def unknown_part(bin_str):
""
res = ''
res = res + 'Hex : %s\n' % ntlmutils.str2hex(bin_str, ' ')
res = res + 'String : %s\n' % ntlmutils.str2prn_str(bin_str, ' ')
res = res + 'Decimal: %s\n' % ntlmutils.str2dec(bin_str, ' ')
return res
def unknown_part(bin_str):
""
res = ''
res = res + 'Hex : %s\n' % ntlmutils.str2hex(bin_str, ' ')
res = res + 'String : %s\n' % ntlmutils.str2prn_str(bin_str, ' ')
res = res + 'Decimal: %s\n' % ntlmutils.str2dec(bin_str, ' ')
return res
def debug_message1(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 1 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (
m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20],
m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
res = res + '\nEnd of message 1 report.\n'
return res
def debug_message1(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 1 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20], m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
res = res + '\nEnd of message 1 report.\n'
return res
def debug_message3(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 3 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20], m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 48
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur_len = 8
res = res + 'LAN Manager response %d/%d\n' % (cur, cur_len)
lmr = item(m_[cur:cur+cur_len])
res = res + lmr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'NT response %d/%d\n' % (cur, cur_len)
ntr = item(m_[cur:cur+cur_len])
res = res + ntr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Domain string %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur+cur_len])
res = res + dom['string']
cur = cur + cur_len
cur_len = 8
res = res + 'User string %d/%d\n' % (cur, cur_len)
user = item(m_[cur:cur+cur_len])
res = res + user['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Host string %d/%d\n' % (cur, cur_len)
host = item(m_[cur:cur+cur_len])
res = res + host['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Unknow item record %d/%d\n' % (cur, cur_len)
unknown = item(m_[cur:cur+cur_len])
res = res + unknown['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1'] + user['len1'] + host['len1']
res = res + 'Domain, User, Host strings %d/%d\n%s\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2], ntlmutils.str2prn_str(m_[cur:cur + cur_len]))
cur_len = dom['len1']
res = res + '%s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'Domain name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur: (cur + cur_len)]))
cur = cur + cur_len
cur_len = user['len1']
res = res + '%s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'User name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur: (cur + cur_len)]))
cur = cur + cur_len
cur_len = host['len1']
res = res + '%s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'Host name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur: (cur + cur_len)]))
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = lmr['len1']
res = res + 'LAN Manager response %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = ntr['len1']
res = res + 'NT response %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
res = res + '\nEnd of message 3 report.\n'
return res
def debug_message2(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 2 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20], m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur_len = 8
res = res + 'Domain ??? %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur+cur_len])
res = res + dom['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'NONCE %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['offset'] - cur
res = res + 'Unknown data %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1']
res = res + 'Domain ??? %d/%d:\n' % (cur, cur_len)
res = res + 'Hex: %s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'String: %s\n\n' % ntlmutils.str2prn_str(m_[cur : cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
res = res + '\nEnd of message 2 report.\n'
return res
def debug_message3(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 3 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (
m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20],
m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 48
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur_len = 8
res = res + 'LAN Manager response %d/%d\n' % (cur, cur_len)
lmr = item(m_[cur:cur + cur_len])
res = res + lmr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'NT response %d/%d\n' % (cur, cur_len)
ntr = item(m_[cur:cur + cur_len])
res = res + ntr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Domain string %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur + cur_len])
res = res + dom['string']
cur = cur + cur_len
cur_len = 8
res = res + 'User string %d/%d\n' % (cur, cur_len)
user = item(m_[cur:cur + cur_len])
res = res + user['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Host string %d/%d\n' % (cur, cur_len)
host = item(m_[cur:cur + cur_len])
res = res + host['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Unknow item record %d/%d\n' % (cur, cur_len)
unknown = item(m_[cur:cur + cur_len])
res = res + unknown['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1'] + user['len1'] + host['len1']
res = res + 'Domain, User, Host strings %d/%d\n%s\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2],
ntlmutils.str2prn_str(m_[cur:cur + cur_len]))
cur_len = dom['len1']
res = res + '%s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'Domain name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur:(cur + cur_len)]))
cur = cur + cur_len
cur_len = user['len1']
res = res + '%s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'User name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur:(cur + cur_len)]))
cur = cur + cur_len
cur_len = host['len1']
res = res + '%s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'Host name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur:(cur + cur_len)]))
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = lmr['len1']
res = res + 'LAN Manager response %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = ntr['len1']
res = res + 'NT response %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
res = res + '\nEnd of message 3 report.\n'
return res
def debug_message2(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 2 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (
m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20],
m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur_len = 8
res = res + 'Domain ??? %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur + cur_len])
res = res + dom['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'NONCE %d/%d\n%s\n\n' % (cur, cur_len,
m_hex[cur * 2:(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['offset'] - cur
res = res + 'Unknown data %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1']
res = res + 'Domain ??? %d/%d:\n' % (cur, cur_len)
res = res + 'Hex: %s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'String: %s\n\n' % ntlmutils.str2prn_str(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
res = res + '\nEnd of message 2 report.\n'
return res