예제 #1
0
    def from_buffer(buff):
        t = NTLMChallenge()
        t.Signature = buff.read(8)
        t.MessageType = int.from_bytes(buff.read(4),
                                       byteorder='little',
                                       signed=False)
        t.TargetNameFields = Fields.from_buffer(buff)
        t.NegotiateFlags = NegotiateFlags(
            int.from_bytes(buff.read(4), byteorder='little', signed=False))
        t.ServerChallenge = buff.read(8)
        t.Reserved = buff.read(8)
        t.TargetInfoFields = Fields.from_buffer(buff)

        if t.NegotiateFlags & NegotiateFlags.NEGOTIATE_VERSION:
            t.Version = Version.from_buffer(buff)

        currPos = buff.tell()
        t.Payload = buff.read()

        if t.TargetNameFields.length != 0:
            buff.seek(t.TargetNameFields.offset, io.SEEK_SET)
            raw_data = buff.read(t.TargetNameFields.length)
            try:
                t.TargetName = raw_data.decode('utf-16le')
            except UnicodeDecodeError:
                # yet another cool bug.
                t.TargetName = raw_data.decode('utf-8')

        if t.TargetInfoFields.length != 0:
            buff.seek(t.TargetInfoFields.offset, io.SEEK_SET)
            raw_data = buff.read(t.TargetInfoFields.length)
            t.TargetInfo = AVPairs.from_bytes(raw_data)

        return t
예제 #2
0
    def from_buffer(buff):
        cc = NTLMv2ClientChallenge()
        cc.RespType = int.from_bytes(buff.read(1),
                                     byteorder='little',
                                     signed=False)
        cc.HiRespType = int.from_bytes(buff.read(1),
                                       byteorder='little',
                                       signed=False)
        cc.Reserved1 = int.from_bytes(buff.read(6),
                                      byteorder='little',
                                      signed=False)
        cc.TimeStamp = buff.read(8)
        cc.ChallengeFromClient = buff.read(8)
        cc.Reserved2 = int.from_bytes(buff.read(4),
                                      byteorder='little',
                                      signed=False)
        cc.Details = AVPairs.from_buffer(
            buff)  #referred to as ServerName in the documentation
        cc.Reserved3 = int.from_bytes(buff.read(4),
                                      byteorder='little',
                                      signed=False)

        cc.timestamp_dt = timestamp2datetime(cc.TimeStamp)

        return cc
예제 #3
0
def test():
    test_data = bytes.fromhex(
        '0101000000000000aec600bfc5fdd4011bfa20699d7628730000000002000800540045005300540001001200570049004e003200300031003900410044000400120074006500730074002e0063006f007200700003002600570049004e003200300031003900410044002e0074006500730074002e0063006f007200700007000800aec600bfc5fdd40106000400020000000800300030000000000000000000000000200000527d27f234de743760966384d36f61ae2aa4fc2a380699f8caa600011b486d890a0010000000000000000000000000000000000009001e0063006900660073002f00310030002e00310030002e00310030002e0032000000000000000000'
    )

    cc = NTLMv2ClientChallenge.from_bytes(test_data)
    print(repr(cc))

    cc2 = NTLMv2ClientChallenge.from_bytes(cc.to_bytes())
    print(repr(cc2))
    print('=== Original ===')
    print(hexdump(test_data))
    print('=== CC ===')
    print(hexdump(cc.to_bytes()))

    ### assertions here fail because of the timestamp re-conversion loosing info (float-int conversion)
    #assert cc.to_bytes() == test_data
    #assert cc2.to_bytes() == test_data

    details = AVPairs({
        AVPAIRType.MsvAvNbDomainName: 'TEST',
        AVPAIRType.MsvAvNbComputerName: 'WIN2019AD',
        AVPAIRType.MsvAvDnsDomainName: 'test.corp',
        AVPAIRType.MsvAvDnsComputerName: 'WIN2019AD.test.corp',
        AVPAIRType.MsvAvTimestamp: b'\xae\xc6\x00\xbf\xc5\xfd\xd4\x01',
        AVPAIRType.MsvAvFlags: b'\x02\x00\x00\x00',
        AVPAIRType.MsvAvSingleHost:
        b"0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00R}'\xf24\xdet7`\x96c\x84\xd3oa\xae*\xa4\xfc*8\x06\x99\xf8\xca\xa6\x00\x01\x1bHm\x89",
        AVPAIRType.MsvChannelBindings:
        b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00',
        AVPAIRType.MsvAvTargetName: 'cifs/10.10.10.2'
    })
    timestamp = datetime.datetime(2019, 1, 1)
    client_challenge = os.urandom(8)

    cc3 = NTLMv2ClientChallenge.construct(timestamp, client_challenge, details)
    print(repr(cc3))
    cc4 = NTLMv2ClientChallenge.from_bytes(cc3.to_bytes())
예제 #4
0
파일: server.py 프로젝트: xBlackSwan/aiosmb 
from aiosmb.authentication.ntlm.structures.fields import Fields
from aiosmb.authentication.ntlm.structures.negotiate_flags import NegotiateFlags
from aiosmb.authentication.ntlm.structures.version import Version
from aiosmb.authentication.ntlm.structures.avpair import AVPairs, AVPAIRType

NTLMServerTemplates = {
    "Windows2003": {
        'flags':
        NegotiateFlags.NEGOTIATE_56 | NegotiateFlags.NEGOTIATE_128
        | NegotiateFlags.NEGOTIATE_VERSION
        | NegotiateFlags.NEGOTIATE_TARGET_INFO
        | NegotiateFlags.NEGOTIATE_EXTENDED_SESSIONSECURITY
        | NegotiateFlags.TARGET_TYPE_DOMAIN | NegotiateFlags.NEGOTIATE_NTLM
        | NegotiateFlags.REQUEST_TARGET | NegotiateFlags.NEGOTIATE_UNICODE,
        'version':
        Version.from_bytes(b"\x05\x02\xce\x0e\x00\x00\x00\x0f"),
        'targetinfo':
        AVPairs({
            AVPAIRType.MsvAvNbDomainName: 'SMB',
            AVPAIRType.MsvAvNbComputerName: 'SMB-TOOLKIT',
            AVPAIRType.MsvAvDnsDomainName: 'smb.local',
            AVPAIRType.MsvAvDnsComputerName: 'server2003.smb.local',
            AVPAIRType.MsvAvDnsTreeName: 'smb.local',
        }),
        'targetname':
        'SMB',
    },
}