def __init__(self, settings):
self.settings = settings
self.mode = None #'CLIENT'
self.sspi = WSNETAuth()
self.operator = None
self.client = None
self.target = None
self.seq_number = 0
self.session_key = None
self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings):
self.settings = settings
self.mode = None #'CLIENT'
self.sspi = None
self.operator = None
self.client = None
self.target = None
#self.ntlmChallenge = None
self.session_key = None
self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' url = '%s://%s:%s' % (self.settings.proto, self.settings.host, self.settings.port) self.sspi = WSNETSSPIProxy(url, self.settings.agent_id) self.operator = None self.client = None self.target = None self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings):
self.settings = settings
self.mode = 'CLIENT'
self.username = settings.username
self.password = settings.password
self.domain = settings.domain
self.actual_ctx_flags = None
self.flags = ISC_REQ.CONNECTION
if settings.encrypt is True:
#self.flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY| ISC_REQ.USE_SESSION_KEY| ISC_REQ.INTEGRITY| ISC_REQ.SEQUENCE_DETECT| ISC_REQ.CONNECTION
self.flags = ISC_REQ.CONNECTION | ISC_REQ.CONFIDENTIALITY
self.sspi = NTLMMSLDAPSSPI()
self.seq_number = 0
self.session_key = None
self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
class MSLDAPWSNetNTLMAuth:
def __init__(self, settings):
self.settings = settings
self.mode = None #'CLIENT'
self.sspi = WSNETAuth()
self.operator = None
self.client = None
self.target = None
self.seq_number = 0
self.session_key = None
self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def setup(self):
return
@property
def ntlmChallenge(self):
return self.ntlm_ctx.ntlmChallenge
def get_sealkey(self, mode='Client'):
return self.ntlm_ctx.get_sealkey(mode=mode)
def get_signkey(self, mode='Client'):
return self.ntlm_ctx.get_signkey(mode=mode)
def signing_needed(self):
return self.ntlm_ctx.signing_needed()
def encryption_needed(self):
return self.ntlm_ctx.encryption_needed()
async def encrypt(self, data, message_no):
return await self.ntlm_ctx.encrypt(data, message_no)
async def decrypt(self,
data,
sequence_no,
direction='init',
auth_data=None):
return await self.ntlm_ctx.decrypt(data,
sequence_no,
direction=direction,
auth_data=auth_data)
async def sign(self, data, message_no, direction=None, reset_cipher=False):
return await self.ntlm_ctx.sign(data,
message_no,
direction=None,
reset_cipher=reset_cipher)
def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt,
seqNum, cipher_encrypt):
return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign,
messageToEncrypt, seqNum, cipher_encrypt)
def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)
def get_session_key(self):
return self.session_key
def get_seq_number(self):
return self.seq_number
def is_extended_security(self):
return self.ntlm_ctx.is_extended_security()
async def authenticate(self,
authData=b'',
flags=None,
seq_number=0,
cb_data=None):
try:
if flags is None:
flags = ISC_REQ.CONNECTION
if authData is None:
status, ctxattr, data, err = await self.sspi.authenticate(
'NTLM', '', '', 3, flags.value, authdata=b'')
if err is not None:
raise err
self.ntlm_ctx.load_negotiate(data)
return data, True, None
else:
self.ntlm_ctx.load_challenge(authData)
status, ctxattr, data, err = await self.sspi.authenticate(
'NTLM', '', '', 3, flags.value, authdata=authData)
if err is not None:
raise err
if err is None:
self.ntlm_ctx.load_authenticate(data)
self.session_key, err = await self.sspi.get_sessionkey()
if err is not None:
raise err
self.ntlm_ctx.load_sessionkey(self.get_session_key())
await self.sspi.disconnect()
return data, False, None
except Exception as e:
return None, None, e
def build(self):
if self.creds.auth_method == LDAPAuthProtocol.SICILY:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception(
'NTLM authentication requres password/NT hash!')
if len(self.creds.password) == 32:
try:
bytes.fromhex(self.creds.password)
except:
ntlmcred.password = self.creds.password
else:
ntlmcred.nt_hash = self.creds.password
else:
ntlmcred.password = self.creds.password
settings = NTLMHandlerSettings(ntlmcred)
return NTLMAUTHHandler(settings)
elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE:
cred = MSLDAPPLAINCredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method == LDAPAuthProtocol.PLAIN:
cred = MSLDAPSIMPLECredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method in [
LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT
]:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception('NTLM authentication requres password!')
if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD:
ntlmcred.password = self.creds.password
elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT:
ntlmcred.nt_hash = self.creds.password
else:
raise Exception('Unknown NTLM auth method!')
settings = NTLMHandlerSettings(ntlmcred)
handler = NTLMAUTHHandler(settings)
##setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT,
LDAPAuthProtocol.KERBEROS_AES,
LDAPAuthProtocol.KERBEROS_PASSWORD,
LDAPAuthProtocol.KERBEROS_CCACHE,
LDAPAuthProtocol.KERBEROS_KEYTAB
]:
if self.target is None:
raise Exception('Target must be specified with Kerberos!')
if self.target.host is None:
raise Exception(
'target must have a domain name or hostname for kerberos!')
if self.target.dc_ip is None:
raise Exception('target must have a dc_ip for kerberos!')
kcred = MSLDAPKerberosCredential()
kc = KerberosCredential()
kc.username = self.creds.username
kc.domain = self.creds.domain
kcred.enctypes = []
if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD:
kc.password = self.creds.password
kcred.enctypes = [23, 17, 18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT:
kc.nt_hash = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES:
if len(self.creds.password) == 32:
kc.kerberos_key_aes_128 = self.creds.password
kcred.enctypes = [17]
elif len(self.creds.password) == 64:
kc.kerberos_key_aes_256 = self.creds.password
kcred.enctypes = [18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4:
kc.kerberos_key_rc4 = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE:
kc.ccache = self.creds.password
kcred.enctypes = [23, 17, 18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB:
kc.keytab = self.creds.password
kcred.enctypes = [23, 17, 18]
else:
raise Exception(
'No suitable secret type found to set up kerberos!')
if self.creds.etypes is not None:
kcred.enctypes = list(
set(self.creds.etypes).intersection(set(kcred.enctypes)))
kcred.ccred = kc
kcred.spn = KerberosSPN.from_target_string(
self.target.to_target_string())
kcred.target = KerberosTarget(self.target.dc_ip)
kcred.encrypt = self.creds.encrypt
if self.target.proxy is not None:
kcred.target.proxy = KerberosProxy()
kcred.target.proxy.type = self.target.proxy.type
kcred.target.proxy.target = copy.deepcopy(
self.target.proxy.target)
kcred.target.proxy.target.endpoint_ip = self.target.dc_ip
kcred.target.proxy.target.endpoint_port = 88
kcred.target.proxy.creds = copy.deepcopy(
self.target.proxy.auth)
handler = MSLDAPKerberos(kcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS:
if self.target is None:
raise Exception('Target must be specified with Kerberos SSPI!')
kerbcred = MSLDAPKerberosSSPICredential()
kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
kerbcred.spn = self.target.to_target_string()
kerbcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosSSPI(kerbcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM:
ntlmcred = MSLDAPNTLMSSPICredential()
ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMSSPI(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method.value.startswith('MULTIPLEXOR'):
if self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM,
LDAPAuthProtocol.MULTIPLEXOR_NTLM
]:
from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS,
LDAPAuthProtocol.MULTIPLEXOR_KERBEROS
]:
from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
def build(self):
if self.creds.auth_method == LDAPAuthProtocol.SICILY:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception(
'NTLM authentication requres password/NT hash!')
if len(self.creds.password) == 32:
try:
bytes.fromhex(self.creds.password)
except:
ntlmcred.password = self.creds.password
else:
ntlmcred.nt_hash = self.creds.password
else:
ntlmcred.password = self.creds.password
settings = NTLMHandlerSettings(ntlmcred)
return NTLMAUTHHandler(settings)
elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE:
cred = MSLDAPPLAINCredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method == LDAPAuthProtocol.PLAIN:
cred = MSLDAPSIMPLECredential()
cred.username = self.creds.username
cred.domain = self.creds.domain
cred.password = self.creds.password
return cred
elif self.creds.auth_method in [
LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT
]:
ntlmcred = MSLDAPNTLMCredential()
ntlmcred.username = self.creds.username
ntlmcred.domain = self.creds.domain if self.creds.domain is not None else ''
ntlmcred.workstation = None
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
if self.creds.password is None:
raise Exception('NTLM authentication requres password!')
if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD:
ntlmcred.password = self.creds.password
elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT:
ntlmcred.nt_hash = self.creds.password
else:
raise Exception('Unknown NTLM auth method!')
settings = NTLMHandlerSettings(ntlmcred)
handler = NTLMAUTHHandler(settings)
##setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT,
LDAPAuthProtocol.KERBEROS_AES,
LDAPAuthProtocol.KERBEROS_PASSWORD,
LDAPAuthProtocol.KERBEROS_CCACHE,
LDAPAuthProtocol.KERBEROS_KEYTAB,
LDAPAuthProtocol.KERBEROS_KIRBI, LDAPAuthProtocol.KERBEROS_PFX,
LDAPAuthProtocol.KERBEROS_PEM,
LDAPAuthProtocol.KERBEROS_CERTSTORE
]:
if self.target is None:
raise Exception('Target must be specified with Kerberos!')
if self.target.host is None:
raise Exception(
'target must have a domain name or hostname for kerberos!')
if self.target.dc_ip is None:
raise Exception('target must have a dc_ip for kerberos!')
kcred = MSLDAPKerberosCredential()
if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI:
kc = KerberosCredential.from_kirbi(self.creds.password,
self.creds.username,
self.creds.domain)
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE:
kc = KerberosCredential.from_ccache_file(
self.creds.password, self.creds.username,
self.creds.domain)
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB:
kc = KerberosCredential.from_kirbi(self.creds.password,
self.creds.username,
self.creds.domain)
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PFX:
kc = KerberosCredential.from_pfx_file(
self.creds.username,
self.creds.password,
username=self.creds.altname,
domain=self.creds.altdomain)
self.creds.username = kc.username
self.creds.domain = kc.domain
self.target.domain = kc.domain
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PEM:
kc = KerberosCredential.from_pem_file(
self.creds.username,
self.creds.password,
username=self.creds.altname,
domain=self.creds.altdomain)
self.creds.username = kc.username
self.creds.domain = kc.domain
self.target.domain = kc.domain
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CERTSTORE:
# username is the CN of the certificate
# secret is the name of the certstore, default: MY
certstore = self.creds.secret
if self.creds.secret is None:
certstore = 'MY'
kc = KerberosCredential.from_windows_certstore(
self.creds.username,
certstore,
username=self.creds.altname,
domain=self.creds.altdomain)
self.creds.username = kc.username
self.creds.domain = kc.domain
self.target.domain = kc.domain
else:
kc = KerberosCredential()
kc.username = self.creds.username
kc.domain = self.creds.domain
kcred.enctypes = []
if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD:
kc.password = self.creds.password
kcred.enctypes = [23, 17, 18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT:
kc.nt_hash = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES:
if len(self.creds.password) == 32:
kc.kerberos_key_aes_128 = self.creds.password
kcred.enctypes = [17]
elif len(self.creds.password) == 64:
kc.kerberos_key_aes_256 = self.creds.password
kcred.enctypes = [18]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4:
kc.kerberos_key_rc4 = self.creds.password
kcred.enctypes = [23]
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE:
kcred.enctypes = [23, 17, 18] # TODO: fix this
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB:
kc.keytab = self.creds.password
kcred.enctypes = [23, 17, 18] # TODO: fix this
elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI:
kcred.enctypes = [23, 17, 18] # TODO: fix this
elif self.creds.auth_method in [
LDAPAuthProtocol.KERBEROS_PFX,
LDAPAuthProtocol.KERBEROS_CERTSTORE,
LDAPAuthProtocol.KERBEROS_PEM
]:
kcred.enctypes = [17, 18]
else:
raise Exception(
'No suitable secret type found to set up kerberos!')
if self.creds.etypes is not None:
kcred.enctypes = list(
set(self.creds.etypes).intersection(set(kcred.enctypes)))
kcred.ccred = kc
kcred.spn = KerberosSPN.from_target_string(
self.target.to_target_string())
kcred.target = KerberosTarget(self.target.dc_ip)
kcred.encrypt = self.creds.encrypt
if self.target.proxy is not None:
kcred.target.proxy = KerberosProxy()
kcred.target.proxy.type = self.target.proxy.type
kcred.target.proxy.target = copy.deepcopy(
self.target.proxy.target)
kcred.target.proxy.target[-1].endpoint_ip = self.target.dc_ip
kcred.target.proxy.target[-1].endpoint_port = 88
handler = MSLDAPKerberos(kcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS:
if self.target is None:
raise Exception('Target must be specified with Kerberos SSPI!')
kerbcred = MSLDAPKerberosSSPICredential()
kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
kerbcred.spn = self.target.to_target_string()
kerbcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosSSPI(kerbcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM:
ntlmcred = MSLDAPNTLMSSPICredential()
ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>'
ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>'
ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>'
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMSSPI(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider', handler)
return spneg
elif self.creds.auth_method.value.startswith('MULTIPLEXOR'):
if self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM,
LDAPAuthProtocol.MULTIPLEXOR_NTLM
]:
from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPNTLMMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method in [
LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS,
LDAPAuthProtocol.MULTIPLEXOR_KERBEROS
]:
from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor
ntlmcred = MSLDAPMultiplexorCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False
ntlmcred.parse_settings(self.creds.settings)
ntlmcred.encrypt = self.creds.encrypt
handler = MSLDAPKerberosMultiplexor(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
elif self.creds.auth_method.value.startswith('SSPIPROXY'):
if self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_NTLM:
from msldap.authentication.ntlm.sspiproxy import MSLDAPSSPIProxyNTLMAuth
ntlmcred = MSLDAPSSPIProxyCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
ntlmcred.host = self.creds.settings['host'][0]
ntlmcred.port = int(self.creds.settings['port'][0])
ntlmcred.proto = 'ws'
if 'proto' in self.creds.settings:
ntlmcred.proto = self.creds.settings['proto'][0]
if 'agentid' in self.creds.settings:
ntlmcred.agent_id = bytes.fromhex(
self.creds.settings['agentid'][0])
handler = MSLDAPSSPIProxyNTLMAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_KERBEROS:
from msldap.authentication.kerberos.sspiproxyws import MSLDAPSSPIProxyKerberosAuth
ntlmcred = MSLDAPSSPIProxyCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
ntlmcred.encrypt = self.creds.encrypt
ntlmcred.host = self.creds.settings['host'][0]
ntlmcred.port = self.creds.settings['port'][0]
ntlmcred.proto = 'ws'
if 'proto' in self.creds.settings:
ntlmcred.proto = self.creds.settings['proto'][0]
if 'agentid' in self.creds.settings:
ntlmcred.agent_id = bytes.fromhex(
self.creds.settings['agentid'][0])
handler = MSLDAPSSPIProxyKerberosAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
elif self.creds.auth_method.value.startswith('WSNET'):
if self.creds.auth_method in [LDAPAuthProtocol.WSNET_NTLM]:
from msldap.authentication.ntlm.wsnet import MSLDAPWSNetNTLMAuth
ntlmcred = MSLDAPWSNETCredential()
ntlmcred.type = 'NTLM'
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
handler = MSLDAPWSNetNTLMAuth(ntlmcred)
spneg = SPNEGO()
spneg.add_auth_context(
'NTLMSSP - Microsoft NTLM Security Support Provider',
handler)
return spneg
elif self.creds.auth_method in [LDAPAuthProtocol.WSNET_KERBEROS]:
from msldap.authentication.kerberos.wsnet import MSLDAPWSNetKerberosAuth
ntlmcred = MSLDAPWSNETCredential()
ntlmcred.type = 'KERBEROS'
ntlmcred.target = self.target
if self.creds.username is not None:
ntlmcred.username = '******'
if self.creds.domain is not None:
ntlmcred.domain = '<CURRENT>'
if self.creds.password is not None:
ntlmcred.password = '******'
ntlmcred.is_guest = False
handler = MSLDAPWSNetKerberosAuth(ntlmcred)
#setting up SPNEGO
spneg = SPNEGO()
spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5',
handler)
return spneg
class MSLDAPNTLMMultiplexor:
def __init__(self, settings):
self.settings = settings
self.mode = None #'CLIENT'
self.sspi = None
self.operator = None
self.client = None
self.target = None
self.seq_number = 0
self.session_key = None
self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def setup(self):
return
@property
def ntlmChallenge(self):
return self.ntlm_ctx.ntlmChallenge
def get_sealkey(self, mode='Client'):
return self.ntlm_ctx.get_sealkey(mode=mode)
def get_signkey(self, mode='Client'):
return self.ntlm_ctx.get_signkey(mode=mode)
def get_session_key(self):
return self.session_key
def is_extended_security(self):
return self.ntlm_ctx.is_extended_security()
def get_seq_number(self):
return self.seq_number
def signing_needed(self):
return self.ntlm_ctx.signing_needed()
def encryption_needed(self):
return self.ntlm_ctx.encryption_needed()
async def encrypt(self, data, message_no):
return await self.ntlm_ctx.encrypt(data, message_no)
async def decrypt(self,
data,
sequence_no,
direction='init',
auth_data=None):
return await self.ntlm_ctx.decrypt(data,
sequence_no,
direction=direction,
auth_data=auth_data)
async def sign(self, data, message_no, direction=None, reset_cipher=False):
return await self.ntlm_ctx.sign(data,
message_no,
direction=None,
reset_cipher=reset_cipher)
async def authenticate(self,
authData=None,
flags=None,
seq_number=0,
cb_data=None):
is_rpc = False
if self.sspi is None:
res, err = await self.start_remote_sspi()
if err is not None:
return None, None, err
if is_rpc is True and flags is None:
flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY | ISC_REQ.USE_SESSION_KEY | ISC_REQ.INTEGRITY | ISC_REQ.SEQUENCE_DETECT | ISC_REQ.CONNECTION
flags = int(flags)
if authData is None:
data, res = await self.sspi.authenticate(flags=flags)
if res is None:
self.ntlm_ctx.load_negotiate(data)
return data, res, None
else:
self.ntlm_ctx.load_challenge(authData)
data, res = await self.sspi.challenge(authData, flags=flags)
if res is None:
self.ntlm_ctx.load_authenticate(data)
self.session_key, res = await self.sspi.get_session_key()
if res is None:
self.ntlm_ctx.load_sessionkey(self.get_session_key())
return data, res, None
async def start_remote_sspi(self):
try:
#print(self.settings.get_url())
self.operator = MultiplexorOperator(self.settings.get_url(),
logging_sink=logger)
await self.operator.connect()
#creating virtual sspi server
server_info = await self.operator.start_sspi(self.settings.agent_id
)
#print(server_info)
sspi_url = 'ws://%s:%s' % (server_info['listen_ip'],
server_info['listen_port'])
#print(sspi_url)
self.sspi = SSPINTLMClient(sspi_url)
await self.sspi.connect()
return True, None
except Exception as e:
import traceback
traceback.print_exc()
return None, e
class SMBNTLMMultiplexor:
def __init__(self, settings):
self.settings = settings
self.mode = None #'CLIENT'
self.sspi = None
self.operator = None
self.client = None
self.target = None
#self.ntlmChallenge = None
self.session_key = None
self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def setup(self):
return
@property
def ntlmChallenge(self):
return self.ntlm_ctx.ntlmChallenge
def get_sealkey(self, mode='Client'):
return self.ntlm_ctx.get_sealkey(mode=mode)
def get_signkey(self, mode='Client'):
return self.ntlm_ctx.get_signkey(mode=mode)
def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt,
seqNum, cipher_encrypt):
return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign,
messageToEncrypt, seqNum, cipher_encrypt)
def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)
def get_session_key(self):
return self.session_key
def get_extra_info(self):
return self.ntlm_ctx.get_extra_info()
def is_extended_security(self):
return self.ntlm_ctx.is_extended_security()
#async def encrypt(self, data, message_no):
# return self.sspi.encrypt(data, message_no)
#
#async def decrypt(self, data, message_no):
# return self.sspi.decrypt(data, message_no)
async def authenticate(self,
authData=None,
flags=None,
seq_number=0,
is_rpc=False):
if self.sspi is None:
res = await self.start_remote_sspi()
if res is None:
raise Exception('Failed to start remote SSPI')
if is_rpc is True and flags is None:
flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY | ISC_REQ.USE_SESSION_KEY | ISC_REQ.INTEGRITY | ISC_REQ.SEQUENCE_DETECT | ISC_REQ.CONNECTION
flags = int(flags)
if self.settings.mode == 'CLIENT':
if authData is None:
data, res = await self.sspi.authenticate(flags=flags)
if res is None:
self.ntlm_ctx.load_negotiate(data)
return data, res
else:
self.ntlm_ctx.load_challenge(authData)
data, res = await self.sspi.challenge(authData, flags=flags)
if res is None:
self.ntlm_ctx.load_authenticate(data)
self.session_key, res = await self.sspi.get_session_key()
if res is None:
self.ntlm_ctx.load_sessionkey(self.get_session_key())
return data, res
else:
raise Exception('Server mode not implemented!')
async def start_remote_sspi(self):
try:
#print(self.settings.get_url())
self.operator = MultiplexorOperator(self.settings.get_url(),
logging_sink=logger)
await self.operator.connect()
#creating virtual sspi server
server_info = await self.operator.start_sspi(self.settings.agent_id
)
#print(server_info)
sspi_url = 'ws://%s:%s' % (server_info['listen_ip'],
server_info['listen_port'])
#print(sspi_url)
self.sspi = SSPINTLMClient(sspi_url)
await self.sspi.connect()
return True
except Exception as e:
import traceback
traceback.print_exc()
return None
class MSLDAPNTLMSSPI:
def __init__(self, settings):
self.settings = settings
self.mode = 'CLIENT'
self.username = settings.username
self.password = settings.password
self.domain = settings.domain
self.actual_ctx_flags = None
self.flags = ISC_REQ.CONNECTION
if settings.encrypt is True:
#self.flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY| ISC_REQ.USE_SESSION_KEY| ISC_REQ.INTEGRITY| ISC_REQ.SEQUENCE_DETECT| ISC_REQ.CONNECTION
self.flags = ISC_REQ.CONNECTION | ISC_REQ.CONFIDENTIALITY
self.sspi = NTLMMSLDAPSSPI()
self.seq_number = 0
self.session_key = None
self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
@property
def ntlmChallenge(self):
return self.ntlm_ctx.ntlmChallenge
def get_seq_number(self):
return self.ntlm_ctx.get_seq_number()
def signing_needed(self):
return self.ntlm_ctx.signing_needed()
def encryption_needed(self):
return self.ntlm_ctx.encryption_needed()
def get_sealkey(self, mode='Client'):
return self.ntlm_ctx.get_sealkey(mode=mode)
def get_signkey(self, mode='Client'):
return self.ntlm_ctx.get_signkey(mode=mode)
#def wrap(self, data, sequence_no):
# self.ntlm_ctx.wrap()
def unwrap(self, data):
return self.ntlm_ctx.unwrap(data)
def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt,
seqNum, cipher_encrypt):
return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign,
messageToEncrypt, seqNum, cipher_encrypt)
def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)
def sign(self, data, message_no=0, direction='init', reset_cipher=False):
return self.ntlm_ctx.sign(data,
message_no=message_no,
reset_cipher=reset_cipher)
def verify(self, data, signature):
return self.ntlm_ctx.verify(data, signature)
def get_session_key(self):
if not self.session_key:
self.session_key = self.sspi.get_session_key()
return self.session_key
#def get_extra_info(self):
# return self.ntlm_ctx.get_extra_info()
def is_extended_security(self):
return self.ntlm_ctx.is_extended_security()
def encrypt(self, data, message_no):
return self.ntlm_ctx.encrypt(data, message_no)
def decrypt(self, data, message_no, direction='init', auth_data=None):
return self.ntlm_ctx.decrypt(data,
message_no,
direction=direction,
auth_data=auth_data)
async def authenticate(self,
authData=None,
flags=None,
seq_number=0,
cb_data=None):
if authData is None:
try:
data, res = self.sspi.negotiate(ctx_flags=self.flags)
self.actual_ctx_flags = self.sspi.ctx_outflags
self.ntlm_ctx.load_negotiate(data)
return data, res, None
except Exception as e:
return None, None, e
else:
self.ntlm_ctx.load_challenge(authData)
data, res = self.sspi.authenticate(authData, ctx_flags=self.flags)
self.ntlm_ctx.load_authenticate(data)
self.ntlm_ctx.load_sessionkey(self.get_session_key())
return data, res, None