This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# PYTHON_ARGCOMPLETE_OK | |
# Copyright: (c) 2020 Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
""" | |
Script that can read a Wireshark capture .pcapng for a WinRM exchange and decrypt the messages. Currently only supports | |
exchanges that were authenticated with NTLM. This is really a POC, a lot of things are missing like NTLMv1 support, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import hmac | |
import argparse | |
#stolen from impacket. Thank you all for your wonderful contributions to the community | |
try: | |
from Cryptodome.Cipher import ARC4 | |
from Cryptodome.Cipher import DES | |
from Cryptodome.Hash import MD4 | |
except Exception: |