| skipped 180 lines |
181 | 181 | | NtHash = codecs.encode(SSPIStart[NthashOffset:NthashOffset+NthashLen],"hex").upper() |
182 | 182 | | DomainLen = struct.unpack('<H',data[30:32])[0] |
183 | 183 | | DomainOffset = struct.unpack('<H',data[32:34])[0] |
184 | | - | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].strip(b"\x00") |
| 184 | + | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].replace(b"\x00",b"") |
185 | 185 | | UserLen = struct.unpack('<H',data[38:40])[0] |
186 | 186 | | UserOffset = struct.unpack('<H',data[40:42])[0] |
187 | | - | User = SSPIStart[UserOffset:UserOffset+UserLen].strip(b"\x00") |
| 187 | + | User = SSPIStart[UserOffset:UserOffset+UserLen].replace(b"\x00",b"") |
188 | 188 | | writehash = '%s::%s:%s:%s:%s' % (User.decode('latin-1'),Domain.decode('latin-1'), LMHash.decode('latin-1'), NtHash.decode('latin-1'), Challenge.decode('latin-1')) |
189 | 189 | | WriteData("logs/NTLMv1.txt", writehash, User) |
190 | 190 | | return "NTLMv1 complete hash is: %s\n"%(writehash), User.decode('latin-1')+"::"+Domain.decode('latin-1') |
| skipped 2 lines |
193 | 193 | | NtHash = codecs.encode(SSPIStart[NthashOffset:NthashOffset+NthashLen],"hex").upper() |
194 | 194 | | DomainLen = struct.unpack('<H',data[30:32])[0] |
195 | 195 | | DomainOffset = struct.unpack('<H',data[32:34])[0] |
196 | | - | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].strip(b"\x00") |
| 196 | + | Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].replace(b"\x00",b"") |
197 | 197 | | UserLen = struct.unpack('<H',data[38:40])[0] |
198 | 198 | | UserOffset = struct.unpack('<H',data[40:42])[0] |
199 | | - | User = SSPIStart[UserOffset:UserOffset+UserLen].strip(b"\x00") |
| 199 | + | User = SSPIStart[UserOffset:UserOffset+UserLen].replace(b"\x00",b"") |
200 | 200 | | writehash = '%s::%s:%s:%s:%s' % (User.decode('latin-1'),Domain.decode('latin-1'), Challenge.decode('latin-1'), NtHash[:32].decode('latin-1'), NtHash[32:].decode('latin-1')) |
201 | 201 | | WriteData("logs/NTLMv2.txt", writehash, User) |
202 | 202 | | return "NTLMv2 complete hash is: %s\n"%(writehash),User.decode('latin-1')+"::"+Domain.decode('latin-1') |
| skipped 607 lines |