Last active
August 30, 2024 05:04
-
-
Save dadevel/1fdb0dc2afc470140c211236e9277fc9 to your computer and use it in GitHub Desktop.
Impacket AES Key Calculator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from argparse import ArgumentParser | |
from binascii import unhexlify, hexlify | |
import json | |
from impacket.krb5.constants import EncryptionTypes | |
from impacket.krb5.crypto import string_to_key | |
# source: https://snovvcrash.rocks/2021/05/21/calculating-kerberos-keys.html | |
# usage: ./impacket-aeskey.py -d corp.local -c srv01 -p 8bd8406a... | |
def calc_keys(password: bytes, salt: bytes): | |
allciphers = { | |
'aes128_hmac': EncryptionTypes.aes128_cts_hmac_sha1_96.value, | |
'aes256_hmac': EncryptionTypes.aes256_cts_hmac_sha1_96.value, | |
} | |
result = {} | |
for name, cipher in allciphers.items(): | |
fixed_password = password.decode('utf-16le', 'replace').encode('utf-8', 'replace') | |
key = string_to_key(cipher, fixed_password, salt) | |
result[name] = hexlify(key.contents).decode('utf-8') | |
return result | |
def calc_machine_keys(domain: str, hostname: str, hexpassword: str) -> dict[str, str]: | |
return calc_keys(unhexlify(hexpassword), f'{domain.upper()}host{hostname.lower()}.{domain.lower()}'.encode('utf-8')) | |
def calc_user_keys(domain: str, username: str, rawpassword: str) -> dict[str, str]: | |
return calc_keys(rawpassword.encode('utf-16le'), f'{domain.upper()}{username}'.encode('utf8')) | |
def main() -> None: | |
entrypoint = ArgumentParser() | |
entrypoint.add_argument('-d', '--domain', required=True) | |
group = entrypoint.add_mutually_exclusive_group() | |
group.add_argument('-u', '--user', metavar='USERNAME') | |
group.add_argument('-c', '--computer', metavar='HOSTNAME') | |
entrypoint.add_argument('-p', '--password', metavar='USER_PLAIN_PASS|COMPUTER_HEX_PASS') | |
opts = entrypoint.parse_args() | |
if opts.user: | |
keys = calc_user_keys(opts.domain, opts.user, opts.password) | |
else: | |
keys = calc_machine_keys(opts.domain, opts.computer, opts.password) | |
print(json.dumps(keys)) | |
if __name__ == '__main__': | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
blinker==1.8.2 | |
cffi==1.16.0 | |
charset-normalizer==3.3.2 | |
click==8.1.7 | |
cryptography==42.0.8 | |
dnspython==2.6.1 | |
dsinternals==1.2.4 | |
Flask==3.0.3 | |
future==1.0.0 | |
impacket==0.11.0 | |
itsdangerous==2.2.0 | |
Jinja2==3.1.4 | |
ldap3==2.9.1 | |
ldapdomaindump==0.9.4 | |
MarkupSafe==2.1.5 | |
pyasn1==0.6.0 | |
pycparser==2.22 | |
pycryptodomex==3.20.0 | |
pyOpenSSL==24.1.0 | |
six==1.16.0 | |
Werkzeug==3.0.3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment