def __DES_block(key, msg):
if POW:
cipher = POW.Symmetric(POW.DES_ECB)
cipher.encryptInit(__expand_DES_key(key))
return cipher.update(msg)
else:
cipher = DES.new(__expand_DES_key(key), DES.MODE_ECB)
return cipher.encrypt(msg)
def generateEncryptedSessionKey(keyExchangeKey, exportedSessionKey):
if POW:
cipher = POW.Symmetric(POW.RC4)
cipher.encryptInit(keyExchangeKey)
cipher_encrypt = cipher.update
else:
cipher = ARC4.new(keyExchangeKey)
cipher_encrypt = cipher.encrypt
sessionKey = cipher_encrypt(exportedSessionKey)
return sessionKey
def __init__(self):
self.priv_filename = '/etc/411-security/master.key'
self.pub_filename = '/etc/411-security/master.pub'
self.shared_filename = '/etc/411-security/shared.key'
self.masters = []
# Our current favorite
self.master = None
self.disable = 0
self.verbose = 0
# The directory from which we place our 411 files. Used
# when translating 411 file paths.
self.rootdir = "/"
self.sym = None
self.pool = None
# Master keys
self.priv = None
self.pub = None
# Shared key, 256bit + 64bit IV
self.shared = None
self.conn = None
# Default URL base path to find files.
self.urldir = '411.d'
# Groups we are interested in
self.groups = ['']
# Store attributes which we can use to filter on.
self.attrs = {}
self.config = Conf(self)
self.config.parse()
self.plugin = None
# A regex for our header search.
pattern = "\n*(?P<comment>.*?)\$411id\$"
self.header_pattern = re.compile(pattern)
pattern = "<a href=.+>(?P<filename>.+)</a> +(?P<date>\d+.*) +(?P<size>\d+.*)"
# Make the pattern matching engine case-insensitive.
self.dir_pattern = re.compile(pattern, re.I)
# Use Blowfish with fast Cipher Block Chaining.
self.sym = POW.Symmetric(POW.BF_CBC)
def bind(self, uuid, alter=0, bogus_binds=0):
bind = MSRPCBind(endianness=self.endianness)
syntax = '\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60'
if self.endianness == '>':
syntax = unpack('<LHHBB6s', syntax)
syntax = pack('>LHHBB6s', *syntax)
uuid = list(unpack('<LHHBB6sHH', uuid))
uuid[-1] ^= uuid[-2]
uuid[-2] ^= uuid[-1]
uuid[-1] ^= uuid[-2]
uuid = pack('>LHHBB6sHH', *uuid)
ctx = 0
for i in range(bogus_binds):
bind.set_ctx_id(self._ctx, index=ctx)
bind.set_trans_num(1, index=ctx)
bind.set_if_binuuid('A' * 20, index=ctx)
bind.set_xfer_syntax_binuuid(syntax, index=ctx)
bind.set_xfer_syntax_ver(2, index=ctx)
self._ctx += 1
ctx += 1
bind.set_ctx_id(self._ctx, index=ctx)
bind.set_trans_num(1, index=ctx)
bind.set_if_binuuid(uuid, index=ctx)
bind.set_xfer_syntax_binuuid(syntax, index=ctx)
bind.set_xfer_syntax_ver(2, index=ctx)
bind.set_ctx_num(ctx + 1)
if alter:
bind.set_type(MSRPC_ALTERCTX)
if (self.__auth_level != ntlm.NTLM_AUTH_NONE):
if (self.__username is None) or (self.__password is None):
self.__username, self.__password, nth, lmh = self._transport.get_credentials(
)
auth = ntlm.NTLMAuthNegotiate()
auth['auth_level'] = self.__auth_level
auth['auth_ctx_id'] = self._ctx + 79231
bind.set_auth_data(str(auth))
self._transport.send(bind.get_packet())
s = self._transport.recv()
if s != 0:
resp = MSRPCBindAck(s)
else:
return 0 #mmm why not None?
if resp.get_type() == MSRPC_BINDNAK:
resp = MSRPCBindNak(s)
status_code = resp.get_reason()
if rpc_status_codes.has_key(status_code):
raise Exception(rpc_status_codes[status_code], resp)
else:
raise Exception(
'Unknown DCE RPC fault status code: %.8x' % status_code,
resp)
self.__max_xmit_size = resp.get_max_tfrag()
if self.__auth_level != ntlm.NTLM_AUTH_NONE:
authResp = ntlm.NTLMAuthChallenge(
data=resp.get_auth_data().tostring())
self._ntlm_challenge = authResp['challenge']
response = ntlm.NTLMAuthChallengeResponse(self.__username,
self.__password,
self._ntlm_challenge)
response['auth_ctx_id'] = self._ctx + 79231
response['auth_level'] = self.__auth_level
if self.__auth_level in (ntlm.NTLM_AUTH_CONNECT,
ntlm.NTLM_AUTH_PKT_INTEGRITY,
ntlm.NTLM_AUTH_PKT_PRIVACY):
if self.__password:
key = ntlm.compute_nthash(self.__password)
if POW:
hash = POW.Digest(POW.MD4_DIGEST)
else:
hash = MD4.new()
hash.update(key)
key = hash.digest()
else:
key = '\x00' * 16
if POW:
cipher = POW.Symmetric(POW.RC4)
cipher.encryptInit(key)
self.cipher_encrypt = cipher.update
else:
cipher = ARC4.new(key)
self.cipher_encrypt = cipher.encrypt
if response['flags'] & ntlm.NTLMSSP_KEY_EXCHANGE:
session_key = 'A' * 16 # XXX Generate random session key
response['session_key'] = self.cipher_encrypt(session_key)
if POW:
cipher = POW.Symmetric(POW.RC4)
cipher.encryptInit(session_key)
self.cipher_encrypt = cipher.update
else:
cipher = ARC4.new(session_key)
self.cipher_encrypt = cipher.encrypt
self.sequence = 0
auth3 = MSRPCHeader()
auth3.set_type(MSRPC_AUTH3)
auth3.set_auth_data(str(response))
self._transport.send(auth3.get_packet(), forceWriteAndx=1)
return resp # means packet is signed, if verifier is wrong it fails
