def __init__(self, username = '', password = '', challenge = '', lmhash = '', nthash = '', flags = 0): Structure.__init__(self) self['session_key']='' self['user_name']=username.encode('utf-16le') self['domain_name']='' #"CLON".encode('utf-16le') self['host_name']='' #"BETS".encode('utf-16le') self['flags'] = ( #authResp['flags'] # we think (beto & gera) that his flags force a memory conten leakage when a windows 2000 answers using uninitializaed verifiers NTLMSSP_KEY_128 | NTLMSSP_KEY_EXCHANGE| # NTLMSSP_LM_KEY | NTLMSSP_NTLM_KEY | NTLMSSP_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_SIGN | NTLMSSP_SEAL | # NTLMSSP_TARGET | 0) # Here we do the stuff if username and ( lmhash != '' or nthash != ''): self['lanman'] = get_ntlmv1_response(lmhash, challenge) self['ntlm'] = get_ntlmv1_response(nthash, challenge) elif (username and password): lmhash = compute_lmhash(password) nthash = compute_nthash(password) self['lanman']=get_ntlmv1_response(lmhash, challenge) self['ntlm']=get_ntlmv1_response(nthash, challenge) # This is not used for LM_KEY nor NTLM_KEY else: self['lanman'] = '' self['ntlm'] = '' if not self['host_name']: self['host_name'] = 'NULL'.encode('utf-16le') # for NULL session there must be a hostname
def fromString(self,data): Structure.fromString(self,data) # [MS-NLMP] page 27 # Payload data can be present in any order within the Payload field, # with variable-length padding before or after the data domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[ domain_offset : domain_end ] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[ host_offset: host_end ] user_offset = self['user_offset'] user_end = self['user_len'] + user_offset self['user_name'] = data[ user_offset: user_end ] ntlm_offset = self['ntlm_offset'] ntlm_end = self['ntlm_len'] + ntlm_offset self['ntlm'] = data[ ntlm_offset : ntlm_end ] lanman_offset = self['lanman_offset'] lanman_end = self['lanman_len'] + lanman_offset self['lanman'] = data[ lanman_offset : lanman_end]
def __init__(self, data = None, alignment = 0): if len(data) >=16: if data[0:1] == b'\x24' or data[0:1] == b'\x34': self.structure = self.structureKDBM else: self.structure = self.structureKSSM Structure.__init__(self, data, alignment)
def __init__(self,data=None): Structure.__init__(self,data) if data is None: self['UserName'] = '' self['Password'] = '' self['Database'] = '' self['AtchDBFile'] = ''
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) if data is not None: # Process the MAP entries self.mapEntries = list() data = self['AttributeMaps'] for i in range(self['AttributesMapsSize']//len(VAULT_ATTRIBUTE_MAP_ENTRY())): entry = VAULT_ATTRIBUTE_MAP_ENTRY(data) self.mapEntries.append(entry) data = data[len(VAULT_ATTRIBUTE_MAP_ENTRY()):] self.attributesLen = list() for i in range(len(self.mapEntries)): if i > 0: self.attributesLen.append(self.mapEntries[i]['Offset']-self.mapEntries[i-1]['Offset']) self.attributesLen.append(len(self.rawData) - self.mapEntries[i]['Offset'] ) self.attributes = list() for i, entry in enumerate(self.mapEntries): attribute = VAULT_ATTRIBUTE(self.rawData[entry['Offset']:][:self.attributesLen[i]]) self.attributes.append(attribute) # Do we have remaining data? self['Data'] = self.rawData[self.mapEntries[-1]['Offset']+len(self.attributes[-1].getData()):]
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data: self.__array = ndrutils.NDRArray(data=self["Buffer"], itemClass=SHARE_INFO_1) self["Buffer"] = self.__array return
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is None: self["cname"] = "" self["username"] = "" self["cltype_name"] = "" self["transport"] = "" return
def __init__(self, data = None, alignment = 0): self.__ctx_items = [] Structure.__init__(self,data,alignment) if data is None: self['Pad'] = '' self['ctx_items'] = '' self['sec_trailer'] = '' self['auth_data'] = ''
def fromString(self, data): Structure.fromString(self,data) # Parse the ctx_items data = self['ctx_items'] for i in range(self['ctx_num']): item = CtxItemResult(data) self.__ctx_items.append(item) data = data[len(item):]
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) if data is None: self['cname'] = '' self['username'] = '' self['cltype_name'] = '' self['transport'] = '' return
def __init__(self, data = None, alignment = 0): if len(data) > 20: if data[16:][:6] == b'\x00'*6: self.structure += self.padding if unpack('<L',data[:4])[0] >= 100: self.structure += self.id100 if len(data[16:]) >= 9: self.structure += self.extended Structure.__init__(self, data, alignment)
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) if data is None: self['max_tfrag'] = 4280 self['max_rfrag'] = 4280 self['assoc_group'] = 0 self['ctx_num'] = 1 self['ctx_items'] = '' self.__ctx_items = []
def fromString(self,data): Structure.fromString(self,data) # Just in case there's more data after the TargetInfoFields self['TargetInfoFields'] = self['TargetInfoFields'][:self['TargetInfoFields_len']] # We gotta process the TargetInfoFields #if self['TargetInfoFields_len'] > 0: # av_pairs = AV_PAIRS(self['TargetInfoFields'][:self['TargetInfoFields_len']]) # self['TargetInfoFields'] = av_pairs return self
def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) self.attributes = 0 if data is not None: # Unpack the attributes remaining = self['Remaining'] self.attributes = list() for i in range(self['AttrCount']): attr = CREDENTIAL_ATTRIBUTE(remaining) self.attributes.append(attr) remaining = remaining[len(attr):]
def __init__(self, data = None, alignment = 0): Structure.__init__(self,data, alignment) if data is None: self['ver_major'] = 5 self['ver_minor'] = 0 self['flags'] = MSRPC_FIRSTFRAG | MSRPC_LASTFRAG self['type'] = MSRPC_REQUEST self.__frag_len_set = 0 self['auth_len'] = 0 self['pduData'] = '' self['auth_data'] = ''
def fromString(self, data): self.aces = [] Structure.fromString(self, data) for i in range(self['AceCount']): # If we don't have any data left, return if len(self['Data']) == 0: raise Exception, "ACL header indicated there are more ACLs to unpack, but there is no more data" ace = ACE(data=self['Data']) self.aces.append(ace) self['Data'] = self['Data'][ace['AceSize']:] self['Data'] = self.aces
def fromString(self, data): self.aces = [] Structure.fromString(self, data) for i in range(self['AceCount']): # If we don't have any data left, return if len(self['Data']) == 0: raise Exception( "ACL header indicated there are more ACLs to unpack, but there is no more data" ) ace = ACE(data=self['Data']) self.aces.append(ace) self['Data'] = self['Data'][ace['AceSize']:] self['Data'] = self.aces
def __init__(self, data=None, alignment=0): Structure.__init__(self, data, alignment) if data is None: self['ver_major'] = 5 self['ver_minor'] = 0 self['flags'] = MSRPC_FIRSTFRAG | MSRPC_LASTFRAG self['type'] = MSRPC_REQUEST self.__frag_len_set = 0 self['auth_len'] = 0 self['pduData'] = '' self['auth_data'] = '' self['sec_trailer'] = '' self['pad'] = ''
def __init__(self): Structure.__init__(self) self['flags'] = ( NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | # NTLMSSP_LM_KEY | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL | # NTLMSSP_TARGET | 0) self['host_name'] = '' self['domain_name'] = '' self['os_version'] = ''
def __init__(self, version, revision, pageSize=8192, data=None): if (version < 0x620) or (version == 0x620 and revision < 0x0b): # For sure the old format self.structure = self.structure_2003_SP0 + self.common elif version == 0x620 and revision < 0x11: # Exchange 2003 SP1 and Windows Vista and later self.structure = self.structure_0x620_0x0b + self.common else: # Windows 7 and later self.structure = self.structure_win7 + self.common if pageSize > 8192: self.structure += self.extended_win7 Structure.__init__(self, data)
def fromString(self, data): Structure.fromString(self,data) if self['PreviousPasswordOffset'] == 0: endData = self['QueryPasswordIntervalOffset'] else: endData = self['PreviousPasswordOffset'] self['CurrentPassword'] = self.rawData[self['CurrentPasswordOffset']:][:endData - self['CurrentPasswordOffset']] if self['PreviousPasswordOffset'] != 0: self['PreviousPassword'] = self.rawData[self['PreviousPasswordOffset']:][:self['QueryPasswordIntervalOffset']-self['PreviousPasswordOffset']] self['QueryPasswordInterval'] = self.rawData[self['QueryPasswordIntervalOffset']:][:self['UnchangedPasswordIntervalOffset']-self['QueryPasswordIntervalOffset']] self['UnchangedPasswordInterval'] = self.rawData[self['UnchangedPasswordIntervalOffset']:]
def __init__(self, version, revision, pageSize=8192, data=None): if (version < 0x620) or (version == 0x620 and revision < 0x0b): # For sure the old format self.structure = self.structure_2003_SP0 + self.common elif version == 0x620 and revision < 0x11: # Exchange 2003 SP1 and Windows Vista and later self.structure = self.structure_0x620_0x0b + self.common else: # Windows 7 and later self.structure = self.structure_win7 + self.common if pageSize > 8192: self.structure += self.extended_win7 Structure.__init__(self,data)
def fromString(self, data, offset=0): Structure.fromString(self, data) self['ConfigFileArray'] = self.rawData[self['ConfigFileOffset'] + offset:self['DataFileOffset'] + offset].decode('utf-16-le') self['DataFileArray'] = self.rawData[self['DataFileOffset'] + offset:self['DriverPathOffset'] + offset].decode('utf-16-le') self['DriverPathArray'] = self.rawData[ self['DriverPathOffset'] + offset:self['EnvironmentOffset'] + offset].decode('utf-16-le') self['EnvironmentArray'] = self.rawData[self['EnvironmentOffset'] + offset:self['NameOffset'] + offset].decode('utf-16-le')
def __init__(self): Structure.__init__(self) self['flags']= ( NTLMSSP_KEY_128 | NTLMSSP_KEY_EXCHANGE| # NTLMSSP_LM_KEY | NTLMSSP_NTLM_KEY | NTLMSSP_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_SIGN | NTLMSSP_SEAL | # NTLMSSP_TARGET | 0) self['host_name']='' self['domain_name']=''
def fromString(self,data): Structure.fromString(self,data) domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[ domain_offset : domain_end ] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[ host_offset : host_end ] if len(data) >= 36 and self.__hasNegotiateVersion(): self['os_version'] = VERSION(data[32:]) else: self['os_version'] = ''
def fromString(self,data): Structure.fromString(self,data) domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[ domain_offset : domain_end ] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[ host_offset : host_end ] hasOsInfo = self['flags'] & NTLMSSP_VERSION if len(data) >= 36 and hasOsInfo: self['os_version'] = data[32:40] else: self['os_version'] = ''
def __str__(self): index = 36+50 self['HostNameOffset']= index index += len(self['HostName']) if self['UserName'] != '': self['UserNameOffset'] = index else: self['UserNameOffset'] = 0 index += len(self['UserName']) if self['Password'] != '': self['PasswordOffset'] = index else: self['PasswordOffset'] = 0 index += len(self['Password']) self['AppNameOffset']= index self['ServerNameOffset']=self['AppNameOffset'] + len(self['AppName']) self['CltIntNameOffset']=self['ServerNameOffset'] + len(self['ServerName']) self['LanguageOffset']=self['CltIntNameOffset'] + len(self['CltIntName']) self['DatabaseOffset']=self['LanguageOffset'] self['SSPIOffset']=self['DatabaseOffset'] + len(self['Database']) self['AtchDBFileOffset']=self['SSPIOffset'] + len(self['SSPI']) return Structure.__str__(self)
def fromString(self, data): Structure.fromString(self, data) domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[domain_offset:domain_end] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[host_offset:host_end] hasOsInfo = self['flags'] & NTLMSSP_NEGOTIATE_VERSION if len(data) >= 36 and hasOsInfo: self['os_version'] = data[32:40] else: self['os_version'] = ''
def getData(self): # Set the correct flags if self['ObjectType'] != '': self['Flags'] |= self.ACE_OBJECT_TYPE_PRESENT if self['InheritedObjectType'] != '': self['Flags'] |= self.ACE_INHERITED_OBJECT_TYPE_PRESENT return Structure.getData(self)
def __init__(self): Structure.__init__(self) self['flags']= ( NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH| # NTLMSSP_LM_KEY | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL | # NTLMSSP_TARGET | 0) self['host_name']='' self['domain_name']='' self['os_version']=''
def getData(self): headerlen = 20 # Reconstruct the security descriptor # flags are currently not set automatically # TODO: do this? datalen = 0 if self['Sacl'] != '': self['OffsetSacl'] = headerlen + datalen datalen += len(self['Sacl'].getData()) else: self['OffsetSacl'] = 0 if self['Dacl'] != '': self['OffsetDacl'] = headerlen + datalen datalen += len(self['Dacl'].getData()) else: self['OffsetDacl'] = 0 if self['OwnerSid'] != '': self['OffsetOwner'] = headerlen + datalen datalen += len(self['OwnerSid'].getData()) else: self['OffsetOwner'] = 0 if self['GroupSid'] != '': self['OffsetGroup'] = headerlen + datalen datalen += len(self['GroupSid'].getData()) else: self['OffsetGroup'] = 0 return Structure.getData(self)
def __str__(self): index = 36 + 50 self['HostNameOffset'] = index index += len(self['HostName']) if self['UserName'] != '': self['UserNameOffset'] = index else: self['UserNameOffset'] = 0 index += len(self['UserName']) if self['Password'] != '': self['PasswordOffset'] = index else: self['PasswordOffset'] = 0 index += len(self['Password']) self['AppNameOffset'] = index self['ServerNameOffset'] = self['AppNameOffset'] + len(self['AppName']) self['CltIntNameOffset'] = self['ServerNameOffset'] + len( self['ServerName']) self['LanguageOffset'] = self['CltIntNameOffset'] + len( self['CltIntName']) self['DatabaseOffset'] = self['LanguageOffset'] self['SSPIOffset'] = self['DatabaseOffset'] + len(self['Database']) self['AtchDBFileOffset'] = self['SSPIOffset'] + len(self['SSPI']) return Structure.__str__(self)
def getData(self): self['domain_offset']=64+self.checkMIC(self["flags"])+self.checkVersion(self["flags"]) self['user_offset']=64+self.checkMIC(self["flags"])+self.checkVersion(self["flags"])+len(self['domain_name']) self['host_offset']=self['user_offset']+len(self['user_name']) self['lanman_offset']=self['host_offset']+len(self['host_name']) self['ntlm_offset']=self['lanman_offset']+len(self['lanman']) self['session_key_offset']=self['ntlm_offset']+len(self['ntlm']) return Structure.getData(self)
def getData(self): self['domain_offset']=64 self['user_offset']=64+len(self['domain_name']) self['host_offset']=self['user_offset']+len(self['user_name']) self['lanman_offset']=self['host_offset']+len(self['host_name']) self['ntlm_offset']=self['lanman_offset']+len(self['lanman']) self['session_key_offset']=self['ntlm_offset']+len(self['ntlm']) return Structure.getData(self)
def getData(self): self['domain_offset'] = 64 self['user_offset'] = 64 + len(self['domain_name']) self['host_offset'] = self['user_offset'] + len(self['user_name']) self['lanman_offset'] = self['host_offset'] + len(self['host_name']) self['ntlm_offset'] = self['lanman_offset'] + len(self['lanman']) self['session_key_offset'] = self['ntlm_offset'] + len(self['ntlm']) return Structure.getData(self)
def getData(self): packetType = self['PacketType'] self.commonHdr = () packetLen = len(Structure.getData(self)) output = '' while packetLen > 0: encodedByte = packetLen % 128 packetLen /= 128 if packetLen > 0: encodedByte |= 128 output += chr(encodedByte) self.commonHdr = ( ('PacketType','B=0'), ('MessageLength',':'), ) self['PacketType'] = packetType self['MessageLength'] = output if output == '': self['MessageLength'] = chr(00) return Structure.getData(self)
def getData(self): self['num_components'] = len(self.components) # We modify the data field to be able to use the # parent class parsing self['components'] = b''.join( [component.getData() for component in self.components]) self['restdata'] = self.restfields.getData() data = Structure.getData(self) return data
def getData(self): self['AceCount'] = len(self.aces) # We modify the data field to be able to use the # parent class parsing self['Data'] = b''.join([ace.getData() for ace in self.aces]) self['AclSize'] = len(self['Data'])+8 # Header size (8 bytes) is included data = Structure.getData(self) # Put the ACEs back in data self['Data'] = self.aces return data
def getData(self): self['AceCount'] = len(self.aces) # We modify the data field to be able to use the # parent class parsing self['Data'] = ''.join([ace.getData() for ace in self.aces]) self['AclSize'] = len(self['Data'])+8 # Header size (8 bytes) is included data = Structure.getData(self) # Put the ACEs back in data self['Data'] = self.aces return data
def getData(self): if RECALC_ACE_SIZE or 'AceSize' not in self.fields: self['AceSize'] = len(self['Ace'].getData())+4 # Header size (4 bytes) is included if self['AceSize'] % 4 != 0: # Make sure the alignment is correct self['AceSize'] += self['AceSize'] % 4 data = Structure.getData(self) # For some reason ACEs are sometimes longer than they need to be # we fill this space up with null bytes to make sure the object # we create is identical to the original object if len(data) < self['AceSize']: data += '\x00' * (self['AceSize'] - len(data)) return data
def __init__(self, username='', password='', challenge='', lmhash='', nthash='', flags=0): Structure.__init__(self) self['session_key'] = '' self['user_name'] = username.encode('utf-16le') self['domain_name'] = '' #"CLON".encode('utf-16le') self['host_name'] = '' #"BETS".encode('utf-16le') self['flags'] = ( #authResp['flags'] # we think (beto & gera) that his flags force a memory conten leakage when a windows 2000 answers using # uninitializaed verifiers NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | # NTLMSSP_LM_KEY | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_UNICODE | # NTLMSSP_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL | # NTLMSSP_TARGET | 0) # Here we do the stuff if username and (lmhash != '' or nthash != ''): self['lanman'] = get_ntlmv1_response(lmhash, challenge) self['ntlm'] = get_ntlmv1_response(nthash, challenge) elif username and password: lmhash = compute_lmhash(password) nthash = compute_nthash(password) self['lanman'] = get_ntlmv1_response(lmhash, challenge) self['ntlm'] = get_ntlmv1_response( nthash, challenge) # This is not used for LM_KEY nor NTLM_KEY else: self['lanman'] = '' self['ntlm'] = '' if not self['host_name']: self['host_name'] = 'NULL'.encode( 'utf-16le') # for NULL session there must be a hostname
def __init__(self, data): # Depending on the type of data we'll end up building a different struct dataType = unpack('<H', data[4:][:2])[0] self.structure = self.fixed if dataType == CATALOG_TYPE_TABLE: self.structure += self.other + self.table_stuff elif dataType == CATALOG_TYPE_COLUMN: self.structure += self.column_stuff elif dataType == CATALOG_TYPE_INDEX: self.structure += self.other + self.index_stuff elif dataType == CATALOG_TYPE_LONG_VALUE: self.structure += self.other + self.lv_stuff elif dataType == CATALOG_TYPE_CALLBACK: raise Exception('CallBack types not supported!') else: LOG.error('Unknown catalog type 0x%x' % dataType) self.structure = () Structure.__init__(self, data) self.structure += self.common Structure.__init__(self, data)
def __init__(self,data): # Depending on the type of data we'll end up building a different struct dataType = unpack('<H', data[4:][:2])[0] self.structure = self.fixed if dataType == CATALOG_TYPE_TABLE: self.structure += self.other + self.table_stuff elif dataType == CATALOG_TYPE_COLUMN: self.structure += self.column_stuff elif dataType == CATALOG_TYPE_INDEX: self.structure += self.other + self.index_stuff elif dataType == CATALOG_TYPE_LONG_VALUE: self.structure += self.other + self.lv_stuff elif dataType == CATALOG_TYPE_CALLBACK: raise Exception('CallBack types not supported!') else: LOG.error('Unknown catalog type 0x%x' % dataType) self.structure = () Structure.__init__(self,data) self.structure += self.common Structure.__init__(self,data)
def fromString(self, data): Structure.fromString(self, data) # All these fields are optional, if the offset is 0 they are empty # there are also flags indicating if they are present # TODO: parse those if it adds value if self['OffsetOwner'] != 0: self['OwnerSid'] = LDAP_SID(data=data[self['OffsetOwner']:]) else: self['OwnerSid'] = '' if self['OffsetGroup'] != 0: self['GroupSid'] = LDAP_SID(data=data[self['OffsetGroup']:]) else: self['GroupSid'] = '' if self['OffsetSacl'] != 0: self['Sacl'] = ACL(data=data[self['OffsetSacl']:]) else: self['Sacl'] = '' if self['OffsetDacl'] != 0: self['Dacl'] = ACL(data=data[self['OffsetDacl']:]) else: self['Sacl'] = ''
def getData(self): if len(self.fields['host_name']) > 0: self['flags'] |= NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED if len(self.fields['domain_name']) > 0: self['flags'] |= NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED version_len = len(self.fields['os_version']) if version_len > 0: self['flags'] |= NTLMSSP_NEGOTIATE_VERSION elif self.__hasNegotiateVersion(): raise Exception('Must provide the os_version field if the NTLMSSP_NEGOTIATE_VERSION flag is set') if (self['flags'] & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED) == NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED: self['host_offset']=32 + version_len if (self['flags'] & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED) == NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED: self['domain_offset']=32+len(self['host_name']) + version_len return Structure.getData(self)
def getData(self): if len(self.fields['host_name']) > 0: self['flags'] |= NTLMSSP_WORKSTATION if len(self.fields['domain_name']) > 0: self['flags'] |= NTLMSSP_DOMAIN if len(self.fields['os_version']) > 0: self['flags'] |= NTLMSSP_VERSION if (self['flags'] & NTLMSSP_VERSION) == NTLMSSP_VERSION: version_len = 8 else: version_len = 0 if (self['flags'] & NTLMSSP_WORKSTATION) == NTLMSSP_WORKSTATION: self['host_offset']=32 + version_len if (self['flags'] & NTLMSSP_DOMAIN) == NTLMSSP_DOMAIN: self['domain_offset']=32+len(self['host_name']) + version_len return Structure.getData(self)
def fromString(self, data): if data is not None and len(data) > 2: # Get the Length index = 1 multiplier = 1 value = 0 encodedByte = 128 packetType = data[0] while (encodedByte & 128) != 0: encodedByte = ord(data[index]) value += (encodedByte & 127) * multiplier multiplier *= 128 index += 1 if multiplier > 128 * 128 * 128: raise Exception('Malformed Remaining Length') data = packetType + struct.pack('<L', value) + data[index:value+index] return Structure.fromString(self, data) raise Exception('Dont know')
def __init__(self, flags=0, **kargs): if flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY: self.structure = self.extendedMessageSignature else: self.structure = self.MessageSignature return Structure.__init__(self, **kargs)
def getData(self): if self['TargetInfoFields'] is not None and type( self['TargetInfoFields']) is not str: raw_av_fields = self['TargetInfoFields'].getData() self['TargetInfoFields'] = raw_av_fields return Structure.getData(self)
def __init__(self, data=None): Structure.__init__(self, data=data)
def __init__(self, data=None): Structure.__init__(self, data) if data is None: self['AlignPad'] = ''
def getData(self): #self['AlignPad'] = '\x00' * ((8 - ((24 + SMB2_PACKET_SIZE) & 7)) & 7) #self['SecurityBufferOffset'] = 24 + SMB2_PACKET_SIZE +len(self['AlignPad']) #self['SecurityBufferLength'] += len(self['AlignPad']) return Structure.getData(self)
def __init__(self, data=None): Structure.__init__(self, data) if data is None: self['TreeID'] = 0