def _get_NTLM2_response(password, server_challenge, client_challenge):
"""
[MS-NLMP] v28.0 2016-07-14
This name is really misleading as it isn't NTLM v2 authentication
rather this authentication is only used when the ntlm_compatibility
level is set to a value < 3 (No NTLMv2 auth) but the
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is set in the negotiate
flags section. The documentation for computing this value is on page 56
under section 3.3.1 NTLM v1 Authentication
:param password: The password of the user we are trying to authenticate
with
:param server_challenge: A random 8-byte response generated by the
server in the CHALLENGE_MESSAGE
:param client_challenge: A random 8-byte response generated by the
client for the AUTHENTICATE_MESSAGE
:return response: NtChallengeResponse to the server_challenge
:return session_base_key: A session key calculated from the user
password challenge
"""
ntlm_hash = comphash._ntowfv1(password)
challenge = server_challenge + client_challenge
nt_session_hash = hashlib.md5(challenge).digest()[:8]
response = ComputeResponse._calc_resp(ntlm_hash, nt_session_hash[0:8])
session_base_key = hashlib.new('md4', ntlm_hash).digest()
return response, session_base_key
def test_ntowfv1_hash(self):
# 4.2.2.1.2 - NTOWFv1()
expected = b"\xa4\xf4\x9c\x40\x65\x10\xbd\xca" \
b"\xb6\x82\x4e\xe7\xc3\x0f\xd8\x52"
password_hash = "e52cac67419a9a224a3b108f3fa6cb6d:" \
"a4f49c406510bdcab6824ee7c30fd852"
actual = compute_hash._ntowfv1(password_hash)
assert actual == expected
def _get_NTLMv1_response(password, server_challenge):
"""
[MS-NLMP] v28.0 2016-07-14
2.2.2.6 NTLM v1 Response: NTLM_RESPONSE
The NTLM_RESPONSE strucutre defines the NTLM v1 authentication NtChallengeResponse
in the AUTHENTICATE_MESSAGE. This response is only used when NTLM v1 authentication
is configured.
:param password: The password of the user we are trying to authenticate with
:param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE
:return response: NtChallengeResponse to the server_challenge
:return session_base_key: A session key calculated from the user password challenge
"""
ntlm_hash = comphash._ntowfv1(password)
response = ComputeResponse._calc_resp(ntlm_hash, server_challenge)
session_base_key = hashlib.new('md4', ntlm_hash).digest()
return response, session_base_key
def _get_NTLMv1_response(password, server_challenge):
"""
[MS-NLMP] v28.0 2016-07-14
2.2.2.6 NTLM v1 Response: NTLM_RESPONSE
The NTLM_RESPONSE strucutre defines the NTLM v1 authentication NtChallengeResponse
in the AUTHENTICATE_MESSAGE. This response is only used when NTLM v1 authentication
is configured.
:param password: The password of the user we are trying to authenticate with
:param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE
:return response: NtChallengeResponse to the server_challenge
:return session_base_key: A session key calculated from the user password challenge
"""
ntlm_hash = comphash._ntowfv1(password)
response = ComputeResponse._calc_resp(ntlm_hash, server_challenge)
session_base_key = hashlib.new('md4', ntlm_hash).digest()
return response, session_base_key
def _get_NTLM2_response(password, server_challenge, client_challenge):
"""
[MS-NLMP] v28.0 2016-07-14
This name is really misleading as it isn't NTLM v2 authentication rather
This authentication is only used when the ntlm_compatibility level is set
to a value < 3 (No NTLMv2 auth) but the NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
flag is set in the negotiate flags section. The documentation for computing this
value is on page 56 under section 3.3.1 NTLM v1 Authentication
:param password: The password of the user we are trying to authenticate with
:param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE
:param client_challenge: A random 8-byte response generated by the client for the AUTHENTICATE_MESSAGE
:return response: NtChallengeResponse to the server_challenge
:return session_base_key: A session key calculated from the user password challenge
"""
ntlm_hash = comphash._ntowfv1(password)
nt_session_hash = hashlib.md5(server_challenge + client_challenge).digest()[:8]
response = ComputeResponse._calc_resp(ntlm_hash, nt_session_hash[0:8])
session_base_key = hashlib.new('md4', ntlm_hash).digest()
return response, session_base_key
def test_ntowfv1(self):
# 4.2.2.1.2 - NTOWFv1()
expected = b"\xa4\xf4\x9c\x40\x65\x10\xbd\xca" \
b"\xb6\x82\x4e\xe7\xc3\x0f\xd8\x52"
actual = compute_hash._ntowfv1("Password")
assert actual == expected
def test_ntowfv1(self):
expected = ntlmv1_ntowfv1
actual = comphash._ntowfv1(password)
assert actual == expected
