:
  82. nthash = decrypt_single_hash(rid, hbootkey, enc_nt_hash, antpassword)
  83. else:
  84. nthash = ""
  85.  
  86. return lmhash,nthash
  87.  
  88.  
  89. decrypt_single_hash("john",0x205e12a85593537b36b1acd6b4f62cb9,0x1b8cdcdbd68f2c8f7b683d741edcd872e7d52c1bfa379e9f1f2679be921faaaf,"LMPASSWORD\0")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!