[internal] binary search for HTTP headers

inc/globals.h

@@ -26,12 +26,12 @@
 #define MIMIKATZ				L"kekeo"
 #define MIMIKATZ_VERSION		L"2.1"
 #define MIMIKATZ_CODENAME		L"A La Vie, A L\'Amour"
-#define MIMIKATZ_FULL			MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") built on " TEXT(__DATE__) L" " TEXT(__TIME__) L" - lil!"
+#define MIMIKATZ_FULL			MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") built on " TEXT(__DATE__) L" " TEXT(__TIME__)
 #define MIMIKATZ_SECOND			L"\"" MIMIKATZ_CODENAME L"\""
 #define MIMIKATZ_SPECIAL		L"                                "
 #define MIMIKATZ_DEFAULT_LOG	MIMIKATZ L".log"
 #define MIMIKATZ_KERBEROS_EXT	L"kirbi"
-#define MIMIKATZ_NONCE			1818848256
+#define MIMIKATZ_NONCE			1802073961
 
 #ifdef _WINDLL
 	#define MIMIKATZ_AUTO_COMMAND_START		0

kekeo/kekeo.rc

@@ -24,7 +24,7 @@ BLOCK "StringFileInfo"
 			VALUE "LegalCopyright", "Copyright (c) 2014 - 2019 gentilkiwi (Benjamin DELPY)"
 			VALUE "OriginalFilename", "kekeo.exe"
 			VALUE "PrivateBuild", "Build with love for POC only"
-			VALUE "SpecialBuild", "lil :)"
+			VALUE "SpecialBuild", ":)"
 		END
 	END
 	BLOCK "VarFileInfo"

kekeo/modules/kuhl_m_tgt.c

@@ -420,7 +420,6 @@ BOOL kuhl_m_tgt_httpserver_recvForMe(SOCKET clientSocket, LPBYTE *data, DWORD *d
 {
 	BOOL status = FALSE, toContinue;
 	DWORD t = KULL_M_SOCK_DEFAULT_BUFLEN;
-	LPSTR myBuffer;
 	int iResult;
 
 	*dataLen = 0;
@@ -435,12 +434,8 @@ BOOL kuhl_m_tgt_httpserver_recvForMe(SOCKET clientSocket, LPBYTE *data, DWORD *d
 			{
 				*dataLen += iResult;
 				t -= iResult;
-				if(kull_m_string_copyA_len(&myBuffer, (char *) *data, *dataLen))
-				{
-					toContinue = !strstr(myBuffer, "\r\n\r\n");
-					status = TRUE;
-					LocalFree(&myBuffer);
-				}
+				toContinue = !kuhl_m_tgt_deleg_searchInMemory("\r\n\r\n", 4, *data, *dataLen);
+				status = TRUE;
 			}
 			else if(iResult == 0)
 				kull_m_sock_error(0, L"recv/Connection closed");
@@ -594,18 +589,18 @@ PBYTE kuhl_m_tgt_deleg_searchDataAferOIDInBuffer(IN LPCVOID data, IN SIZE_T Size
 	DWORD i;
 	PBYTE ret = NULL;
 	for(i = 0; (i < ARRAYSIZE(kerberosOIDs)) && !ret; i++)
-		ret = (PBYTE) kuhl_m_tgt_deleg_searchInMemory(&kerberosOIDs[i], data, Size);
+		ret = (PBYTE) kuhl_m_tgt_deleg_searchInMemory(kerberosOIDs[i].value, kerberosOIDs[i].length, data, Size);
 	if(ret)
 		ret += kerberosOIDs[i - 1].length;
 	return ret;
 }
 
-PVOID kuhl_m_tgt_deleg_searchInMemory(IN const OssEncodedOID *oid, IN LPCVOID Start, IN SIZE_T Size)
+PVOID kuhl_m_tgt_deleg_searchInMemory(IN LPCVOID Pattern, IN SIZE_T PatternSize, IN LPCVOID Start, IN SIZE_T Size)
 {
 	BOOL status = FALSE;
 	PBYTE Result = NULL, CurrentPtr, limite = (PBYTE) Start + Size;
-	for(CurrentPtr = (PBYTE) Start; !status && (CurrentPtr + oid->length <= limite); CurrentPtr++)
-		status = RtlEqualMemory(oid->value, CurrentPtr, oid->length);
+	for(CurrentPtr = (PBYTE) Start; !status && (CurrentPtr + PatternSize <= limite); CurrentPtr++)
+		status = RtlEqualMemory(Pattern, CurrentPtr, PatternSize);
 	if(status)
 		Result = CurrentPtr - 1;
 	return Result;

kekeo/modules/kuhl_m_tgt.h

@@ -42,7 +42,7 @@ PSTR kuhl_m_tgt_httpserver_dealWithHeaders(LPCSTR data, DWORD size, LPCSTR toFin
 
 BOOL kuhl_m_tgt_deleg_from_negTokenInit(LPCVOID data, LONG dataLen, PKUHL_M_KERBEROS_GETENCRYPTIONKEYFROMAPREQ callback, PVOID userdata);
 PBYTE kuhl_m_tgt_deleg_searchDataAferOIDInBuffer(IN LPCVOID data, IN SIZE_T Size);
-PVOID kuhl_m_tgt_deleg_searchInMemory(IN const OssEncodedOID *oid, IN LPCVOID Start, IN SIZE_T Size);
+PVOID kuhl_m_tgt_deleg_searchInMemory(IN LPCVOID Pattern, IN SIZE_T PatternSize, IN LPCVOID Start, IN SIZE_T Size);
 
 BOOL CALLBACK kuhl_m_tgt_deleg_EncryptionKeyFromCache(AP_REQ *ApReq, EncryptionKey *key, LPVOID UserData);
 BOOL CALLBACK kuhl_m_tgt_deleg_EncryptionKeyFromTicket(AP_REQ *ApReq, EncryptionKey *key, LPVOID UserData); // TODO