def KXKEY(NegFlg, SessionBaseKey, LmChallengeResponse, ServerChallenge,
ResponseKeyLM):
if NegFlg & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
hm = HMAC.new(SessionBaseKey,
ServerChallenge + LmChallengeResponse[:8], MD5)
KeyExchangeKey = hm.digest()
else:
LMOWF = ResponseKeyLM
if NegFlg & NTLMSSP_NEGOTIATE_LMKEY:
data = LmChallengeResponse[:8]
KeyExchangeKey = DES(LMOWF[:7], data) + DES(
LMOWF[8] + "\xbd" * 6, data)
else:
if NegFlg & NTLMSSP_REQUEST_NON_NT_SESSION_KEY:
KeyExchangeKey = LMOWF[:8] + "\0" * 8
else:
KeyExchangeKey = SessionBaseKey
return KeyExchangeKey
def storePassword(username, password, key, cor_site):
"""
store username, and password(DES) use key and store into db
"""
# encrypt key
des = DES()
des.setKey(key)
password = des.encrypt(password)
with _mysql.connect(Constant.HOST, Constant.USER, Constant.PASSWORD,
Constant.DB) as db:
db.query(
"INSERT INTO passtable (corsite, username, password) VALUES (%s, %s, %s)"
% (cor_site, username, password))
print("Successful insert new record!")
def retrievePassword(cor_site, key):
"""
retrieve password from db according to username, and decrypt it with key
"""
des = DES()
des.setKey(key)
with _mysql.connect(Constant.HOST, Constant.USER, Constant.PASSWORD,
Constant.DB) as db:
cur = db.cursor()
cur.query("SELECT * FROM passtable WHERE corsite = %s" % cor_site)
for match in cur.fetchall():
print("Username: "******"Password: "******"#################################################################"
)
def DESL(K, D):
return DES(K[:7], D) + DES(K[7:14], D) + DES(K[14:16] + "\0" * 5, D)
def LMOWFv1(password):
lm_passwd = password.upper() + "\0" * 14
magic = "KGS!@#$%"
return DES(lm_passwd[:7], magic) + DES(lm_passwd[7:14], magic)
