コード例 #1
0
ファイル: lic.py プロジェクト: rafaeldrs/Darkbyte
 def sendClientNewLicenseRequest(self, licenseRequest):
     """
     @summary: Create new license request in response to server license request
     @param licenseRequest: {ServerLicenseRequest}
     @see: http://msdn.microsoft.com/en-us/library/cc241989.aspx
     @see: http://msdn.microsoft.com/en-us/library/cc241918.aspx
     """
     #get server information
     serverRandom = licenseRequest.serverRandom.value
     if self._transport.getGCCServerSettings().SC_SECURITY.serverCertificate._is_readed:
         serverCertificate = self._transport.getGCCServerSettings().SC_SECURITY.serverCertificate
     else:
         s = Stream(licenseRequest.serverCertificate.blobData.value)
         serverCertificate = gcc.ServerCertificate()
         s.readType(serverCertificate)
     
     #generate crypto values
     clientRandom = rsa.random(256)
     preMasterSecret = rsa.random(384)
     masterSecret = sec.masterSecret(preMasterSecret, clientRandom, serverRandom)
     sessionKeyBlob = sec.masterSecret(masterSecret, serverRandom, clientRandom)
     self._macSalt = sessionKeyBlob[:16]
     self._licenseKey = sec.finalHash(sessionKeyBlob[16:32], clientRandom, serverRandom)
     
     #format message
     message = ClientNewLicenseRequest()
     message.clientRandom.value = clientRandom
     message.encryptedPreMasterSecret.blobData.value = rsa.encrypt(preMasterSecret[::-1], serverCertificate.certData.getPublicKey())[::-1] + "\x00" * 8
     message.ClientMachineName.blobData.value = self._hostname + "\x00"
     message.ClientUserName.blobData.value = self._username + "\x00"
     self._transport.sendFlagged(sec.SecurityFlag.SEC_LICENSE_PKT, LicPacket(message))
コード例 #2
0
ファイル: ntlm.py プロジェクト: robinisbatmanforever/rdpy
    def getAuthenticateMessage(self, challenge, authMessage):
        """
        @summary: Client last handshake message
        @param s: {Stream} challenge message stream
        @return: {(AuthenticateMessage, NTLMv2SecurityInterface)} Last handshake message and security interface use to encrypt
        @see: https://msdn.microsoft.com/en-us/library/cc236676.aspx
        """
        self._challengeMessage = ChallengeMessage()
        challenge.readType(self._challengeMessage)

        ServerChallenge = self._challengeMessage.ServerChallenge.value
        ClientChallenge = random(64)

        computeMIC = False
        ServerName = self._challengeMessage.getTargetInfo()
        infos = self._challengeMessage.getTargetInfoAsAvPairArray()
        if infos.has_key(AvId.MsvAvTimestamp):
            Timestamp = infos[AvId.MsvAvTimestamp]
            computeMIC = False
        else:
            Timestamp = CurrentFileTimes()

        NtChallengeResponse, LmChallengeResponse, SessionBaseKey = ComputeResponsev2(
            self._ResponseKeyNT, self._ResponseKeyLM, ServerChallenge,
            ClientChallenge, Timestamp, ServerName)
        KeyExchangeKey = KXKEYv2(SessionBaseKey, LmChallengeResponse,
                                 ServerChallenge)
        ExportedSessionKey = random(128)
        EncryptedRandomSessionKey = RC4K(KeyExchangeKey, ExportedSessionKey)

        domain, user = self._domain, self._user
        if self._challengeMessage.NegotiateFlags.value & Negotiate.NTLMSSP_NEGOTIATE_UNICODE:
            self._enableUnicode = True
            domain, user = UNICODE(domain), UNICODE(user)
        self._authenticateMessage = AuthenticateMessage()
        ss = Stream(type.String(authMessage))
        self._authenticateMessage.read(ss)

        if computeMIC:
            self._authenticateMessage.MIC.value = MIC(
                ExportedSessionKey, self._negotiateMessage,
                self._challengeMessage, self._authenticateMessage)
        else:
            self._authenticateMessage.MIC._conditional = lambda: False

        ClientSigningKey = SIGNKEY(ExportedSessionKey, True)
        ServerSigningKey = SIGNKEY(ExportedSessionKey, False)
        ClientSealingKey = SEALKEY(ExportedSessionKey, True)
        ServerSealingKey = SEALKEY(ExportedSessionKey, False)

        interface = NTLMv2SecurityInterface(rc4.RC4Key(ClientSealingKey),
                                            rc4.RC4Key(ServerSealingKey),
                                            ClientSigningKey, ServerSigningKey)

        return self._authenticateMessage, interface
コード例 #3
0
ファイル: sec.py プロジェクト: nolteg/rdpy
    def sendClientRandom(self):
        """
        @summary: generate and send client random and init session keys 
        """
        #generate client random
        clientRandom = rsa.random(256)
        self._macKey, self._initialDecrytKey, self._initialEncryptKey = generateKeys(
            clientRandom,
            self.getGCCServerSettings().SC_SECURITY.serverRandom.value,
            self.getGCCServerSettings().SC_SECURITY.encryptionMethod.value)
        #initialize keys
        self._currentDecrytKey = self._initialDecrytKey
        self._currentEncryptKey = self._initialEncryptKey
        self._decryptRc4 = rc4.RC4Key(self._currentDecrytKey)
        self._encryptRc4 = rc4.RC4Key(self._currentEncryptKey)

        #verify certificate
        if not self.getGCCServerSettings(
        ).SC_SECURITY.serverCertificate.certData.verify():
            log.warning("cannot verify server identity")
        #send client random encrypted with
        serverPublicKey = self.getGCCServerSettings(
        ).SC_SECURITY.serverCertificate.certData.getPublicKey()
        message = ClientSecurityExchangePDU()
        #reverse because bignum in little endian
        message.encryptedClientRandom.value = rsa.encrypt(
            clientRandom[::-1], serverPublicKey)[::-1]
        self.sendFlagged(SecurityFlag.SEC_EXCHANGE_PKT, message)
コード例 #4
0
ファイル: ntlm.py プロジェクト: ChrisTruncer/rdpy
 def getAuthenticateMessage(self, s):
     """
     @summary: Client last handshake message
     @param s: {Stream} challenge message stream
     @return: {(AuthenticateMessage, NTLMv2SecurityInterface)} Last handshake message and security interface use to encrypt
     @see: https://msdn.microsoft.com/en-us/library/cc236676.aspx
     """
     self._challengeMessage = ChallengeMessage()
     s.readType(self._challengeMessage)
     
     ServerChallenge = self._challengeMessage.ServerChallenge.value
     ClientChallenge = random(64)
     
     computeMIC = False
     ServerName = self._challengeMessage.getTargetInfo()
     infos = self._challengeMessage.getTargetInfoAsAvPairArray()
     if infos.has_key(AvId.MsvAvTimestamp):
         Timestamp = infos[AvId.MsvAvTimestamp]
         computeMIC = True
     else:
         Timestamp = CurrentFileTimes()
 
     
     NtChallengeResponse, LmChallengeResponse, SessionBaseKey = ComputeResponsev2(self._ResponseKeyNT, self._ResponseKeyLM, ServerChallenge, ClientChallenge, Timestamp, ServerName)
     KeyExchangeKey = KXKEYv2(SessionBaseKey, LmChallengeResponse, ServerChallenge)
     ExportedSessionKey = random(128)
     EncryptedRandomSessionKey = RC4K(KeyExchangeKey, ExportedSessionKey)
     
     domain, user = self._domain, self._user
     if self._challengeMessage.NegotiateFlags.value & Negotiate.NTLMSSP_NEGOTIATE_UNICODE:
         self._enableUnicode = True
         domain, user = UNICODE(domain), UNICODE(user)
     self._authenticateMessage = createAuthenticationMessage(self._challengeMessage.NegotiateFlags.value, domain, user, NtChallengeResponse, LmChallengeResponse, EncryptedRandomSessionKey, "")
     
     if computeMIC:
         self._authenticateMessage.MIC.value = MIC(ExportedSessionKey, self._negotiateMessage, self._challengeMessage, self._authenticateMessage)
     else:
         self._authenticateMessage.MIC._conditional = lambda:False
     
     ClientSigningKey = SIGNKEY(ExportedSessionKey, True)
     ServerSigningKey = SIGNKEY(ExportedSessionKey, False)
     ClientSealingKey = SEALKEY(ExportedSessionKey, True)
     ServerSealingKey = SEALKEY(ExportedSessionKey, False)
     
     interface = NTLMv2SecurityInterface(rc4.RC4Key(ClientSealingKey), rc4.RC4Key(ServerSealingKey), ClientSigningKey, ServerSigningKey)
     
     return self._authenticateMessage, interface
コード例 #5
0
ファイル: mcs.py プロジェクト: ChrisTruncer/rdpy
 def connect(self):
     """
     @summary: Connect message for server automata
     Wait Connect Initial
     """
     #basic rdp security layer
     if self._transport._selectedProtocol == 0:
         
         self._serverSettings.SC_SECURITY.encryptionMethod.value = gcc.EncryptionMethod.ENCRYPTION_FLAG_128BIT
         self._serverSettings.SC_SECURITY.encryptionLevel.value = gcc.EncryptionLevel.ENCRYPTION_LEVEL_HIGH
         self._serverSettings.SC_SECURITY.serverRandom.value = rsa.random(256)
         self._serverSettings.SC_SECURITY.serverCertificate = self._presentation.getCertificate()
         
     self._serverSettings.SC_CORE.clientRequestedProtocol.value = self._transport._requestedProtocol
     self.setNextState(self.recvConnectInitial)
コード例 #6
0
ファイル: mcs.py プロジェクト: zha0/rdpy
 def connect(self):
     """
     @summary: Connect message for server automata
     Wait Connect Initial
     """
     #basic rdp security layer
     if self._transport._selectedProtocol == 0:
         
         self._serverSettings.SC_SECURITY.encryptionMethod.value = gcc.EncryptionMethod.ENCRYPTION_FLAG_128BIT
         self._serverSettings.SC_SECURITY.encryptionLevel.value = gcc.EncryptionLevel.ENCRYPTION_LEVEL_HIGH
         self._serverSettings.SC_SECURITY.serverRandom.value = rsa.random(256)
         self._serverSettings.SC_SECURITY.serverCertificate = self._presentation.getCertificate()
         
     self._serverSettings.SC_CORE.clientRequestedProtocol.value = self._transport._requestedProtocol
     self.setNextState(self.recvConnectInitial)
コード例 #7
0
ファイル: sec.py プロジェクト: MUDASSARHASHMI/rdpy
 def sendClientRandom(self):
     """
     @summary: generate and send client random and init session keys 
     """
     #generate client random
     clientRandom = rsa.random(256)
     self._macKey, self._initialDecrytKey, self._initialEncryptKey = generateKeys(   clientRandom, 
                                                                                     self.getGCCServerSettings().SC_SECURITY.serverRandom.value, 
                                                                                     self.getGCCServerSettings().SC_SECURITY.encryptionMethod.value)
     #initialize keys
     self._currentDecrytKey = self._initialDecrytKey
     self._currentEncryptKey = self._initialEncryptKey
     self._decryptRc4 = rc4.RC4Key(self._currentDecrytKey)
     self._encryptRc4 = rc4.RC4Key(self._currentEncryptKey)
     
     #verify certificate
     if not self.getGCCServerSettings().SC_SECURITY.serverCertificate.certData.verify():
         log.warning("cannot verify server identity")
     #send client random encrypted with
     serverPublicKey = self.getGCCServerSettings().SC_SECURITY.serverCertificate.certData.getPublicKey()
     message = ClientSecurityExchangePDU()
     #reverse because bignum in little endian
     message.encryptedClientRandom.value = rsa.encrypt(clientRandom[::-1], serverPublicKey)[::-1]
     self.sendFlagged(SecurityFlag.SEC_EXCHANGE_PKT, message)