def construct(server_challenge, client_challenge, credentials): ntlm_creds = netntlm_ess() ntlm_creds.credentials = credentials ntlm_creds.ServerChallenge = server_challenge if credentials.password: nt_hash = NTOWFv1(credentials.password) lm_hash = LMOWFv1(credentials.password) else: nt_hash = bytes.fromhex(credentials.nt_hash) lm_hash = bytes.fromhex(credentials.lm_hash) if credentials.lm_hash else None ntlm_creds.LMResponse = LMResponse() ntlm_creds.LMResponse.Response = client_challenge + b'\x00' * 16 temp_1 = md5(server_challenge + client_challenge[:8]).digest() data = DESL(nt_hash, temp_1[:8]) ntlm_creds.NTResponse = NTLMv1Response() ntlm_creds.NTResponse.Response = data ntlm_creds.SessionBaseKey = md4(nt_hash).digest() return ntlm_creds
def get_key_for_enctype(self,
etype: EncryptionType,
salt: bytes = None) -> bytes:
"""
Returns the encryption key bytes for the enctryption type.
"""
if etype == EncryptionType.AES256_CTS_HMAC_SHA1_96:
if self.kerberos_key_aes_256:
return bytes.fromhex(self.kerberos_key_aes_256)
if self.password is not None:
if not salt:
salt = (self.domain.upper() + self.username).encode()
return string_to_key(Enctype.AES256, self.password.encode(),
salt).contents
raise Exception('There is no key for AES256 encryption')
elif etype == EncryptionType.AES128_CTS_HMAC_SHA1_96:
if self.kerberos_key_aes_128:
return bytes.fromhex(self.kerberos_key_aes_128)
if self.password is not None:
if not salt:
salt = (self.domain.upper() + self.username).encode()
return string_to_key(Enctype.AES128, self.password.encode(),
salt).contents
raise Exception('There is no key for AES128 encryption')
elif etype == EncryptionType.ARCFOUR_HMAC_MD5:
if self.kerberos_key_rc4:
return bytes.fromhex(self.kerberos_key_rc4)
if self.nt_hash:
return bytes.fromhex(self.nt_hash)
elif self.password:
self.nt_hash = hashlib.md4(
self.password.encode('utf-16-le')).hexdigest().upper()
return bytes.fromhex(self.nt_hash)
else:
raise Exception('There is no key for RC4 encryption')
elif etype == EncryptionType.DES3_CBC_SHA1:
if self.kerberos_key_des3:
return bytes.fromhex(self.kerberos_key_des)
elif self.password:
if not salt:
salt = (self.domain.upper() + self.username).encode()
return string_to_key(Enctype.DES3, self.password.encode(),
salt).contents
else:
raise Exception('There is no key for DES3 encryption')
elif etype == EncryptionType.DES_CBC_MD5: #etype == EncryptionType.DES_CBC_CRC or etype == EncryptionType.DES_CBC_MD4 or
if self.kerberos_key_des:
return bytes.fromhex(self.kerberos_key_des)
elif self.password:
if not salt:
salt = (self.domain.upper() + self.username).encode()
return string_to_key(Enctype.DES_MD5, self.password.encode(),
salt).contents
else:
raise Exception('There is no key for DES3 encryption')
else:
raise Exception('Unsupported encryption type: %s' % etype.name)
def calc_session_base_key(self, creds, credtype = 'plain'):
if credtype == 'plain':
nt_hash = NTOWFv1(creds[self.domain][self.username])
elif credtype == 'hash':
nt_hash = bytes.fromhex(creds[self.domain][self.username])
else:
raise Exception('Unknown cred type!')
session_base_key = md4(nt_hash).digest()
return session_base_key
def construct(server_challenge, credentials): ntlm_creds = netntlm() ntlm_creds.credentials = credentials ntlm_creds.ServerChallenge = server_challenge if credentials.password: nt_hash = NTOWFv1(credentials.password) lm_hash = LMOWFv1(credentials.password) else: nt_hash = bytes.fromhex(credentials.nt_hash) lm_hash = bytes.fromhex(credentials.lm_hash) if credentials.lm_hash else None ntlm_creds.NTResponse = NTLMv1Response() ntlm_creds.NTResponse.Response = DESL(nt_hash, server_challenge) if lm_hash: ntlm_creds.LMResponse = LMResponse() ntlm_creds.LMResponse.Response = DESL(lm_hash, server_challenge) else: ntlm_creds.LMResponse = ntresponse ntlm_creds.SessionBaseKey = md4(nt_hash).digest() return ntlm_creds
def NTOWFv1(password):
return md4(password.encode('utf-16le')).digest()
def string_to_key(cls, string, salt, params):
utf16string = string.decode('UTF-8').encode('UTF-16LE')
#return Key(cls.enctype, hashlib.new('md4', utf16string).digest())
data = md4(
utf16string).digest() #hashlib.new('md4', utf16string).digest()
return Key(cls.enctype, data)
