Esempio n. 1
0
    def __init__(self, config):
        self.config = config
        self.MyHost = ""
        self.ListenPort = self.config["GENERAL"]["LISTEN_PORT"]
        self.sigLock = thread.allocate_lock()  # For locking in the sigHandler
        self.monLock = thread.allocate_lock()  # For keeping the monitor thread sane
        self.watchUpstream = 0

        # if found, convert hashed passwords from hex to string
        if self.config["NTLM_AUTH"]["LM_HASHED_PW"]:
            self.config["NTLM_AUTH"]["LM_HASHED_PW"] = utils.hex2str(self.config["NTLM_AUTH"]["LM_HASHED_PW"])
        if self.config["NTLM_AUTH"]["NT_HASHED_PW"]:
            self.config["NTLM_AUTH"]["NT_HASHED_PW"] = utils.hex2str(self.config["NTLM_AUTH"]["NT_HASHED_PW"])

        if not self.config["NTLM_AUTH"]["NTLM_TO_BASIC"]:
            if (self.config["NTLM_AUTH"]["LM_PART"] and not self.config["NTLM_AUTH"]["LM_HASHED_PW"]) or (
                self.config["NTLM_AUTH"]["NT_PART"] and not self.config["NTLM_AUTH"]["NT_HASHED_PW"]
            ):
                if not self.config["NTLM_AUTH"]["PASSWORD"]:
                    tries = 3
                    print "------------------------"
                    while tries and (not self.config["NTLM_AUTH"]["PASSWORD"]):
                        tries = tries - 1
                        self.config["NTLM_AUTH"]["PASSWORD"] = getpass.getpass("Your NT password to be used:")
                    if not self.config["NTLM_AUTH"]["PASSWORD"]:
                        print "Sorry. PASSWORD is required, bye."
                        sys.exit(1)
        else:
            # TODO: migrate this properly so placeholders aren't required
            self.config["NTLM_AUTH"]["USER"] = "******"
            self.config["NTLM_AUTH"]["PASSWORD"] = "******"

        # compute hashed passwords if necessary
        if self.config["NTLM_AUTH"]["LM_PART"] and not self.config["NTLM_AUTH"]["LM_HASHED_PW"]:
            self.config["NTLM_AUTH"]["LM_HASHED_PW"] = ntlm_procs.create_LM_hashed_password(
                self.config["NTLM_AUTH"]["PASSWORD"]
            )
        if self.config["NTLM_AUTH"]["NT_PART"] and not self.config["NTLM_AUTH"]["NT_HASHED_PW"]:
            self.config["NTLM_AUTH"]["NT_HASHED_PW"] = ntlm_procs.create_NT_hashed_password(
                self.config["NTLM_AUTH"]["PASSWORD"]
            )

        # if requested. compute and print out password hashes and exit
        if self.config["NTLM_AUTH"]["PRINT_PW_HASH_AND_EXIT"]:
            if self.config["NTLM_AUTH"]["LM_PART"]:
                print "LM_HASHED_PW:%s" % utils.str2hex(self.config["NTLM_AUTH"]["LM_HASHED_PW"])
            if self.config["NTLM_AUTH"]["NT_PART"]:
                print "NT_HASHED_PW:%s" % utils.str2hex(self.config["NTLM_AUTH"]["NT_HASHED_PW"])
            sys.exit(0)
Esempio n. 2
0
def create_message1(environment_dict):
    ""
    ed = environment_dict
    # overall lenght = 48 bytes
    protocol = 'NTLMSSP\000'    #name
    type = '\001\000'               #type 1
    zeros1 = '\000\000'

    flags = utils.hex2str(ed['FLAGS'])

    zeros2 = '\000\000\000\000\000\000\000\000\000'
    zeros3 = '\000\000\000\000\000\000\000\000\000\000\000'
    smthg1 = '0\000\000\000\000\000\000\000'    # something with chr(48) length?
    smthg2 = '0\000\000\000'                    # something with chr(48) lenght?

    msg1 = protocol + type + zeros1 + flags + zeros2 + zeros3 + smthg1 + smthg2
    msg1 = base64.encodestring(msg1)
    msg1 = string.replace(msg1, '\012', '')

    return msg1
Esempio n. 3
0
def create_message1(environment_dict):
    ""
    ed = environment_dict
    # overall lenght = 48 bytes
    protocol = 'NTLMSSP\000'  #name
    type = '\001\000'  #type 1
    zeros1 = '\000\000'

    flags = utils.hex2str(ed['FLAGS'])

    zeros2 = '\000\000\000\000\000\000\000\000\000'
    zeros3 = '\000\000\000\000\000\000\000\000\000\000\000'
    smthg1 = '0\000\000\000\000\000\000\000'  # something with chr(48) length?
    smthg2 = '0\000\000\000'  # something with chr(48) lenght?

    msg1 = protocol + type + zeros1 + flags + zeros2 + zeros3 + smthg1 + smthg2
    msg1 = base64.encodestring(msg1)
    msg1 = string.replace(msg1, '\012', '')

    return msg1
Esempio n. 4
0
def create_message3(nonce, environment_dict):
    ""
    ed = environment_dict

    flags = utils.hex2str(ed['FLAGS'])

    protocol = 'NTLMSSP\000'            #name
    type = '\003\000'                   #type 3
    head = protocol + type + '\000\000'

    domain_rec = record(ed['DOMAIN'])
    user_rec = record(ed['USER'])
    host_rec = record(ed['HOST'])

    additional_rec = record('')

    if ed['LM']:
        lm_rec = record(ntlm_procs.calc_resp(ed['LM_HASHED_PW'], nonce))
    else:
        lm_rec = record('')

    if ed['NT']:
        nt_rec = record(ntlm_procs.calc_resp(ed['NT_HASHED_PW'], nonce))
    else:
        nt_rec = record('')

    # length of the head and five infos for LM, NT, Domain, User, Host
    domain_offset = len(head) + 5 * 8

    # and unknown record info and flags' lenght
    if ed['NTLM_MODE'] == 0:
        domain_offset = domain_offset + 8 + len(flags)

    # create info fields
    domain_rec.create_record_info(domain_offset)
    user_rec.create_record_info(domain_rec.next_offset)
    host_rec.create_record_info(user_rec.next_offset)
    lm_rec.create_record_info(host_rec.next_offset)
    nt_rec.create_record_info(lm_rec.next_offset)
    additional_rec.create_record_info(nt_rec.next_offset)

    # data part of the message 3
    data_part = domain_rec.data + user_rec.data + host_rec.data + lm_rec.data + nt_rec.data

    # build message 3
    m3 = head + lm_rec.record_info + nt_rec.record_info + domain_rec.record_info + \
         user_rec.record_info + host_rec.record_info

    # Experimental feature !!!
    if ed['NTLM_MODE'] == 0:
        m3 = m3 + additional_rec.record_info + flags

    m3 = m3 + data_part

    # Experimental feature !!!
    if ed['NTLM_MODE'] == 0:
        m3 = m3 + additional_rec.data

    # base64 encode
    m3 = base64.encodestring(m3)
    m3 = string.replace(m3, '\012', '')

    return m3
Esempio n. 5
0
def create_message3(nonce, environment_dict):
    ""
    ed = environment_dict

    flags = utils.hex2str(ed['FLAGS'])

    protocol = 'NTLMSSP\000'  #name
    type = '\003\000'  #type 3
    head = protocol + type + '\000\000'

    domain_rec = record(ed['DOMAIN'])
    user_rec = record(ed['USER'])
    host_rec = record(ed['HOST'])

    additional_rec = record('')

    if ed['LM']:
        lm_rec = record(ntlm_procs.calc_resp(ed['LM_HASHED_PW'], nonce))
    else:
        lm_rec = record('')

    if ed['NT']:
        nt_rec = record(ntlm_procs.calc_resp(ed['NT_HASHED_PW'], nonce))
    else:
        nt_rec = record('')

    # length of the head and five infos for LM, NT, Domain, User, Host
    domain_offset = len(head) + 5 * 8

    # and unknown record info and flags' lenght
    if ed['NTLM_MODE'] == 0:
        domain_offset = domain_offset + 8 + len(flags)

    # create info fields
    domain_rec.create_record_info(domain_offset)
    user_rec.create_record_info(domain_rec.next_offset)
    host_rec.create_record_info(user_rec.next_offset)
    lm_rec.create_record_info(host_rec.next_offset)
    nt_rec.create_record_info(lm_rec.next_offset)
    additional_rec.create_record_info(nt_rec.next_offset)

    # data part of the message 3
    data_part = domain_rec.data + user_rec.data + host_rec.data + lm_rec.data + nt_rec.data

    # build message 3
    m3 = head + lm_rec.record_info + nt_rec.record_info + domain_rec.record_info + \
         user_rec.record_info + host_rec.record_info

    # Experimental feature !!!
    if ed['NTLM_MODE'] == 0:
        m3 = m3 + additional_rec.record_info + flags

    m3 = m3 + data_part

    # Experimental feature !!!
    if ed['NTLM_MODE'] == 0:
        m3 = m3 + additional_rec.data

    # base64 encode
    m3 = base64.encodestring(m3)
    m3 = string.replace(m3, '\012', '')

    return m3