def __init__(self, config):
self.config = config
self.MyHost = ""
self.ListenPort = self.config["GENERAL"]["LISTEN_PORT"]
self.sigLock = thread.allocate_lock() # For locking in the sigHandler
self.monLock = thread.allocate_lock() # For keeping the monitor thread sane
self.watchUpstream = 0
# if found, convert hashed passwords from hex to string
if self.config["NTLM_AUTH"]["LM_HASHED_PW"]:
self.config["NTLM_AUTH"]["LM_HASHED_PW"] = utils.hex2str(self.config["NTLM_AUTH"]["LM_HASHED_PW"])
if self.config["NTLM_AUTH"]["NT_HASHED_PW"]:
self.config["NTLM_AUTH"]["NT_HASHED_PW"] = utils.hex2str(self.config["NTLM_AUTH"]["NT_HASHED_PW"])
if not self.config["NTLM_AUTH"]["NTLM_TO_BASIC"]:
if (self.config["NTLM_AUTH"]["LM_PART"] and not self.config["NTLM_AUTH"]["LM_HASHED_PW"]) or (
self.config["NTLM_AUTH"]["NT_PART"] and not self.config["NTLM_AUTH"]["NT_HASHED_PW"]
):
if not self.config["NTLM_AUTH"]["PASSWORD"]:
tries = 3
print "------------------------"
while tries and (not self.config["NTLM_AUTH"]["PASSWORD"]):
tries = tries - 1
self.config["NTLM_AUTH"]["PASSWORD"] = getpass.getpass("Your NT password to be used:")
if not self.config["NTLM_AUTH"]["PASSWORD"]:
print "Sorry. PASSWORD is required, bye."
sys.exit(1)
else:
# TODO: migrate this properly so placeholders aren't required
self.config["NTLM_AUTH"]["USER"] = "******"
self.config["NTLM_AUTH"]["PASSWORD"] = "******"
# compute hashed passwords if necessary
if self.config["NTLM_AUTH"]["LM_PART"] and not self.config["NTLM_AUTH"]["LM_HASHED_PW"]:
self.config["NTLM_AUTH"]["LM_HASHED_PW"] = ntlm_procs.create_LM_hashed_password(
self.config["NTLM_AUTH"]["PASSWORD"]
)
if self.config["NTLM_AUTH"]["NT_PART"] and not self.config["NTLM_AUTH"]["NT_HASHED_PW"]:
self.config["NTLM_AUTH"]["NT_HASHED_PW"] = ntlm_procs.create_NT_hashed_password(
self.config["NTLM_AUTH"]["PASSWORD"]
)
# if requested. compute and print out password hashes and exit
if self.config["NTLM_AUTH"]["PRINT_PW_HASH_AND_EXIT"]:
if self.config["NTLM_AUTH"]["LM_PART"]:
print "LM_HASHED_PW:%s" % utils.str2hex(self.config["NTLM_AUTH"]["LM_HASHED_PW"])
if self.config["NTLM_AUTH"]["NT_PART"]:
print "NT_HASHED_PW:%s" % utils.str2hex(self.config["NTLM_AUTH"]["NT_HASHED_PW"])
sys.exit(0)
def create_message1(environment_dict):
""
ed = environment_dict
# overall lenght = 48 bytes
protocol = 'NTLMSSP\000' #name
type = '\001\000' #type 1
zeros1 = '\000\000'
flags = utils.hex2str(ed['FLAGS'])
zeros2 = '\000\000\000\000\000\000\000\000\000'
zeros3 = '\000\000\000\000\000\000\000\000\000\000\000'
smthg1 = '0\000\000\000\000\000\000\000' # something with chr(48) length?
smthg2 = '0\000\000\000' # something with chr(48) lenght?
msg1 = protocol + type + zeros1 + flags + zeros2 + zeros3 + smthg1 + smthg2
msg1 = base64.encodestring(msg1)
msg1 = string.replace(msg1, '\012', '')
return msg1
def create_message1(environment_dict):
""
ed = environment_dict
# overall lenght = 48 bytes
protocol = 'NTLMSSP\000' #name
type = '\001\000' #type 1
zeros1 = '\000\000'
flags = utils.hex2str(ed['FLAGS'])
zeros2 = '\000\000\000\000\000\000\000\000\000'
zeros3 = '\000\000\000\000\000\000\000\000\000\000\000'
smthg1 = '0\000\000\000\000\000\000\000' # something with chr(48) length?
smthg2 = '0\000\000\000' # something with chr(48) lenght?
msg1 = protocol + type + zeros1 + flags + zeros2 + zeros3 + smthg1 + smthg2
msg1 = base64.encodestring(msg1)
msg1 = string.replace(msg1, '\012', '')
return msg1
def create_message3(nonce, environment_dict):
""
ed = environment_dict
flags = utils.hex2str(ed['FLAGS'])
protocol = 'NTLMSSP\000' #name
type = '\003\000' #type 3
head = protocol + type + '\000\000'
domain_rec = record(ed['DOMAIN'])
user_rec = record(ed['USER'])
host_rec = record(ed['HOST'])
additional_rec = record('')
if ed['LM']:
lm_rec = record(ntlm_procs.calc_resp(ed['LM_HASHED_PW'], nonce))
else:
lm_rec = record('')
if ed['NT']:
nt_rec = record(ntlm_procs.calc_resp(ed['NT_HASHED_PW'], nonce))
else:
nt_rec = record('')
# length of the head and five infos for LM, NT, Domain, User, Host
domain_offset = len(head) + 5 * 8
# and unknown record info and flags' lenght
if ed['NTLM_MODE'] == 0:
domain_offset = domain_offset + 8 + len(flags)
# create info fields
domain_rec.create_record_info(domain_offset)
user_rec.create_record_info(domain_rec.next_offset)
host_rec.create_record_info(user_rec.next_offset)
lm_rec.create_record_info(host_rec.next_offset)
nt_rec.create_record_info(lm_rec.next_offset)
additional_rec.create_record_info(nt_rec.next_offset)
# data part of the message 3
data_part = domain_rec.data + user_rec.data + host_rec.data + lm_rec.data + nt_rec.data
# build message 3
m3 = head + lm_rec.record_info + nt_rec.record_info + domain_rec.record_info + \
user_rec.record_info + host_rec.record_info
# Experimental feature !!!
if ed['NTLM_MODE'] == 0:
m3 = m3 + additional_rec.record_info + flags
m3 = m3 + data_part
# Experimental feature !!!
if ed['NTLM_MODE'] == 0:
m3 = m3 + additional_rec.data
# base64 encode
m3 = base64.encodestring(m3)
m3 = string.replace(m3, '\012', '')
return m3
def create_message3(nonce, environment_dict):
""
ed = environment_dict
flags = utils.hex2str(ed['FLAGS'])
protocol = 'NTLMSSP\000' #name
type = '\003\000' #type 3
head = protocol + type + '\000\000'
domain_rec = record(ed['DOMAIN'])
user_rec = record(ed['USER'])
host_rec = record(ed['HOST'])
additional_rec = record('')
if ed['LM']:
lm_rec = record(ntlm_procs.calc_resp(ed['LM_HASHED_PW'], nonce))
else:
lm_rec = record('')
if ed['NT']:
nt_rec = record(ntlm_procs.calc_resp(ed['NT_HASHED_PW'], nonce))
else:
nt_rec = record('')
# length of the head and five infos for LM, NT, Domain, User, Host
domain_offset = len(head) + 5 * 8
# and unknown record info and flags' lenght
if ed['NTLM_MODE'] == 0:
domain_offset = domain_offset + 8 + len(flags)
# create info fields
domain_rec.create_record_info(domain_offset)
user_rec.create_record_info(domain_rec.next_offset)
host_rec.create_record_info(user_rec.next_offset)
lm_rec.create_record_info(host_rec.next_offset)
nt_rec.create_record_info(lm_rec.next_offset)
additional_rec.create_record_info(nt_rec.next_offset)
# data part of the message 3
data_part = domain_rec.data + user_rec.data + host_rec.data + lm_rec.data + nt_rec.data
# build message 3
m3 = head + lm_rec.record_info + nt_rec.record_info + domain_rec.record_info + \
user_rec.record_info + host_rec.record_info
# Experimental feature !!!
if ed['NTLM_MODE'] == 0:
m3 = m3 + additional_rec.record_info + flags
m3 = m3 + data_part
# Experimental feature !!!
if ed['NTLM_MODE'] == 0:
m3 = m3 + additional_rec.data
# base64 encode
m3 = base64.encodestring(m3)
m3 = string.replace(m3, '\012', '')
return m3