hiding oscrypto

skelsec · Dec 8, 2023 · e0c19dd · e0c19dd
1 parent 1e8fa86
commit e0c19dd
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 5 deletions.
diff --git a/builder/pyinstaller/build.bat b/builder/pyinstaller/build.bat
@@ -1,6 +1,6 @@
 @echo off
 set projectname=minikerberos
-set hiddenimports= --hidden-import cryptography --hidden-import cffi --hidden-import cryptography.hazmat.backends.openssl --hidden-import cryptography.hazmat.bindings._openssl --hidden-import unicrypto --hidden-import unicrypto.backends.pycryptodome.DES --hidden-import  unicrypto.backends.pycryptodome.TDES --hidden-import unicrypto.backends.pycryptodome.AES --hidden-import unicrypto.backends.pycryptodome.RC4 --hidden-import unicrypto.backends.pure.DES --hidden-import  unicrypto.backends.pure.TDES --hidden-import unicrypto.backends.pure.AES --hidden-import unicrypto.backends.pure.RC4 --hidden-import unicrypto.backends.cryptography.DES --hidden-import  unicrypto.backends.cryptography.TDES --hidden-import unicrypto.backends.cryptography.AES --hidden-import unicrypto.backends.cryptography.RC4 --hidden-import unicrypto.backends.pycryptodomex.DES --hidden-import  unicrypto.backends.pycryptodomex.TDES --hidden-import unicrypto.backends.pycryptodomex.AES --hidden-import unicrypto.backends.pycryptodomex.RC4
+set hiddenimports= --hidden-import oscrypto --hidden-import cryptography --hidden-import cffi --hidden-import cryptography.hazmat.backends.openssl --hidden-import cryptography.hazmat.bindings._openssl --hidden-import unicrypto --hidden-import unicrypto.backends.pycryptodome.DES --hidden-import  unicrypto.backends.pycryptodome.TDES --hidden-import unicrypto.backends.pycryptodome.AES --hidden-import unicrypto.backends.pycryptodome.RC4 --hidden-import unicrypto.backends.pure.DES --hidden-import  unicrypto.backends.pure.TDES --hidden-import unicrypto.backends.pure.AES --hidden-import unicrypto.backends.pure.RC4 --hidden-import unicrypto.backends.cryptography.DES --hidden-import  unicrypto.backends.cryptography.TDES --hidden-import unicrypto.backends.cryptography.AES --hidden-import unicrypto.backends.cryptography.RC4 --hidden-import unicrypto.backends.pycryptodomex.DES --hidden-import  unicrypto.backends.pycryptodomex.TDES --hidden-import unicrypto.backends.pycryptodomex.AES --hidden-import unicrypto.backends.pycryptodomex.RC4
 set root=%~dp0
 set repo=%root%..\..\%projectname%
 IF NOT DEFINED __BUILDALL_VENV__ (GOTO :CREATEVENV)

diff --git a/minikerberos/aioclient.py b/minikerberos/aioclient.py
@@ -807,7 +807,7 @@ async def get_referral_ticket(self, target_domain, target_ip = None):
 		target_addr = target_domain
 		if target_ip is not None:
 			target_addr = target_ip
-		newt = self.target.get_newtarget(target_addr)
+		newt = self.target.get_newtarget(target_addr, port=88)
 		newc = KerberosCredential.from_kirbi(kirbi, encoding='kirbi')
 		new_factory = KerberosClientFactory(newt, newc, newt.proxies)
 

diff --git a/minikerberos/common/creds.py b/minikerberos/common/creds.py
@@ -19,8 +19,10 @@
 from asn1crypto import cms
 from asn1crypto import algos
 from minikerberos.protocol.dirtydh import DirtyDH
-from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key
-from oscrypto.keys import parse_pkcs12, parse_certificate, parse_private
+
+# HIDDEN IMPORTS!!!! TODO: fix this
+#from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key
+#from oscrypto.keys import parse_pkcs12, parse_certificate, parse_private
 
 def get_encoded_data(data:bytes or str, encoding = 'file') -> bytes:
 	if encoding == 'file':
@@ -320,6 +322,8 @@ def set_user_and_domain_from_cert(self, username:str = None, domain:str = None):
 
 	@staticmethod
 	def from_pem_data(certdata: str or bytes, keydata:str or bytes, dhparams:DirtyDH = None, username:str = None, domain:str = None) -> KerberosCredential:
+		from oscrypto.keys import parse_certificate, parse_private
+
 		if isinstance(certdata, str):
 			certdata = base64.b64decode(certdata.replace(' ','').replace('\r','').replace('\n','').replace('\t',''))
 		if isinstance(keydata, str):
@@ -363,6 +367,9 @@ def from_windows_certstore(commonname:str, certstore_name:str = 'MY', dhparams:D
 
 	@staticmethod
 	def from_pfx_string(data: str or bytes, password:str, dhparams:DirtyDH = None, username:str = None, domain:str = None) -> KerberosCredential:
+
+		from oscrypto.keys import parse_pkcs12
+
 		k = KerberosCredential()
 		if password is None:
 			password = b''
@@ -426,6 +433,8 @@ def sign_authpack_native(self, data, wrap_signed = False):
 		2. the certificate used to sign the data blob
 		3. the singed 'signed_attrs' structure (ASN1) which points to the "data" structure (in point 1)
 		"""
+		from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key
+
 
 		da = {}
 		da['algorithm'] = algos.DigestAlgorithmId('1.3.14.3.2.26') # for sha1

diff --git a/minikerberos/common/target.py b/minikerberos/common/target.py
@@ -6,7 +6,7 @@ class KerberosTarget(UniTarget):
 	def __init__(self, ip:str = None, proxies = None, protocol = UniProto.CLIENT_TCP, timeout = 10, port = 88):
 		UniTarget.__init__(self, ip, port , protocol, timeout=timeout, proxies = proxies, dc_ip = ip)
 
-	def get_newtarget(self, ip, port=88, hostname = None):
+	def get_newtarget(self, ip, port:int=88, hostname:str = None):
 		return KerberosTarget(
 			ip, 
 			port = port,