Created
August 11, 2017 03:07
-
-
Save eam/b6c96475b832c32fcf630441c2c75690 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| class CredCache | |
| def initialize(filename) | |
| @data = File.binread(filename) | |
| @position = 0 | |
| @magic_version = nil | |
| end | |
| # primary method for stepping through the data | |
| def get_bytes(count) | |
| bytes = @data[@position, count] | |
| @position += count | |
| bytes | |
| end | |
| def get_int8 | |
| get_bytes(1).unpack("C").first | |
| end | |
| def get_int16 | |
| get_bytes(2).unpack("n").first | |
| end | |
| def get_int32 | |
| get_bytes(4).unpack("N").first | |
| end | |
| def get_data | |
| length = get_int32 | |
| puts "in get_data, length: #{length}" | |
| get_bytes(length) | |
| end | |
| def read_magic | |
| magic_five = get_int8 | |
| raise "not a kerberos cache file" unless 5 == magic_five | |
| @magic_version = get_int8 | |
| raise "not a version 4 kerberos cache file" unless 4 == @magic_version | |
| puts "read header" | |
| end | |
| def read_header | |
| @header_length = get_int16 | |
| header_start = @position | |
| puts "header length #{@header_length}" | |
| raise "illegal header length" unless 12 == @header_length | |
| read_header_field | |
| end | |
| def read_header_field | |
| puts "read header field" | |
| tag = get_int16 | |
| length = get_int16 | |
| puts "header field: tag: #{tag}, length: #{length}" | |
| raise "unknown header contents" unless 1 == tag && 8 == length | |
| sec = get_int32 | |
| usec = get_int32 | |
| puts "header sec,usec: #{sec}, #{usec}" | |
| end | |
| def read_principal | |
| name_type = get_int32 | |
| puts "here name type: #{name_type}" | |
| count_of_components = get_int32 | |
| realm = get_data | |
| puts "name type: #{name_type}, comp count: #{count_of_components}" | |
| components = [] | |
| count_of_components.times do |i| | |
| puts " reading component number: #{i}" | |
| components.push get_data | |
| end | |
| {name_type: name_type, realm: realm, components: components} | |
| end | |
| def read_keyblock | |
| enctype = get_int16 | |
| puts "enctype: #{enctype}" | |
| repeated_enctype = get_int16 | |
| puts "toss: #{repeated_enctype}" | |
| #buff = @data[@position, 76] | |
| #puts "I see: #{buff.inspect}" | |
| data = get_bytes(72) | |
| {enctype: enctype, data: data} | |
| end | |
| def doit | |
| read_magic | |
| read_header | |
| client_principal = read_principal | |
| puts "client princ: #{client_principal}" | |
| server_principal = read_principal | |
| puts "server princ: #{server_principal}" | |
| keyblock = read_keyblock | |
| puts "keyblock: #{keyblock}" | |
| authtime = get_int32 | |
| starttime = get_int32 | |
| endtime = get_int32 | |
| renew_till = get_int32 | |
| is_skey = get_int8 | |
| ticket_flags = get_int32 | |
| puts "authtime: #{authtime}, starttime: #{starttime} endtime: #{endtime}, renew_till: #{renew_till}, is_skey: #{is_skey}" | |
| puts "ticket_flags: #{ticket_flags}" | |
| puts "pos: #{@position}" | |
| end | |
| end | |
| CredCache.new(ARGV.shift).doit | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment