def KXKEY(NegFlg, SessionBaseKey, LmChallengeResponse, ServerChallenge, ResponseKeyLM): if NegFlg & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY: hm = HMAC.new(SessionBaseKey, ServerChallenge + LmChallengeResponse[:8], MD5) KeyExchangeKey = hm.digest() else: LMOWF = ResponseKeyLM if NegFlg & NTLMSSP_NEGOTIATE_LMKEY: data = LmChallengeResponse[:8] KeyExchangeKey = DES(LMOWF[:7], data) + DES( LMOWF[8] + "\xbd" * 6, data) else: if NegFlg & NTLMSSP_REQUEST_NON_NT_SESSION_KEY: KeyExchangeKey = LMOWF[:8] + "\0" * 8 else: KeyExchangeKey = SessionBaseKey return KeyExchangeKey
def storePassword(username, password, key, cor_site): """ store username, and password(DES) use key and store into db """ # encrypt key des = DES() des.setKey(key) password = des.encrypt(password) with _mysql.connect(Constant.HOST, Constant.USER, Constant.PASSWORD, Constant.DB) as db: db.query( "INSERT INTO passtable (corsite, username, password) VALUES (%s, %s, %s)" % (cor_site, username, password)) print("Successful insert new record!")
def retrievePassword(cor_site, key): """ retrieve password from db according to username, and decrypt it with key """ des = DES() des.setKey(key) with _mysql.connect(Constant.HOST, Constant.USER, Constant.PASSWORD, Constant.DB) as db: cur = db.cursor() cur.query("SELECT * FROM passtable WHERE corsite = %s" % cor_site) for match in cur.fetchall(): print("Username: "******"Password: "******"#################################################################" )
def DESL(K, D): return DES(K[:7], D) + DES(K[7:14], D) + DES(K[14:16] + "\0" * 5, D)
def LMOWFv1(password): lm_passwd = password.upper() + "\0" * 14 magic = "KGS!@#$%" return DES(lm_passwd[:7], magic) + DES(lm_passwd[7:14], magic)