def unknown_part(bin_str):
""
res = ''
res = res + 'Hex : %s\n' % ntlmutils.str2hex(bin_str, ' ')
res = res + 'String : %s\n' % ntlmutils.str2prn_str(bin_str, ' ')
res = res + 'Decimal: %s\n' % ntlmutils.str2dec(bin_str, ' ')
return res
def unknown_part(bin_str):
""
res = ''
res = res + 'Hex : %s\n' % ntlmutils.str2hex(bin_str, ' ')
res = res + 'String : %s\n' % ntlmutils.str2prn_str(bin_str, ' ')
res = res + 'Decimal: %s\n' % ntlmutils.str2dec(bin_str, ' ')
return res
def item(item_str):
""
item = {}
res = ''
item['len1'] = ntlmutils.bytes2int(item_str[0:2])
item['len2'] = ntlmutils.bytes2int(item_str[2:4])
item['offset'] = ntlmutils.bytes2int(item_str[4:6])
res = res + '%s\n\nlength (two times), offset, delimiter\n' % (ntlmutils.str2hex(item_str))
res = res + '%s decimal: %3d # length 1\n' % (ntlmutils.int2hex_str(item['len1']), item['len1'])
res = res + '%s decimal: %3d # length 2\n' % (ntlmutils.int2hex_str(item['len2']), item['len2'])
res = res + '%s decimal: %3d # offset\n' % (ntlmutils.int2hex_str(item['offset']), item['offset'])
res = res + '%s # delimiter (two zeros)\n\n' % ntlmutils.str2hex(item_str[-2:])
item['string'] = res
return item
def item(item_str):
""
item = {}
res = ''
item['len1'] = ntlmutils.bytes2int(item_str[0:2])
item['len2'] = ntlmutils.bytes2int(item_str[2:4])
item['offset'] = ntlmutils.bytes2int(item_str[4:6])
res = res + '%s\n\nlength (two times), offset, delimiter\n' % (
ntlmutils.str2hex(item_str))
res = res + '%s decimal: %3d # length 1\n' % (ntlmutils.int2hex_str(
item['len1']), item['len1'])
res = res + '%s decimal: %3d # length 2\n' % (ntlmutils.int2hex_str(
item['len2']), item['len2'])
res = res + '%s decimal: %3d # offset\n' % (ntlmutils.int2hex_str(
item['offset']), item['offset'])
res = res + '%s # delimiter (two zeros)\n\n' % ntlmutils.str2hex(
item_str[-2:])
item['string'] = res
return item
def flags(flag_str):
""
res = ''
res = res + '%s\n\n' % ntlmutils.str2hex(flag_str)
flags = ntlmutils.bytes2int(flag_str[0:2])
res = res + '%s # flags\n' % (ntlmutils.int2hex_str(flags))
res = res + 'Binary:\nlayout 87654321 87654321\n'
res = res + ' %s %s\n' % (ntlmutils.byte2bin_str(flag_str[1]), ntlmutils.byte2bin_str(flag_str[0]))
flags2 = ntlmutils.bytes2int(flag_str[2:4])
res = res + '%s # more flags ???\n' % (ntlmutils.int2hex_str(flags2))
res = res + 'Binary:\nlayout 87654321 87654321\n'
res = res + ' %s %s\n' % (ntlmutils.byte2bin_str(flag_str[3]), ntlmutils.byte2bin_str(flag_str[2]))
#res = res + '%s # delimiter ???\n' % m_hex[(cur + 2) * 2: (cur + 4) * 2]
return res
def flags(flag_str):
""
res = ''
res = res + '%s\n\n' % ntlmutils.str2hex(flag_str)
flags = ntlmutils.bytes2int(flag_str[0:2])
res = res + '%s # flags\n' % (
ntlmutils.int2hex_str(flags))
res = res + 'Binary:\nlayout 87654321 87654321\n'
res = res + ' %s %s\n' % (ntlmutils.byte2bin_str(
flag_str[1]), ntlmutils.byte2bin_str(flag_str[0]))
flags2 = ntlmutils.bytes2int(flag_str[2:4])
res = res + '%s # more flags ???\n' % (
ntlmutils.int2hex_str(flags2))
res = res + 'Binary:\nlayout 87654321 87654321\n'
res = res + ' %s %s\n' % (ntlmutils.byte2bin_str(
flag_str[3]), ntlmutils.byte2bin_str(flag_str[2]))
#res = res + '%s # delimiter ???\n' % m_hex[(cur + 2) * 2: (cur + 4) * 2]
return res
def debug_message1(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 1 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (
m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20],
m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
res = res + '\nEnd of message 1 report.\n'
return res
def debug_message1(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 1 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20], m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
res = res + '\nEnd of message 1 report.\n'
return res
def debug_message3(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 3 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20], m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 48
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur_len = 8
res = res + 'LAN Manager response %d/%d\n' % (cur, cur_len)
lmr = item(m_[cur:cur+cur_len])
res = res + lmr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'NT response %d/%d\n' % (cur, cur_len)
ntr = item(m_[cur:cur+cur_len])
res = res + ntr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Domain string %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur+cur_len])
res = res + dom['string']
cur = cur + cur_len
cur_len = 8
res = res + 'User string %d/%d\n' % (cur, cur_len)
user = item(m_[cur:cur+cur_len])
res = res + user['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Host string %d/%d\n' % (cur, cur_len)
host = item(m_[cur:cur+cur_len])
res = res + host['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Unknow item record %d/%d\n' % (cur, cur_len)
unknown = item(m_[cur:cur+cur_len])
res = res + unknown['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1'] + user['len1'] + host['len1']
res = res + 'Domain, User, Host strings %d/%d\n%s\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2], ntlmutils.str2prn_str(m_[cur:cur + cur_len]))
cur_len = dom['len1']
res = res + '%s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'Domain name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur: (cur + cur_len)]))
cur = cur + cur_len
cur_len = user['len1']
res = res + '%s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'User name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur: (cur + cur_len)]))
cur = cur + cur_len
cur_len = host['len1']
res = res + '%s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'Host name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur: (cur + cur_len)]))
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = lmr['len1']
res = res + 'LAN Manager response %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = ntr['len1']
res = res + 'NT response %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
res = res + '\nEnd of message 3 report.\n'
return res
def debug_message2(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 2 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20], m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur_len = 8
res = res + 'Domain ??? %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur+cur_len])
res = res + dom['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'NONCE %d/%d\n%s\n\n' % (cur, cur_len, m_hex[cur * 2 :(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['offset'] - cur
res = res + 'Unknown data %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1']
res = res + 'Domain ??? %d/%d:\n' % (cur, cur_len)
res = res + 'Hex: %s\n' % m_hex[cur * 2: (cur + cur_len) * 2]
res = res + 'String: %s\n\n' % ntlmutils.str2prn_str(m_[cur : cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur: cur + cur_len])
res = res + '\nEnd of message 2 report.\n'
return res
def debug_message3(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 3 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (
m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20],
m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 48
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur_len = 8
res = res + 'LAN Manager response %d/%d\n' % (cur, cur_len)
lmr = item(m_[cur:cur + cur_len])
res = res + lmr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'NT response %d/%d\n' % (cur, cur_len)
ntr = item(m_[cur:cur + cur_len])
res = res + ntr['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Domain string %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur + cur_len])
res = res + dom['string']
cur = cur + cur_len
cur_len = 8
res = res + 'User string %d/%d\n' % (cur, cur_len)
user = item(m_[cur:cur + cur_len])
res = res + user['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Host string %d/%d\n' % (cur, cur_len)
host = item(m_[cur:cur + cur_len])
res = res + host['string']
cur = cur + cur_len
cur_len = 8
res = res + 'Unknow item record %d/%d\n' % (cur, cur_len)
unknown = item(m_[cur:cur + cur_len])
res = res + unknown['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1'] + user['len1'] + host['len1']
res = res + 'Domain, User, Host strings %d/%d\n%s\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2],
ntlmutils.str2prn_str(m_[cur:cur + cur_len]))
cur_len = dom['len1']
res = res + '%s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'Domain name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur:(cur + cur_len)]))
cur = cur + cur_len
cur_len = user['len1']
res = res + '%s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'User name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur:(cur + cur_len)]))
cur = cur + cur_len
cur_len = host['len1']
res = res + '%s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'Host name %d/%d:\n' % (cur, cur_len)
res = res + '%s\n\n' % (ntlmutils.str2prn_str(m_[cur:(cur + cur_len)]))
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = lmr['len1']
res = res + 'LAN Manager response %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = ntr['len1']
res = res + 'NT response %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
res = res + '\nEnd of message 3 report.\n'
return res
def debug_message2(msg):
""
m_ = base64.decodestring(msg)
m_hex = ntlmutils.str2hex(m_)
res = ''
res = res + '==============================================================\n'
res = res + 'NTLM Message 2 report:\n'
res = res + '---------------------------------\n'
res = res + 'Base64: %s\n' % msg
res = res + 'String: %s\n' % ntlmutils.str2prn_str(m_)
res = res + 'Hex: %s\n' % m_hex
cur = 0
res = res + '---------------------------------\n'
cur_len = 12
res = res + 'Header %d/%d:\n%s\n\n' % (cur, cur_len, m_hex[0:24])
res = res + '%s\nmethod name 0/8\n%s # C string\n\n' % (
m_hex[0:16], ntlmutils.str2prn_str(m_[0:8]))
res = res + '0x%s%s # message type\n' % (m_hex[18:20],
m_hex[16:18])
res = res + '%s # delimiter (zeros)\n' % m_hex[20:24]
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'Lengths and Positions %d/%d\n%s\n\n' % (
cur, cur_len, m_hex[cur * 2:(cur + cur_len) * 2])
cur_len = 8
res = res + 'Domain ??? %d/%d\n' % (cur, cur_len)
dom = item(m_[cur:cur + cur_len])
res = res + dom['string']
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 4
res = res + 'Flags %d/%d\n' % (cur, cur_len)
res = res + flags(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = 8
res = res + 'NONCE %d/%d\n%s\n\n' % (cur, cur_len,
m_hex[cur * 2:(cur + cur_len) * 2])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['offset'] - cur
res = res + 'Unknown data %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = dom['len1']
res = res + 'Domain ??? %d/%d:\n' % (cur, cur_len)
res = res + 'Hex: %s\n' % m_hex[cur * 2:(cur + cur_len) * 2]
res = res + 'String: %s\n\n' % ntlmutils.str2prn_str(m_[cur:cur + cur_len])
cur = cur + cur_len
res = res + '---------------------------------\n'
cur_len = len(m_) - cur
res = res + 'Rest of the message %d/%d:\n' % (cur, cur_len)
res = res + unknown_part(m_[cur:cur + cur_len])
res = res + '\nEnd of message 2 report.\n'
return res
