def from_string(self, data):
Structure.from_string(self, data)
if self['flags'] & NegotiateFlag.NTLMSSP_TARGET:
target_name_offset = self['target_name_offset']
target_name_end = self['target_name_len'] + target_name_offset
target_name = data[target_name_offset:target_name_end]
else:
target_name = ''
if self['flags'] & NegotiateFlag.NTLMSSP_VERSION:
version = data[48:56]
else:
version = ''
if self['flags'] & NegotiateFlag.NTLMSSP_TARGET_INFO:
target_info_fields_len = struct.unpack('<H', data[40:42])[0]
target_info_fields_offset = struct.unpack('<L', data[44:48])[0]
target_info_fields_end = target_info_fields_offset + target_info_fields_len
target_info = TargetInfo(
data[target_info_fields_offset:target_info_fields_end])
else:
target_info = None
self['target_name'] = target_name
self['os_version'] = version
self['target_info_fields'] = target_info
return self
def from_string(self, data):
Structure.from_string(self, data)
# [MS-NLMP] page 27
# Payload data can be present in any order within the Payload field,
# with variable-length padding before or after the data
domain_offset = self['domain_offset']
domain_end = self['domain_len'] + domain_offset
self['domain_name'] = data[domain_offset:domain_end]
host_offset = self['host_offset']
host_end = self['host_len'] + host_offset
self['host_name'] = data[host_offset:host_end]
user_offset = self['user_offset']
user_end = self['user_len'] + user_offset
self['user_name'] = data[user_offset:user_end]
ntlm_offset = self['ntlm_offset']
ntlm_end = self['ntlm_len'] + ntlm_offset
self['ntlm'] = data[ntlm_offset:ntlm_end]
lanman_offset = self['lanman_offset']
lanman_end = self['lanman_len'] + lanman_offset
self['lanman'] = data[lanman_offset:lanman_end]
def __init__(self):
Structure.__init__(self)
self['initiator_addtype'] = 0
self['initiator_address_len'] = 0
self['acceptor_addrtype'] = 0
self['acceptor_address_len'] = 0
self['application_data_len'] = 0
self['initiator_address'] = ''
self['acceptor_address'] = ''
self['application_data'] = ''
def from_string(self, data):
Structure.from_string(self, data)
# Just in case there's more data after the TargetInfoFields
# self['TargetInfoFields'] = self['TargetInfoFields'][:self['TargetInfoFields_len']]
# We gotta process the TargetInfoFields
#if self['TargetInfoFields_len'] > 0:
# av_pairs = AV_PAIRS(self['TargetInfoFields'][:self['TargetInfoFields_len']])
# self['TargetInfoFields'] = av_pairs
return self
def __init__(self,
flags=NegotiateFlag.NTLMSSP_NTLM_KEY,
domain='',
host=''):
"""
Initializes a new NTLM Type 1 Message. This implementation always requires UNICODE. Users should avoid setting
the legacy OEM and LM_KEY Flags unless they provide an implementation.
"""
Structure.__init__(self)
flags |= NegotiateFlag.NTLMSSP_UNICODE
self['flags'] = flags
self['domain_name'] = domain
self['host_name'] = host
self['os_version'] = b''
def __init__(self,
flags,
lm_response,
nt_response,
domain,
username,
session_key=None,
host_name=None):
Structure.__init__(self)
self['flags'] = flags
self['lanman'] = lm_response
self['ntlm'] = nt_response
self['domain_name'] = domain.encode('utf-16le')
self['user_name'] = username.encode('utf-16le')
self['host_name'] = b''
self['version'] = b''
self['mic'] = b''
self['session_key'] = session_key
def get_data(self):
if len(self.fields['os_version']) > 0:
self['flags'] |= NegotiateFlag.NTLMSSP_VERSION
if (self['flags'] & NegotiateFlag.NTLMSSP_VERSION
) == NegotiateFlag.NTLMSSP_VERSION:
version_len = 8
else:
version_len = 0
if self['target_info_fields'] is not None and type(
self['target_info_fields']) is not str:
raw_av_fields = self['target_info_fields'].getData()
self['target_info_fields'] = raw_av_fields
return Structure.get_data(self)
def get_data(self):
if len(self.fields['host_name']) > 0:
self['flags'] |= NegotiateFlag.NTLMSSP_WORKSTATION
if len(self.fields['domain_name']) > 0:
self['flags'] |= NegotiateFlag.NTLMSSP_DOMAIN
#if len(self.fields['os_version']) > 0:
# self['flags'] |= NegotiateFlag.NTLMSSP_VERSION
#if (self['flags'] & NegotiateFlag.NTLMSSP_VERSION) == NegotiateFlag.NTLMSSP_VERSION:
# version_len = 8
#else:
# version_len = 0
self['domain_offset'] = 64 + len(self['mic']) + len(self['version'])
self['user_offset'] = self['domain_offset'] + len(self['domain_name'])
self['host_offset'] = self['user_offset'] + len(self['user_name'])
self['lanman_offset'] = self['host_offset'] + len(self['host_name'])
self['ntlm_offset'] = self['lanman_offset'] + len(self['lanman'])
self['session_key_offset'] = self['ntlm_offset'] + len(self['ntlm'])
return Structure.get_data(self)
def get_data(self):
if len(self.fields['domain_name']) > 0:
self['flags'] |= NegotiateFlag.NTLMSSP_DOMAIN
if len(self.fields['host_name']) > 0:
self['flags'] |= NegotiateFlag.NTLMSSP_WORKSTATION
if len(self.fields['os_version']) > 0:
self['flags'] |= NegotiateFlag.NTLMSSP_VERSION
if (self['flags'] & NegotiateFlag.NTLMSSP_VERSION
) == NegotiateFlag.NTLMSSP_VERSION:
version_len = 8
else:
version_len = 0
if (self['flags'] & NegotiateFlag.NTLMSSP_WORKSTATION
) == NegotiateFlag.NTLMSSP_WORKSTATION:
self['domain_offset'] = 32 + version_len
if (self['flags'] &
NegotiateFlag.NTLMSSP_DOMAIN) == NegotiateFlag.NTLMSSP_DOMAIN:
self['host_offset'] = 32 + len(self['domain_name']) + version_len
return Structure.get_data(self)
def from_string(self, data):
Structure.__init__(self)
self['random'] = data[4:8]
self['checksum'] = data[8:12]
self['sequence'] = data[12:16]
def __init__(self):
Structure.__init__(self)
def __init__(self):
Structure.__init__(self)
self['os_version'] = ''