RepoMirrors
/
mimikatz
mirror of https://github.com/gentilkiwi/mimikatz
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mimikatz/mimilib/sekurlsadbg/kwindbg.h

105 lines
3.8 KiB
C
Raw Blame History

/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
benjamin@gentilkiwi.com
Licence : http://creativecommons.org/licenses/by/3.0/fr/
*/
#pragma once
#include "kuhl_m_sekurlsa_utils.h"
#include "kuhl_m_sekurlsa_nt6.h"
#include "kuhl_m_sekurlsa_packages.h"
USHORT NtBuildNumber;
#define KUHL_SEKURLSA_CREDS_DISPLAY_RAW 0x00000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_LINE 0x00000001
#define KUHL_SEKURLSA_CREDS_DISPLAY_NEWLINE 0x00000002
#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIAL 0x08000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_PRIMARY 0x01000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_PRIMARY_10 0x02000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIALKEY 0x03000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIAL_MASK 0x07000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_KERBEROS_10 0x00100000
#define KUHL_SEKURLSA_CREDS_DISPLAY_KEY_LIST 0x00200000
#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDMANPASS 0x00400000
#define KUHL_SEKURLSA_CREDS_DISPLAY_PINCODE 0x00800000
#define KUHL_SEKURLSA_CREDS_DISPLAY_NODECRYPT 0x10000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_WPASSONLY 0x20000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_DOMAIN 0x40000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_SSP 0x80000000
#ifdef _M_X64
#define SECDATA_KRBTGT_OFFSET 39
#elif defined _M_IX86
#define SECDATA_KRBTGT_OFFSET 47
#endif
typedef void (CALLBACK * PKUHL_M_SEKURLSA_PACKAGE_CALLBACK) (IN ULONG_PTR pKerbGlobalLogonSessionTable, IN PKIWI_BASIC_SECURITY_LOGON_SESSION_DATA pData);
typedef struct _KUHL_M_SEKURLSA_PACKAGE {
const char * name;
const char * symbolName;
ULONG_PTR symbolPtr;
const PKUHL_M_SEKURLSA_PACKAGE_CALLBACK callback;
} KUHL_M_SEKURLSA_PACKAGE, *PKUHL_M_SEKURLSA_PACKAGE;
typedef struct _KUHL_M_SEKURLSA_ENUM_HELPER {
ULONG tailleStruct;
ULONG offsetToLuid;
ULONG offsetToLogonType;
ULONG offsetToSession;
ULONG offsetToUsername;
ULONG offsetToDomain;
ULONG offsetToCredentials;
ULONG offsetToPSid;
ULONG offsetToCredentialManager;
ULONG offsetToLogonTime;
ULONG offsetToLogonServer;
} KUHL_M_SEKURLSA_ENUM_HELPER, *PKUHL_M_SEKURLSA_ENUM_HELPER;
LPEXT_API_VERSION WDBGAPI ExtensionApiVersion (void);
VOID CheckVersion(void);
VOID WDBGAPI WinDbgExtensionDllInit (PWINDBG_EXTENSION_APIS lpExtensionApis, USHORT usMajorVersion, USHORT usMinorVersion);
DECLARE_API(mimikatz);
VOID kuhl_m_sekurlsa_genericCredsOutput(PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds, PLUID luid, ULONG flags);
VOID kuhl_m_sekurlsa_genericKeyOutput(struct _MARSHALL_KEY * key, PVOID * dirtyBase);
VOID kuhl_m_sekurlsa_genericLsaIsoOutput(struct _LSAISO_DATA_BLOB * blob);
void kuhl_m_sekurlsa_krbtgt_keys(PVOID addr, LPCSTR prefix);
void kuhl_m_sekurlsa_krbtgt_trust(ULONG_PTR addr);
void kuhl_m_sekurlsa_trust_domainkeys(struct _KDC_DOMAIN_KEYS_INFO * keysInfo, PCSTR prefix, BOOL incoming, PUNICODE_STRING domain);
void kuhl_m_sekurlsa_trust_domaininfo(struct _KDC_DOMAIN_INFO * info);
void kuhl_sekurlsa_dpapi_backupkeys();
#define PVK_FILE_VERSION_0 0
#define PVK_MAGIC 0xb0b5f11e // bob's file
#define PVK_NO_ENCRYPT 0
#define PVK_RC4_PASSWORD_ENCRYPT 1
#define PVK_RC2_CBC_PASSWORD_ENCRYPT 2
typedef struct _PVK_FILE_HDR {
DWORD dwMagic;
DWORD dwVersion;
DWORD dwKeySpec;
DWORD dwEncryptType;
DWORD cbEncryptData;
DWORD cbPvk;
} PVK_FILE_HDR, *PPVK_FILE_HDR;
#define KULL_M_WIN_BUILD_XP 2600
#define KULL_M_WIN_BUILD_2K3 3790
#define KULL_M_WIN_BUILD_VISTA 6000
#define KULL_M_WIN_BUILD_7 7600
#define KULL_M_WIN_BUILD_8 9200
#define KULL_M_WIN_BUILD_BLUE 9600
#define KULL_M_WIN_BUILD_10 9800
#define KULL_M_WIN_MIN_BUILD_XP 2500
#define KULL_M_WIN_MIN_BUILD_2K3 3000
#define KULL_M_WIN_MIN_BUILD_VISTA 6000
#define KULL_M_WIN_MIN_BUILD_7 7000
#define KULL_M_WIN_MIN_BUILD_8 8000
#define KULL_M_WIN_MIN_BUILD_BLUE 9400
#define KULL_M_WIN_MIN_BUILD_10 9800
Reference in New Issue View Git Blame Copy Permalink