Esempio n. 1
0
def test_construct():
    flags = NegotiateFlags.NEGOTIATE_56|NegotiateFlags.NEGOTIATE_KEY_EXCH|NegotiateFlags.NEGOTIATE_128|\
      NegotiateFlags.NEGOTIATE_VERSION|\
      NegotiateFlags.NEGOTIATE_EXTENDED_SESSIONSECURITY|\
      NegotiateFlags.NEGOTIATE_ALWAYS_SIGN|NegotiateFlags.NEGOTIATE_NTLM|NegotiateFlags.NEGOTIATE_LM_KEY|\
      NegotiateFlags.NEGOTIATE_SIGN|NegotiateFlags.REQUEST_TARGET|NegotiateFlags.NTLM_NEGOTIATE_OEM|NegotiateFlags.NEGOTIATE_UNICODE|\
      NegotiateFlags.NEGOTIATE_OEM_WORKSTATION_SUPPLIED|NegotiateFlags.NEGOTIATE_OEM_DOMAIN_SUPPLIED
    nego = NTLMNegotiate.construct(flags,
                                   domainname="alma.com",
                                   workstationname="testjoe",
                                   version=Version.construct())
    nego.to_bytes()
    print(repr(nego))

    test_reconstrut(nego.to_bytes())

    flags = NegotiateFlags.NEGOTIATE_56|NegotiateFlags.NEGOTIATE_KEY_EXCH|NegotiateFlags.NEGOTIATE_128|\
      NegotiateFlags.NEGOTIATE_EXTENDED_SESSIONSECURITY|\
      NegotiateFlags.NEGOTIATE_ALWAYS_SIGN|NegotiateFlags.NEGOTIATE_NTLM|NegotiateFlags.NEGOTIATE_LM_KEY|\
      NegotiateFlags.NEGOTIATE_SIGN|NegotiateFlags.REQUEST_TARGET|NegotiateFlags.NTLM_NEGOTIATE_OEM|NegotiateFlags.NEGOTIATE_UNICODE|\
      NegotiateFlags.NEGOTIATE_OEM_WORKSTATION_SUPPLIED|NegotiateFlags.NEGOTIATE_OEM_DOMAIN_SUPPLIED
    nego = NTLMNegotiate.construct(flags,
                                   domainname="alma.com",
                                   workstationname="testjoe2")
    print(nego.to_bytes())
    print(repr(nego))

    test_reconstrut(nego.to_bytes())
Esempio n. 2
0
    def from_buffer(buff):
        t = NTLMChallenge()
        t.Signature = buff.read(8)
        t.MessageType = int.from_bytes(buff.read(4),
                                       byteorder='little',
                                       signed=False)
        t.TargetNameFields = Fields.from_buffer(buff)
        t.NegotiateFlags = NegotiateFlags(
            int.from_bytes(buff.read(4), byteorder='little', signed=False))
        t.ServerChallenge = buff.read(8)
        t.Reserved = buff.read(8)
        t.TargetInfoFields = Fields.from_buffer(buff)

        if t.NegotiateFlags & NegotiateFlags.NEGOTIATE_VERSION:
            t.Version = Version.from_buffer(buff)

        currPos = buff.tell()
        t.Payload = buff.read()

        if t.TargetNameFields.length != 0:
            buff.seek(t.TargetNameFields.offset, io.SEEK_SET)
            raw_data = buff.read(t.TargetNameFields.length)
            try:
                t.TargetName = raw_data.decode('utf-16le')
            except UnicodeDecodeError:
                # yet another cool bug.
                t.TargetName = raw_data.decode('utf-8')

        if t.TargetInfoFields.length != 0:
            buff.seek(t.TargetInfoFields.offset, io.SEEK_SET)
            raw_data = buff.read(t.TargetInfoFields.length)
            t.TargetInfo = AVPairs.from_bytes(raw_data)

        return t
Esempio n. 3
0
    def from_buffer(buff, _use_NTLMv2=True):
        auth = NTLMAuthenticate(_use_NTLMv2)
        auth.Signature = buff.read(8)
        auth.MessageType = int.from_bytes(buff.read(4),
                                          byteorder='little',
                                          signed=False)
        auth.LmChallengeResponseFields = Fields.from_buffer(buff)
        auth.NtChallengeResponseFields = Fields.from_buffer(buff)
        auth.DomainNameFields = Fields.from_buffer(buff)
        auth.UserNameFields = Fields.from_buffer(buff)
        auth.WorkstationFields = Fields.from_buffer(buff)
        auth.EncryptedRandomSessionKeyFields = Fields.from_buffer(buff)
        auth.NegotiateFlags = NegotiateFlags(
            int.from_bytes(buff.read(4), byteorder='little', signed=False))
        if auth.NegotiateFlags & NegotiateFlags.NEGOTIATE_VERSION:
            auth.Version = Version.from_buffer(buff)

        # TODO: I'm not sure about this condition!!! Need to test this!
        if auth.NegotiateFlags & NegotiateFlags.NEGOTIATE_ALWAYS_SIGN:
            auth.MIC = buff.read(16)

        currPos = buff.tell()
        auth.Payload = buff.read()

        if auth._use_NTLMv2 and auth.NtChallengeResponseFields.length > 24:
            buff.seek(auth.LmChallengeResponseFields.offset, io.SEEK_SET)
            auth.LMChallenge = LMv2Response.from_buffer(buff)

            buff.seek(auth.NtChallengeResponseFields.offset, io.SEEK_SET)
            auth.NTChallenge = NTLMv2Response.from_buffer(buff)

        else:
            buff.seek(auth.LmChallengeResponseFields.offset, io.SEEK_SET)
            auth.LMChallenge = LMResponse.from_buffer(buff)

            buff.seek(auth.NtChallengeResponseFields.offset, io.SEEK_SET)
            auth.NTChallenge = NTLMv1Response.from_buffer(buff)

        buff.seek(auth.DomainNameFields.offset, io.SEEK_SET)
        auth.DomainName = buff.read(
            auth.DomainNameFields.length).decode('utf-16le')

        buff.seek(auth.UserNameFields.offset, io.SEEK_SET)
        auth.UserName = buff.read(
            auth.UserNameFields.length).decode('utf-16le')

        buff.seek(auth.WorkstationFields.offset, io.SEEK_SET)
        auth.Workstation = buff.read(
            auth.WorkstationFields.length).decode('utf-16le')

        buff.seek(auth.EncryptedRandomSessionKeyFields.offset, io.SEEK_SET)
        auth.EncryptedRandomSession = buff.read(
            auth.EncryptedRandomSessionKeyFields.length)

        buff.seek(currPos, io.SEEK_SET)

        return auth
Esempio n. 4
0
    def from_buffer(buff):
        t = NTLMNegotiate()
        t.Signature = buff.read(8)
        t.MessageType = int.from_bytes(buff.read(4),
                                       byteorder='little',
                                       signed=False)
        t.NegotiateFlags = NegotiateFlags(
            int.from_bytes(buff.read(4), byteorder='little', signed=False))
        t.DomainNameFields = Fields.from_buffer(buff)
        t.WorkstationFields = Fields.from_buffer(buff)

        if t.NegotiateFlags & NegotiateFlags.NEGOTIATE_VERSION:
            t.Version = Version.from_buffer(buff)

        currPos = buff.tell()
        t.Payload = buff.read()

        #currPos = buff.tell()

        if t.DomainNameFields.length != 0:
            buff.seek(t.DomainNameFields.offset, io.SEEK_SET)
            raw_data = buff.read(t.WorkstationFields.length)
            #print(raw_data)
            #print(t.DomainNameFields.length)
            try:
                t.Domain = raw_data.decode('utf-16le')
            except UnicodeDecodeError:
                # yet another cool bug.
                t.Domain = raw_data.decode('utf-8')

        if t.WorkstationFields.length != 0:
            buff.seek(t.WorkstationFields.offset, io.SEEK_SET)
            raw_data = buff.read(t.WorkstationFields.length)
            try:
                t.Workstation = raw_data.decode('utf-16le')
            except UnicodeDecodeError:
                # yet another cool bug.
                t.Workstation = raw_data.decode('utf-8')

        #buff.seek(currPos, io.SEEK_SET)

        return t
Esempio n. 5
0
from msldap.authentication.ntlm.structures.fields import Fields
from msldap.authentication.ntlm.structures.negotiate_flags import NegotiateFlags
from msldap.authentication.ntlm.structures.version import Version
from msldap.authentication.ntlm.structures.avpair import AVPairs, AVPAIRType

NTLMServerTemplates = {
    "Windows2003": {
        'flags':
        NegotiateFlags.NEGOTIATE_56 | NegotiateFlags.NEGOTIATE_128
        | NegotiateFlags.NEGOTIATE_VERSION
        | NegotiateFlags.NEGOTIATE_TARGET_INFO
        | NegotiateFlags.NEGOTIATE_EXTENDED_SESSIONSECURITY
        | NegotiateFlags.TARGET_TYPE_DOMAIN | NegotiateFlags.NEGOTIATE_NTLM
        | NegotiateFlags.REQUEST_TARGET | NegotiateFlags.NEGOTIATE_UNICODE,
        'version':
        Version.from_bytes(b"\x05\x02\xce\x0e\x00\x00\x00\x0f"),
        'targetinfo':
        AVPairs({
            AVPAIRType.MsvAvNbDomainName: 'SMB',
            AVPAIRType.MsvAvNbComputerName: 'SMB-TOOLKIT',
            AVPAIRType.MsvAvDnsDomainName: 'smb.local',
            AVPAIRType.MsvAvDnsComputerName: 'server2003.smb.local',
            AVPAIRType.MsvAvDnsTreeName: 'smb.local',
        }),
        'targetname':
        'SMB',
    },
}
Esempio n. 6
0
from msldap.authentication.ntlm.structures.fields import Fields
from msldap.authentication.ntlm.structures.negotiate_flags import NegotiateFlags
from msldap.authentication.ntlm.structures.version import Version, WindowsMajorVersion, WindowsMinorVersion

# LDAP doesnt seem to support sign-only. either no seal nor sign nor always_sign OR include seal.
NTLMClientTemplates = {
    "Windows10_15063": {
        'flags':
        NegotiateFlags.NEGOTIATE_KEY_EXCH | NegotiateFlags.NEGOTIATE_128
        | NegotiateFlags.NEGOTIATE_VERSION
        | NegotiateFlags.NEGOTIATE_EXTENDED_SESSIONSECURITY
        | NegotiateFlags.NEGOTIATE_NTLM | NegotiateFlags.REQUEST_TARGET
        | NegotiateFlags.NEGOTIATE_UNICODE,
        'version':
        Version.construct(WindowsMajorVersion.WINDOWS_MAJOR_VERSION_10,
                          minor=WindowsMinorVersion.WINDOWS_MINOR_VERSION_0,
                          build=15063),
        'domain_name':
        None,
        'workstation_name':
        None,
        'ntlm_downgrade':
        False,
    },
    "Windows10_15063_channel": {
        'flags':
        NegotiateFlags.NEGOTIATE_KEY_EXCH | NegotiateFlags.NEGOTIATE_128
        | NegotiateFlags.NEGOTIATE_VERSION
        | NegotiateFlags.NEGOTIATE_EXTENDED_SESSIONSECURITY
        | NegotiateFlags.NEGOTIATE_ALWAYS_SIGN | NegotiateFlags.NEGOTIATE_NTLM
        | NegotiateFlags.NEGOTIATE_SIGN | NegotiateFlags.NEGOTIATE_SEAL