def _get_LMv2_response(user_name, password, domain_name, server_challenge, client_challenge): """ [MS-NLMP] v28.0 2016-07-14 2.2.2.4 LMv2_RESPONSE The LMv2_RESPONSE structure defines the NTLM v2 authentication LmChallengeResponse in the AUTHENTICATE_MESSAGE. This response is used only when NTLM v2 authentication is configured. :param user_name: The user name of the user we are trying to authenticate with :param password: The password of the user we are trying to authenticate with :param domain_name: The domain name of the user account we are authenticated with :param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE :param client_challenge: A random 8-byte response generated by the client for the AUTHENTICATE_MESSAGE :return response: LmChallengeResponse to the server challenge """ nt_hash = comphash._ntowfv2(user_name, password, domain_name) challenge = server_challenge + client_challenge lm_hash = hmac.new(nt_hash, challenge, digestmod=hashlib.md5).digest() response = lm_hash + client_challenge return response
def _get_NTLMv2_response(user_name, password, domain_name, server_challenge, client_challenge, timestamp, target_info): """ [MS-NLMP] v28.0 2016-07-14 2.2.2.8 NTLM V2 Response: NTLMv2_RESPONSE The NTLMv2_RESPONSE strucutre defines the NTLMv2 authentication NtChallengeResponse in the AUTHENTICATE_MESSAGE. This response is used only when NTLMv2 authentication is configured. The guide on how this is computed is in 3.3.2 NTLM v2 Authentication. :param user_name: The user name of the user we are trying to authenticate with :param password: The password of the user we are trying to authenticate with :param domain_name: The domain name of the user account we are authenticated with :param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE :param client_challenge: A random 8-byte response generated by the client for the AUTHENTICATE_MESSAGE :param timestamp: An 8-byte timestamp in windows format, 100 nanoseconds since 1601-01-01 :param target_info: The target_info structure from the CHALLENGE_MESSAGE with the CBT attached if required :return response: NtChallengeResponse to the server_challenge :return session_base_key: A session key calculated from the user password challenge """ nt_hash = comphash._ntowfv2(user_name, password, domain_name) temp = ComputeResponse._get_NTLMv2_temp(timestamp, client_challenge, target_info) nt_proof_str = hmac.new(nt_hash, (server_challenge + temp)).digest() response = nt_proof_str + temp session_base_key = hmac.new(nt_hash, nt_proof_str).digest() return response, session_base_key
def _get_NTLMv2_response(user_name, password, domain_name, server_challenge, client_challenge, timestamp, target_info): """ [MS-NLMP] v28.0 2016-07-14 2.2.2.8 NTLM V2 Response: NTLMv2_RESPONSE The NTLMv2_RESPONSE strucutre defines the NTLMv2 authentication NtChallengeResponse in the AUTHENTICATE_MESSAGE. This response is used only when NTLMv2 authentication is configured. The guide on how this is computed is in 3.3.2 NTLM v2 Authentication. :param user_name: The user name of the user we are trying to authenticate with :param password: The password of the user we are trying to authenticate with :param domain_name: The domain name of the user account we are authenticated with :param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE :param client_challenge: A random 8-byte response generated by the client for the AUTHENTICATE_MESSAGE :param timestamp: An 8-byte timestamp in windows format, 100 nanoseconds since 1601-01-01 :param target_info: The target_info structure from the CHALLENGE_MESSAGE with the CBT attached if required :return response: NtChallengeResponse to the server_challenge :return session_base_key: A session key calculated from the user password challenge """ nt_hash = comphash._ntowfv2(user_name, password, domain_name) temp = ComputeResponse._get_NTLMv2_temp(timestamp, client_challenge, target_info) nt_proof_str = hmac.new(nt_hash, (server_challenge + temp)).digest() response = nt_proof_str + temp session_base_key = hmac.new(nt_hash, nt_proof_str).digest() return response, session_base_key
def _get_LMv2_response(user_name, password, domain_name, server_challenge, client_challenge): """ [MS-NLMP] v28.0 2016-07-14 2.2.2.4 LMv2_RESPONSE The LMv2_RESPONSE structure defines the NTLM v2 authentication LmChallengeResponse in the AUTHENTICATE_MESSAGE. This response is used only when NTLM v2 authentication is configured. :param user_name: The user name of the user we are trying to authenticate with :param password: The password of the user we are trying to authenticate with :param domain_name: The domain name of the user account we are authenticated with :param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE :param client_challenge: A random 8-byte response generated by the client for the AUTHENTICATE_MESSAGE :return response: LmChallengeResponse to the server challenge """ nt_hash = comphash._ntowfv2(user_name, password, domain_name) lm_hash = hmac.new(nt_hash, (server_challenge + client_challenge)).digest() response = lm_hash + client_challenge return response
def test_ntowfv2(self): # 4.2.4.1.1 - NTOWFv2() and LMOWFv2() expected = b"\x0c\x86\x8a\x40\x3b\xfd\x7a\x93" \ b"\xa3\x00\x1e\xf2\x2e\xf0\x2e\x3f" actual = compute_hash._ntowfv2("User", "Password", "Domain") assert actual == expected
def test_ntowfv2(self): expected = ntlmv2_ntowfv2 actual = comphash._ntowfv2(user_name, password, domain_name) assert actual == expected