diff --git a/inc/globals.h b/inc/globals.h index f58011d..8e8fdbb 100644 --- a/inc/globals.h +++ b/inc/globals.h @@ -26,12 +26,12 @@ #define MIMIKATZ L"kekeo" #define MIMIKATZ_VERSION L"2.1" #define MIMIKATZ_CODENAME L"A La Vie, A L\'Amour" -#define MIMIKATZ_FULL MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") built on " TEXT(__DATE__) L" " TEXT(__TIME__) L" - lil!" +#define MIMIKATZ_FULL MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") built on " TEXT(__DATE__) L" " TEXT(__TIME__) #define MIMIKATZ_SECOND L"\"" MIMIKATZ_CODENAME L"\"" #define MIMIKATZ_SPECIAL L" " #define MIMIKATZ_DEFAULT_LOG MIMIKATZ L".log" #define MIMIKATZ_KERBEROS_EXT L"kirbi" -#define MIMIKATZ_NONCE 1818848256 +#define MIMIKATZ_NONCE 1802073961 #ifdef _WINDLL #define MIMIKATZ_AUTO_COMMAND_START 0 diff --git a/kekeo/kekeo.rc b/kekeo/kekeo.rc index bb29c1b..5e23d9b 100644 --- a/kekeo/kekeo.rc +++ b/kekeo/kekeo.rc @@ -24,7 +24,7 @@ BLOCK "StringFileInfo" VALUE "LegalCopyright", "Copyright (c) 2014 - 2019 gentilkiwi (Benjamin DELPY)" VALUE "OriginalFilename", "kekeo.exe" VALUE "PrivateBuild", "Build with love for POC only" - VALUE "SpecialBuild", "lil :)" + VALUE "SpecialBuild", ":)" END END BLOCK "VarFileInfo" diff --git a/kekeo/modules/kuhl_m_tgt.c b/kekeo/modules/kuhl_m_tgt.c index 00bf842..ec254ff 100644 --- a/kekeo/modules/kuhl_m_tgt.c +++ b/kekeo/modules/kuhl_m_tgt.c @@ -420,7 +420,6 @@ BOOL kuhl_m_tgt_httpserver_recvForMe(SOCKET clientSocket, LPBYTE *data, DWORD *d { BOOL status = FALSE, toContinue; DWORD t = KULL_M_SOCK_DEFAULT_BUFLEN; - LPSTR myBuffer; int iResult; *dataLen = 0; @@ -435,12 +434,8 @@ BOOL kuhl_m_tgt_httpserver_recvForMe(SOCKET clientSocket, LPBYTE *data, DWORD *d { *dataLen += iResult; t -= iResult; - if(kull_m_string_copyA_len(&myBuffer, (char *) *data, *dataLen)) - { - toContinue = !strstr(myBuffer, "\r\n\r\n"); - status = TRUE; - LocalFree(&myBuffer); - } + toContinue = !kuhl_m_tgt_deleg_searchInMemory("\r\n\r\n", 4, *data, *dataLen); + status = TRUE; } else if(iResult == 0) kull_m_sock_error(0, L"recv/Connection closed"); @@ -594,18 +589,18 @@ PBYTE kuhl_m_tgt_deleg_searchDataAferOIDInBuffer(IN LPCVOID data, IN SIZE_T Size DWORD i; PBYTE ret = NULL; for(i = 0; (i < ARRAYSIZE(kerberosOIDs)) && !ret; i++) - ret = (PBYTE) kuhl_m_tgt_deleg_searchInMemory(&kerberosOIDs[i], data, Size); + ret = (PBYTE) kuhl_m_tgt_deleg_searchInMemory(kerberosOIDs[i].value, kerberosOIDs[i].length, data, Size); if(ret) ret += kerberosOIDs[i - 1].length; return ret; } -PVOID kuhl_m_tgt_deleg_searchInMemory(IN const OssEncodedOID *oid, IN LPCVOID Start, IN SIZE_T Size) +PVOID kuhl_m_tgt_deleg_searchInMemory(IN LPCVOID Pattern, IN SIZE_T PatternSize, IN LPCVOID Start, IN SIZE_T Size) { BOOL status = FALSE; PBYTE Result = NULL, CurrentPtr, limite = (PBYTE) Start + Size; - for(CurrentPtr = (PBYTE) Start; !status && (CurrentPtr + oid->length <= limite); CurrentPtr++) - status = RtlEqualMemory(oid->value, CurrentPtr, oid->length); + for(CurrentPtr = (PBYTE) Start; !status && (CurrentPtr + PatternSize <= limite); CurrentPtr++) + status = RtlEqualMemory(Pattern, CurrentPtr, PatternSize); if(status) Result = CurrentPtr - 1; return Result; diff --git a/kekeo/modules/kuhl_m_tgt.h b/kekeo/modules/kuhl_m_tgt.h index 4c65916..cf4ef7d 100644 --- a/kekeo/modules/kuhl_m_tgt.h +++ b/kekeo/modules/kuhl_m_tgt.h @@ -42,7 +42,7 @@ PSTR kuhl_m_tgt_httpserver_dealWithHeaders(LPCSTR data, DWORD size, LPCSTR toFin BOOL kuhl_m_tgt_deleg_from_negTokenInit(LPCVOID data, LONG dataLen, PKUHL_M_KERBEROS_GETENCRYPTIONKEYFROMAPREQ callback, PVOID userdata); PBYTE kuhl_m_tgt_deleg_searchDataAferOIDInBuffer(IN LPCVOID data, IN SIZE_T Size); -PVOID kuhl_m_tgt_deleg_searchInMemory(IN const OssEncodedOID *oid, IN LPCVOID Start, IN SIZE_T Size); +PVOID kuhl_m_tgt_deleg_searchInMemory(IN LPCVOID Pattern, IN SIZE_T PatternSize, IN LPCVOID Start, IN SIZE_T Size); BOOL CALLBACK kuhl_m_tgt_deleg_EncryptionKeyFromCache(AP_REQ *ApReq, EncryptionKey *key, LPVOID UserData); BOOL CALLBACK kuhl_m_tgt_deleg_EncryptionKeyFromTicket(AP_REQ *ApReq, EncryptionKey *key, LPVOID UserData); // TODO \ No newline at end of file