`dissect.database.ese.ntds.pek`¶

Module Contents¶

Classes¶

Password Encryption Key (PEK) handler.

Attributes¶

`HAS_CRYPTO`
`AUTHENTICATOR`

dissect.database.ese.ntds.pek.HAS_CRYPTO = True¶

dissect.database.ese.ntds.pek.AUTHENTICATOR¶

class dissect.database.ese.ntds.pek.PEK(pek: bytes)¶

Password Encryption Key (PEK) handler.

Parameters:: pek – The raw PEK blob from the NTDS database.

pek¶

encrypted¶

decrypted = None¶

property version: int¶: PEK version.

property unlocked: bool¶: Indicates whether the PEK has been unlocked.

property keys: dict[int, bytes]¶: Dictionary of PEK keys by their key ID.

unlock(key: bytes) → None¶

Unlock the PEK list using the provided “syskey”.

Parameters:: key – The syskey of the domain controller.

decrypt(data: bytes) → bytes¶

Decrypt data using the PEK list.

Parameters:: data – The encrypted data blob.