Esempio n. 1
0
class SMBWSNetNTLMAuth:
    def __init__(self, settings):
        self.settings = settings
        self.mode = None
        self.sspi = WSNETAuth()
        self.operator = None
        self.client = None
        self.target = None
        #self.ntlmChallenge = None
        self.iterations = 0

        self.session_key = None
        self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))

    def setup(self):
        return

    @property
    def ntlmChallenge(self):
        return self.ntlm_ctx.ntlmChallenge

    def get_sealkey(self, mode='Client'):
        return self.ntlm_ctx.get_sealkey(mode=mode)

    def get_signkey(self, mode='Client'):
        return self.ntlm_ctx.get_signkey(mode=mode)

    def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt,
             seqNum, cipher_encrypt):
        return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign,
                                  messageToEncrypt, seqNum, cipher_encrypt)

    def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
        return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)

    def get_session_key(self):
        return self.session_key

    def get_extra_info(self):
        return self.ntlm_ctx.get_extra_info()

    def is_extended_security(self):
        return self.ntlm_ctx.is_extended_security()

    async def authenticate(self,
                           authData=b'',
                           flags=None,
                           seq_number=0,
                           is_rpc=False):
        try:
            if is_rpc is True and flags is None:
                flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY | ISC_REQ.USE_SESSION_KEY | ISC_REQ.INTEGRITY | ISC_REQ.SEQUENCE_DETECT | ISC_REQ.CONNECTION
            elif flags is None:
                flags = ISC_REQ.CONNECTION

            if authData is None:
                status, ctxattr, data, err = await self.sspi.authenticate(
                    'NTLM', '', '', 3, flags.value, authdata=b'')
                if err is not None:
                    raise err
                self.iterations += 1
                self.ntlm_ctx.load_negotiate(data)
                return data, True, None
            else:
                self.ntlm_ctx.load_challenge(authData)
                status, ctxattr, data, err = await self.sspi.authenticate(
                    'NTLM', '', '', 3, flags.value, authdata=authData)
                if err is not None:
                    raise err
                if err is None:
                    self.ntlm_ctx.load_authenticate(data)
                    self.session_key, err = await self.sspi.get_sessionkey()
                    if err is not None:
                        raise err
                    self.ntlm_ctx.load_sessionkey(self.get_session_key())

                await self.sspi.disconnect()
                return data, False, None
        except Exception as e:
            return None, None, e
Esempio n. 2
0
class SMBNTLMMultiplexor:
    def __init__(self, settings):
        self.settings = settings
        self.mode = None  #'CLIENT'
        self.sspi = None
        self.operator = None
        self.client = None
        self.target = None
        #self.ntlmChallenge = None

        self.session_key = None
        self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))

    def setup(self):
        return

    @property
    def ntlmChallenge(self):
        return self.ntlm_ctx.ntlmChallenge

    def get_sealkey(self, mode='Client'):
        return self.ntlm_ctx.get_sealkey(mode=mode)

    def get_signkey(self, mode='Client'):
        return self.ntlm_ctx.get_signkey(mode=mode)

    def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt,
             seqNum, cipher_encrypt):
        return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign,
                                  messageToEncrypt, seqNum, cipher_encrypt)

    def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
        return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)

    def get_session_key(self):
        return self.session_key

    def get_extra_info(self):
        return self.ntlm_ctx.get_extra_info()

    def is_extended_security(self):
        return self.ntlm_ctx.is_extended_security()

    #async def encrypt(self, data, message_no):
    #	return self.sspi.encrypt(data, message_no)
    #
    #async def decrypt(self, data, message_no):
    #	return self.sspi.decrypt(data, message_no)

    async def authenticate(self,
                           authData=None,
                           flags=None,
                           seq_number=0,
                           is_rpc=False):
        if self.sspi is None:
            res, err = await self.start_remote_sspi()
            if err is not None:
                return None, None, err

        if is_rpc is True and flags is None:
            flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY | ISC_REQ.USE_SESSION_KEY | ISC_REQ.INTEGRITY | ISC_REQ.SEQUENCE_DETECT | ISC_REQ.CONNECTION
            flags = int(flags)

        if self.settings.mode == 'CLIENT':
            if authData is None:
                data, res = await self.sspi.authenticate(flags=flags)
                if res is None:
                    self.ntlm_ctx.load_negotiate(data)
                return data, res, None
            else:
                self.ntlm_ctx.load_challenge(authData)
                data, res = await self.sspi.challenge(authData, flags=flags)
                if res is None:
                    self.ntlm_ctx.load_authenticate(data)
                    self.session_key, res = await self.sspi.get_session_key()
                    if res is None:
                        self.ntlm_ctx.load_sessionkey(self.get_session_key())

                await self.sspi.disconnect()
                return data, res, None

        else:
            return None, None, Exception('Server mode not implemented!')

    async def start_remote_sspi(self):
        try:
            #print(self.settings.get_url())
            self.operator = MultiplexorOperator(self.settings.get_url(),
                                                logging_sink=logger)
            await self.operator.connect()
            #creating virtual sspi server
            server_info = await self.operator.start_sspi(self.settings.agent_id
                                                         )
            #print(server_info)

            sspi_url = 'ws://%s:%s' % (server_info['listen_ip'],
                                       server_info['listen_port'])

            #print(sspi_url)
            self.sspi = SSPINTLMClient(sspi_url)
            await self.sspi.connect()
            return True, None
        except Exception as e:
            import traceback
            traceback.print_exc()
            return None, e
Esempio n. 3
0
class SMBNTLMMPN:
    def __init__(self, settings):
        self.settings = settings
        self.operator = settings.operator
        self.agent_id = settings.agent_id
        self.mode = None  #'CLIENT'
        self.sspi = None
        self.operator = None
        self.client = None
        self.target = None
        #self.ntlmChallenge = None

        self.session_key = None
        self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))

    def setup(self):
        return

    @property
    def ntlmChallenge(self):
        return self.ntlm_ctx.ntlmChallenge

    def get_sealkey(self, mode='Client'):
        return self.ntlm_ctx.get_sealkey(mode=mode)

    def get_signkey(self, mode='Client'):
        return self.ntlm_ctx.get_signkey(mode=mode)

    def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt,
             seqNum, cipher_encrypt):
        return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign,
                                  messageToEncrypt, seqNum, cipher_encrypt)

    def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
        return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)

    def get_session_key(self):
        return self.session_key

    def get_extra_info(self):
        return self.ntlm_ctx.get_extra_info()

    def is_extended_security(self):
        return self.ntlm_ctx.is_extended_security()

    async def authenticate(self,
                           authData=None,
                           flags=None,
                           seq_number=0,
                           is_rpc=False):
        try:
            if self.operator is None:
                self.operator = MPNOPerator(self.settings.get_url())
                asyncio.create_task(self.operator.run())
                await asyncio.wait_for(self.operator.connected_evt.wait(),
                                       timeout=self.settings.timeout)
            if self.sspi is None:
                self.sspi, err = await self.operator.create_sspi(self.agent_id)
                if err is not None:
                    return None, None, err

            if is_rpc is True and flags is None:
                flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY | ISC_REQ.USE_SESSION_KEY | ISC_REQ.INTEGRITY | ISC_REQ.SEQUENCE_DETECT | ISC_REQ.CONNECTION
                flags = int(flags)

            if self.settings.mode == 'CLIENT':
                if authData is None:
                    ctx_attr, data, err = await self.sspi.ntlm_authenticate(
                        context_attributes=flags)
                    if err is not None:
                        raise err

                    self.ntlm_ctx.load_negotiate(data)
                    return data, err, err
                else:
                    self.ntlm_ctx.load_challenge(authData)
                    ctx_attr, data, err = await self.sspi.ntlm_challenge(
                        authData, context_attributes=flags)
                    if err is None:
                        self.ntlm_ctx.load_authenticate(data)
                        self.session_key, err = await self.sspi.get_sessionkey(
                        )
                        if err is None:
                            self.ntlm_ctx.load_sessionkey(
                                self.get_session_key())

                    await self.sspi.disconnect()
                    return data, err, err

            else:
                return None, None, Exception('Server mode not implemented!')
        except Exception as e:
            return None, None, e
Esempio n. 4
0
class SMBNTLMMultiplexor:
    def __init__(self, settings):
        self.settings = settings
        self.mode = None  #'CLIENT'
        self.sspi = None
        self.operator = None
        self.client = None
        self.target = None
        #self.ntlmChallenge = None

        self.session_key = None
        self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))

    def setup(self):
        return

    @property
    def ntlmChallenge(self):
        return self.ntlm_ctx.ntlmChallenge

    def get_sealkey(self, mode='Client'):
        return self.ntlm_ctx.get_sealkey(mode=mode)

    def get_signkey(self, mode='Client'):
        return self.ntlm_ctx.get_signkey(mode=mode)

    def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt,
             seqNum, cipher_encrypt):
        return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign,
                                  messageToEncrypt, seqNum, cipher_encrypt)

    def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
        return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)

    def get_session_key(self):
        return self.session_key

    def get_extra_info(self):
        return self.ntlm_ctx.get_extra_info()

    def is_extended_security(self):
        return self.ntlm_ctx.is_extended_security()

    #async def encrypt(self, data, message_no):
    #	return self.sspi.encrypt(data, message_no)
    #
    #async def decrypt(self, data, message_no):
    #	return self.sspi.decrypt(data, message_no)

    async def authenticate(self,
                           authData=None,
                           flags=None,
                           seq_number=0,
                           is_rpc=False):
        if self.sspi is None:
            await self.start_remote_sspi()

        if self.settings.mode == 'CLIENT':
            if authData is None:
                data, res = await self.sspi.authenticate(is_rpc=is_rpc)
                print('authenticate: %s' % data)
                if res is None:
                    self.ntlm_ctx.load_negotiate(data)
                return data, res
            else:
                self.ntlm_ctx.load_challenge(authData)
                data, res = await self.sspi.challenge(authData, is_rpc=is_rpc)
                print('challenge: %s' % data)
                if res is None:
                    self.ntlm_ctx.load_authenticate(data)
                    self.session_key, res = await self.sspi.get_session_key()
                    print('session_key: %s' % self.session_key)
                    if res is None:
                        self.ntlm_ctx.load_sessionkey(self.get_session_key())
                    else:
                        print(res)

                return data, res

        else:
            raise Exception('Server mode not implemented!')

    async def start_remote_sspi(self):
        try:
            print(self.settings.get_url())
            self.operator = MultiplexorOperator(self.settings.get_url())
            await self.operator.connect()
            #creating virtual sspi server
            server_info = await self.operator.start_sspi(self.settings.agent_id
                                                         )
            #print(server_info)

            sspi_url = 'ws://%s:%s' % (server_info['listen_ip'],
                                       server_info['listen_port'])

            #print(sspi_url)
            self.sspi = SSPINTLMClient(sspi_url)
            await self.sspi.connect()
        except Exception as e:
            import traceback
            traceback.print_exc()
            return None
Esempio n. 5
0
class SMBNTLMSSPI:
	def __init__(self, settings):
		self.settings = settings
		self.mode = None #'CLIENT'
		self.sspi = NTLMSMBSSPI()
		self.client = None
		self.target = None
		#self.ntlmChallenge = None
		
		self.session_key = None
		self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
		
		self.setup()
		
	@property
	def ntlmChallenge(self):
		return self.ntlm_ctx.ntlmChallenge
		
	def setup(self):
		self.mode = self.settings.mode.upper()
		self.client = self.settings.client
		self.password = self.settings.password
		
	def get_sealkey(self, mode = 'Client'):
		return self.ntlm_ctx.get_sealkey(mode = mode)
			
	def get_signkey(self, mode = 'Client'):
		return self.ntlm_ctx.get_signkey(mode = mode)
		
		
	def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt):
		return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt)
		
	def SIGN(self, signingKey, message, seqNum, cipher_encrypt):
		return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt)
	
	def get_session_key(self):
		if not self.session_key:
			self.session_key = self.sspi.get_session_key()
		
		return self.session_key
		
	def get_extra_info(self):
		return self.ntlm_ctx.get_extra_info()
		
	def is_extended_security(self):
		return self.ntlm_ctx.is_extended_security()
		
	async def encrypt(self, data, message_no):
		return self.sspi.encrypt(data, message_no)
		
	async def decrypt(self, data, message_no):
		return self.sspi.decrypt(data, message_no)
	
	async def authenticate(self, authData = None, flags = None, seq_number = 0, is_rpc = False):
		if self.mode == 'CLIENT':
			if authData is None:
				data, res = self.sspi.negotiate(is_rpc = is_rpc)
				self.ntlm_ctx.load_negotiate(data)
				return data, res
			else:
				self.ntlm_ctx.load_challenge( authData)
				data, res = self.sspi.authenticate(authData, is_rpc = is_rpc)
				self.ntlm_ctx.load_authenticate( data)
				self.ntlm_ctx.load_sessionkey(self.get_session_key())
				
				return data, res