def create_message1(environment_dict): "" ed = environment_dict # overall lenght = 48 bytes protocol = 'NTLMSSP\000' #name type = '\001\000' #type 1 zeros1 = '\000\000' flags = ntlmutils.hex2str(ed['FLAGS']) zeros2 = '\000\000\000\000\000\000\000\000\000' zeros3 = '\000\000\000\000\000\000\000\000\000\000\000' smthg1 = '0\000\000\000\000\000\000\000' # something with chr(48) length? smthg2 = '0\000\000\000' # something with chr(48) lenght? msg1 = protocol + type + zeros1 + flags + zeros2 + zeros3 + smthg1 + smthg2 msg1 = base64.encodestring(msg1) msg1 = string.replace(msg1, '\012', '') return msg1
def create_message3(nonce, environment_dict): "" ed = environment_dict flags = ntlmutils.hex2str(ed['FLAGS']) protocol = 'NTLMSSP\000' #name type = '\003\000' #type 3 head = protocol + type + '\000\000' domain_rec = record(ed['DOMAIN']) user_rec = record(ed['USER']) host_rec = record(ed['HOST']) additional_rec = record('') if ed['LM']: lm_rec = record(ntlm_procs.calc_resp(ed['LM_HASHED_PW'], nonce)) else: lm_rec = record('') if ed['NT']: nt_rec = record(ntlm_procs.calc_resp(ed['NT_HASHED_PW'], nonce)) else: nt_rec = record('') # length of the head and five infos for LM, NT, Domain, User, Host domain_offset = len(head) + 5 * 8 # and unknown record info and flags' lenght if ed['NTLM_MODE'] == 0: domain_offset = domain_offset + 8 + len(flags) # create info fields domain_rec.create_record_info(domain_offset) user_rec.create_record_info(domain_rec.next_offset) host_rec.create_record_info(user_rec.next_offset) lm_rec.create_record_info(host_rec.next_offset) nt_rec.create_record_info(lm_rec.next_offset) additional_rec.create_record_info(nt_rec.next_offset) # data part of the message 3 data_part = domain_rec.data + user_rec.data + host_rec.data + lm_rec.data + nt_rec.data # build message 3 m3 = head + lm_rec.record_info + nt_rec.record_info + domain_rec.record_info + \ user_rec.record_info + host_rec.record_info # Experimental feature !!! if ed['NTLM_MODE'] == 0: m3 = m3 + additional_rec.record_info + flags m3 = m3 + data_part # Experimental feature !!! if ed['NTLM_MODE'] == 0: m3 = m3 + additional_rec.data # base64 encode m3 = base64.encodestring(m3) m3 = string.replace(m3, '\012', '') return m3