def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' self.sspi = WSNETAuth() self.operator = None self.client = None self.target = None self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' self.sspi = None self.operator = None self.client = None self.target = None #self.ntlmChallenge = None self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' url = '%s://%s:%s' % (self.settings.proto, self.settings.host, self.settings.port) self.sspi = WSNETSSPIProxy(url, self.settings.agent_id) self.operator = None self.client = None self.target = None self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings): self.settings = settings self.mode = 'CLIENT' self.username = settings.username self.password = settings.password self.domain = settings.domain self.actual_ctx_flags = None self.flags = ISC_REQ.CONNECTION if settings.encrypt is True: #self.flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY| ISC_REQ.USE_SESSION_KEY| ISC_REQ.INTEGRITY| ISC_REQ.SEQUENCE_DETECT| ISC_REQ.CONNECTION self.flags = ISC_REQ.CONNECTION | ISC_REQ.CONFIDENTIALITY self.sspi = NTLMMSLDAPSSPI() self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
class MSLDAPWSNetNTLMAuth: def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' self.sspi = WSNETAuth() self.operator = None self.client = None self.target = None self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL')) def setup(self): return @property def ntlmChallenge(self): return self.ntlm_ctx.ntlmChallenge def get_sealkey(self, mode='Client'): return self.ntlm_ctx.get_sealkey(mode=mode) def get_signkey(self, mode='Client'): return self.ntlm_ctx.get_signkey(mode=mode) def signing_needed(self): return self.ntlm_ctx.signing_needed() def encryption_needed(self): return self.ntlm_ctx.encryption_needed() async def encrypt(self, data, message_no): return await self.ntlm_ctx.encrypt(data, message_no) async def decrypt(self, data, sequence_no, direction='init', auth_data=None): return await self.ntlm_ctx.decrypt(data, sequence_no, direction=direction, auth_data=auth_data) async def sign(self, data, message_no, direction=None, reset_cipher=False): return await self.ntlm_ctx.sign(data, message_no, direction=None, reset_cipher=reset_cipher) def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt): return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt) def SIGN(self, signingKey, message, seqNum, cipher_encrypt): return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt) def get_session_key(self): return self.session_key def get_seq_number(self): return self.seq_number def is_extended_security(self): return self.ntlm_ctx.is_extended_security() async def authenticate(self, authData=b'', flags=None, seq_number=0, cb_data=None): try: if flags is None: flags = ISC_REQ.CONNECTION if authData is None: status, ctxattr, data, err = await self.sspi.authenticate( 'NTLM', '', '', 3, flags.value, authdata=b'') if err is not None: raise err self.ntlm_ctx.load_negotiate(data) return data, True, None else: self.ntlm_ctx.load_challenge(authData) status, ctxattr, data, err = await self.sspi.authenticate( 'NTLM', '', '', 3, flags.value, authdata=authData) if err is not None: raise err if err is None: self.ntlm_ctx.load_authenticate(data) self.session_key, err = await self.sspi.get_sessionkey() if err is not None: raise err self.ntlm_ctx.load_sessionkey(self.get_session_key()) await self.sspi.disconnect() return data, False, None except Exception as e: return None, None, e
def build(self): if self.creds.auth_method == LDAPAuthProtocol.SICILY: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception( 'NTLM authentication requres password/NT hash!') if len(self.creds.password) == 32: try: bytes.fromhex(self.creds.password) except: ntlmcred.password = self.creds.password else: ntlmcred.nt_hash = self.creds.password else: ntlmcred.password = self.creds.password settings = NTLMHandlerSettings(ntlmcred) return NTLMAUTHHandler(settings) elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE: cred = MSLDAPPLAINCredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method == LDAPAuthProtocol.PLAIN: cred = MSLDAPSIMPLECredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method in [ LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT ]: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception('NTLM authentication requres password!') if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD: ntlmcred.password = self.creds.password elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT: ntlmcred.nt_hash = self.creds.password else: raise Exception('Unknown NTLM auth method!') settings = NTLMHandlerSettings(ntlmcred) handler = NTLMAUTHHandler(settings) ##setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT, LDAPAuthProtocol.KERBEROS_AES, LDAPAuthProtocol.KERBEROS_PASSWORD, LDAPAuthProtocol.KERBEROS_CCACHE, LDAPAuthProtocol.KERBEROS_KEYTAB ]: if self.target is None: raise Exception('Target must be specified with Kerberos!') if self.target.host is None: raise Exception( 'target must have a domain name or hostname for kerberos!') if self.target.dc_ip is None: raise Exception('target must have a dc_ip for kerberos!') kcred = MSLDAPKerberosCredential() kc = KerberosCredential() kc.username = self.creds.username kc.domain = self.creds.domain kcred.enctypes = [] if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD: kc.password = self.creds.password kcred.enctypes = [23, 17, 18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT: kc.nt_hash = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES: if len(self.creds.password) == 32: kc.kerberos_key_aes_128 = self.creds.password kcred.enctypes = [17] elif len(self.creds.password) == 64: kc.kerberos_key_aes_256 = self.creds.password kcred.enctypes = [18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4: kc.kerberos_key_rc4 = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE: kc.ccache = self.creds.password kcred.enctypes = [23, 17, 18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB: kc.keytab = self.creds.password kcred.enctypes = [23, 17, 18] else: raise Exception( 'No suitable secret type found to set up kerberos!') if self.creds.etypes is not None: kcred.enctypes = list( set(self.creds.etypes).intersection(set(kcred.enctypes))) kcred.ccred = kc kcred.spn = KerberosSPN.from_target_string( self.target.to_target_string()) kcred.target = KerberosTarget(self.target.dc_ip) kcred.encrypt = self.creds.encrypt if self.target.proxy is not None: kcred.target.proxy = KerberosProxy() kcred.target.proxy.type = self.target.proxy.type kcred.target.proxy.target = copy.deepcopy( self.target.proxy.target) kcred.target.proxy.target.endpoint_ip = self.target.dc_ip kcred.target.proxy.target.endpoint_port = 88 kcred.target.proxy.creds = copy.deepcopy( self.target.proxy.auth) handler = MSLDAPKerberos(kcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS: if self.target is None: raise Exception('Target must be specified with Kerberos SSPI!') kerbcred = MSLDAPKerberosSSPICredential() kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' kerbcred.spn = self.target.to_target_string() kerbcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosSSPI(kerbcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM: ntlmcred = MSLDAPNTLMSSPICredential() ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMSSPI(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method.value.startswith('MULTIPLEXOR'): if self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM, LDAPAuthProtocol.MULTIPLEXOR_NTLM ]: from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS, LDAPAuthProtocol.MULTIPLEXOR_KERBEROS ]: from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg
def build(self): if self.creds.auth_method == LDAPAuthProtocol.SICILY: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception( 'NTLM authentication requres password/NT hash!') if len(self.creds.password) == 32: try: bytes.fromhex(self.creds.password) except: ntlmcred.password = self.creds.password else: ntlmcred.nt_hash = self.creds.password else: ntlmcred.password = self.creds.password settings = NTLMHandlerSettings(ntlmcred) return NTLMAUTHHandler(settings) elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE: cred = MSLDAPPLAINCredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method == LDAPAuthProtocol.PLAIN: cred = MSLDAPSIMPLECredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method in [ LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT ]: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception('NTLM authentication requres password!') if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD: ntlmcred.password = self.creds.password elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT: ntlmcred.nt_hash = self.creds.password else: raise Exception('Unknown NTLM auth method!') settings = NTLMHandlerSettings(ntlmcred) handler = NTLMAUTHHandler(settings) ##setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT, LDAPAuthProtocol.KERBEROS_AES, LDAPAuthProtocol.KERBEROS_PASSWORD, LDAPAuthProtocol.KERBEROS_CCACHE, LDAPAuthProtocol.KERBEROS_KEYTAB, LDAPAuthProtocol.KERBEROS_KIRBI, LDAPAuthProtocol.KERBEROS_PFX, LDAPAuthProtocol.KERBEROS_PEM, LDAPAuthProtocol.KERBEROS_CERTSTORE ]: if self.target is None: raise Exception('Target must be specified with Kerberos!') if self.target.host is None: raise Exception( 'target must have a domain name or hostname for kerberos!') if self.target.dc_ip is None: raise Exception('target must have a dc_ip for kerberos!') kcred = MSLDAPKerberosCredential() if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI: kc = KerberosCredential.from_kirbi(self.creds.password, self.creds.username, self.creds.domain) elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE: kc = KerberosCredential.from_ccache_file( self.creds.password, self.creds.username, self.creds.domain) elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB: kc = KerberosCredential.from_kirbi(self.creds.password, self.creds.username, self.creds.domain) elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PFX: kc = KerberosCredential.from_pfx_file( self.creds.username, self.creds.password, username=self.creds.altname, domain=self.creds.altdomain) self.creds.username = kc.username self.creds.domain = kc.domain self.target.domain = kc.domain elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PEM: kc = KerberosCredential.from_pem_file( self.creds.username, self.creds.password, username=self.creds.altname, domain=self.creds.altdomain) self.creds.username = kc.username self.creds.domain = kc.domain self.target.domain = kc.domain elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CERTSTORE: # username is the CN of the certificate # secret is the name of the certstore, default: MY certstore = self.creds.secret if self.creds.secret is None: certstore = 'MY' kc = KerberosCredential.from_windows_certstore( self.creds.username, certstore, username=self.creds.altname, domain=self.creds.altdomain) self.creds.username = kc.username self.creds.domain = kc.domain self.target.domain = kc.domain else: kc = KerberosCredential() kc.username = self.creds.username kc.domain = self.creds.domain kcred.enctypes = [] if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD: kc.password = self.creds.password kcred.enctypes = [23, 17, 18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT: kc.nt_hash = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES: if len(self.creds.password) == 32: kc.kerberos_key_aes_128 = self.creds.password kcred.enctypes = [17] elif len(self.creds.password) == 64: kc.kerberos_key_aes_256 = self.creds.password kcred.enctypes = [18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4: kc.kerberos_key_rc4 = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE: kcred.enctypes = [23, 17, 18] # TODO: fix this elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB: kc.keytab = self.creds.password kcred.enctypes = [23, 17, 18] # TODO: fix this elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI: kcred.enctypes = [23, 17, 18] # TODO: fix this elif self.creds.auth_method in [ LDAPAuthProtocol.KERBEROS_PFX, LDAPAuthProtocol.KERBEROS_CERTSTORE, LDAPAuthProtocol.KERBEROS_PEM ]: kcred.enctypes = [17, 18] else: raise Exception( 'No suitable secret type found to set up kerberos!') if self.creds.etypes is not None: kcred.enctypes = list( set(self.creds.etypes).intersection(set(kcred.enctypes))) kcred.ccred = kc kcred.spn = KerberosSPN.from_target_string( self.target.to_target_string()) kcred.target = KerberosTarget(self.target.dc_ip) kcred.encrypt = self.creds.encrypt if self.target.proxy is not None: kcred.target.proxy = KerberosProxy() kcred.target.proxy.type = self.target.proxy.type kcred.target.proxy.target = copy.deepcopy( self.target.proxy.target) kcred.target.proxy.target[-1].endpoint_ip = self.target.dc_ip kcred.target.proxy.target[-1].endpoint_port = 88 handler = MSLDAPKerberos(kcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS: if self.target is None: raise Exception('Target must be specified with Kerberos SSPI!') kerbcred = MSLDAPKerberosSSPICredential() kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' kerbcred.spn = self.target.to_target_string() kerbcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosSSPI(kerbcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM: ntlmcred = MSLDAPNTLMSSPICredential() ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMSSPI(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method.value.startswith('MULTIPLEXOR'): if self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM, LDAPAuthProtocol.MULTIPLEXOR_NTLM ]: from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS, LDAPAuthProtocol.MULTIPLEXOR_KERBEROS ]: from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method.value.startswith('SSPIPROXY'): if self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_NTLM: from msldap.authentication.ntlm.sspiproxy import MSLDAPSSPIProxyNTLMAuth ntlmcred = MSLDAPSSPIProxyCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt ntlmcred.host = self.creds.settings['host'][0] ntlmcred.port = int(self.creds.settings['port'][0]) ntlmcred.proto = 'ws' if 'proto' in self.creds.settings: ntlmcred.proto = self.creds.settings['proto'][0] if 'agentid' in self.creds.settings: ntlmcred.agent_id = bytes.fromhex( self.creds.settings['agentid'][0]) handler = MSLDAPSSPIProxyNTLMAuth(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_KERBEROS: from msldap.authentication.kerberos.sspiproxyws import MSLDAPSSPIProxyKerberosAuth ntlmcred = MSLDAPSSPIProxyCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt ntlmcred.host = self.creds.settings['host'][0] ntlmcred.port = self.creds.settings['port'][0] ntlmcred.proto = 'ws' if 'proto' in self.creds.settings: ntlmcred.proto = self.creds.settings['proto'][0] if 'agentid' in self.creds.settings: ntlmcred.agent_id = bytes.fromhex( self.creds.settings['agentid'][0]) handler = MSLDAPSSPIProxyKerberosAuth(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method.value.startswith('WSNET'): if self.creds.auth_method in [LDAPAuthProtocol.WSNET_NTLM]: from msldap.authentication.ntlm.wsnet import MSLDAPWSNetNTLMAuth ntlmcred = MSLDAPWSNETCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False handler = MSLDAPWSNetNTLMAuth(ntlmcred) spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [LDAPAuthProtocol.WSNET_KERBEROS]: from msldap.authentication.kerberos.wsnet import MSLDAPWSNetKerberosAuth ntlmcred = MSLDAPWSNETCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False handler = MSLDAPWSNetKerberosAuth(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg
class MSLDAPNTLMMultiplexor: def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' self.sspi = None self.operator = None self.client = None self.target = None self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL')) def setup(self): return @property def ntlmChallenge(self): return self.ntlm_ctx.ntlmChallenge def get_sealkey(self, mode='Client'): return self.ntlm_ctx.get_sealkey(mode=mode) def get_signkey(self, mode='Client'): return self.ntlm_ctx.get_signkey(mode=mode) def get_session_key(self): return self.session_key def is_extended_security(self): return self.ntlm_ctx.is_extended_security() def get_seq_number(self): return self.seq_number def signing_needed(self): return self.ntlm_ctx.signing_needed() def encryption_needed(self): return self.ntlm_ctx.encryption_needed() async def encrypt(self, data, message_no): return await self.ntlm_ctx.encrypt(data, message_no) async def decrypt(self, data, sequence_no, direction='init', auth_data=None): return await self.ntlm_ctx.decrypt(data, sequence_no, direction=direction, auth_data=auth_data) async def sign(self, data, message_no, direction=None, reset_cipher=False): return await self.ntlm_ctx.sign(data, message_no, direction=None, reset_cipher=reset_cipher) async def authenticate(self, authData=None, flags=None, seq_number=0, cb_data=None): is_rpc = False if self.sspi is None: res, err = await self.start_remote_sspi() if err is not None: return None, None, err if is_rpc is True and flags is None: flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY | ISC_REQ.USE_SESSION_KEY | ISC_REQ.INTEGRITY | ISC_REQ.SEQUENCE_DETECT | ISC_REQ.CONNECTION flags = int(flags) if authData is None: data, res = await self.sspi.authenticate(flags=flags) if res is None: self.ntlm_ctx.load_negotiate(data) return data, res, None else: self.ntlm_ctx.load_challenge(authData) data, res = await self.sspi.challenge(authData, flags=flags) if res is None: self.ntlm_ctx.load_authenticate(data) self.session_key, res = await self.sspi.get_session_key() if res is None: self.ntlm_ctx.load_sessionkey(self.get_session_key()) return data, res, None async def start_remote_sspi(self): try: #print(self.settings.get_url()) self.operator = MultiplexorOperator(self.settings.get_url(), logging_sink=logger) await self.operator.connect() #creating virtual sspi server server_info = await self.operator.start_sspi(self.settings.agent_id ) #print(server_info) sspi_url = 'ws://%s:%s' % (server_info['listen_ip'], server_info['listen_port']) #print(sspi_url) self.sspi = SSPINTLMClient(sspi_url) await self.sspi.connect() return True, None except Exception as e: import traceback traceback.print_exc() return None, e
class SMBNTLMMultiplexor: def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' self.sspi = None self.operator = None self.client = None self.target = None #self.ntlmChallenge = None self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL')) def setup(self): return @property def ntlmChallenge(self): return self.ntlm_ctx.ntlmChallenge def get_sealkey(self, mode='Client'): return self.ntlm_ctx.get_sealkey(mode=mode) def get_signkey(self, mode='Client'): return self.ntlm_ctx.get_signkey(mode=mode) def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt): return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt) def SIGN(self, signingKey, message, seqNum, cipher_encrypt): return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt) def get_session_key(self): return self.session_key def get_extra_info(self): return self.ntlm_ctx.get_extra_info() def is_extended_security(self): return self.ntlm_ctx.is_extended_security() #async def encrypt(self, data, message_no): # return self.sspi.encrypt(data, message_no) # #async def decrypt(self, data, message_no): # return self.sspi.decrypt(data, message_no) async def authenticate(self, authData=None, flags=None, seq_number=0, is_rpc=False): if self.sspi is None: res = await self.start_remote_sspi() if res is None: raise Exception('Failed to start remote SSPI') if is_rpc is True and flags is None: flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY | ISC_REQ.USE_SESSION_KEY | ISC_REQ.INTEGRITY | ISC_REQ.SEQUENCE_DETECT | ISC_REQ.CONNECTION flags = int(flags) if self.settings.mode == 'CLIENT': if authData is None: data, res = await self.sspi.authenticate(flags=flags) if res is None: self.ntlm_ctx.load_negotiate(data) return data, res else: self.ntlm_ctx.load_challenge(authData) data, res = await self.sspi.challenge(authData, flags=flags) if res is None: self.ntlm_ctx.load_authenticate(data) self.session_key, res = await self.sspi.get_session_key() if res is None: self.ntlm_ctx.load_sessionkey(self.get_session_key()) return data, res else: raise Exception('Server mode not implemented!') async def start_remote_sspi(self): try: #print(self.settings.get_url()) self.operator = MultiplexorOperator(self.settings.get_url(), logging_sink=logger) await self.operator.connect() #creating virtual sspi server server_info = await self.operator.start_sspi(self.settings.agent_id ) #print(server_info) sspi_url = 'ws://%s:%s' % (server_info['listen_ip'], server_info['listen_port']) #print(sspi_url) self.sspi = SSPINTLMClient(sspi_url) await self.sspi.connect() return True except Exception as e: import traceback traceback.print_exc() return None
class MSLDAPNTLMSSPI: def __init__(self, settings): self.settings = settings self.mode = 'CLIENT' self.username = settings.username self.password = settings.password self.domain = settings.domain self.actual_ctx_flags = None self.flags = ISC_REQ.CONNECTION if settings.encrypt is True: #self.flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY| ISC_REQ.USE_SESSION_KEY| ISC_REQ.INTEGRITY| ISC_REQ.SEQUENCE_DETECT| ISC_REQ.CONNECTION self.flags = ISC_REQ.CONNECTION | ISC_REQ.CONFIDENTIALITY self.sspi = NTLMMSLDAPSSPI() self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL')) @property def ntlmChallenge(self): return self.ntlm_ctx.ntlmChallenge def get_seq_number(self): return self.ntlm_ctx.get_seq_number() def signing_needed(self): return self.ntlm_ctx.signing_needed() def encryption_needed(self): return self.ntlm_ctx.encryption_needed() def get_sealkey(self, mode='Client'): return self.ntlm_ctx.get_sealkey(mode=mode) def get_signkey(self, mode='Client'): return self.ntlm_ctx.get_signkey(mode=mode) #def wrap(self, data, sequence_no): # self.ntlm_ctx.wrap() def unwrap(self, data): return self.ntlm_ctx.unwrap(data) def SEAL(self, signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt): return self.ntlm_ctx.SEAL(signingKey, sealingKey, messageToSign, messageToEncrypt, seqNum, cipher_encrypt) def SIGN(self, signingKey, message, seqNum, cipher_encrypt): return self.ntlm_ctx.SIGN(signingKey, message, seqNum, cipher_encrypt) def sign(self, data, message_no=0, direction='init', reset_cipher=False): return self.ntlm_ctx.sign(data, message_no=message_no, reset_cipher=reset_cipher) def verify(self, data, signature): return self.ntlm_ctx.verify(data, signature) def get_session_key(self): if not self.session_key: self.session_key = self.sspi.get_session_key() return self.session_key #def get_extra_info(self): # return self.ntlm_ctx.get_extra_info() def is_extended_security(self): return self.ntlm_ctx.is_extended_security() def encrypt(self, data, message_no): return self.ntlm_ctx.encrypt(data, message_no) def decrypt(self, data, message_no, direction='init', auth_data=None): return self.ntlm_ctx.decrypt(data, message_no, direction=direction, auth_data=auth_data) async def authenticate(self, authData=None, flags=None, seq_number=0, cb_data=None): if authData is None: try: data, res = self.sspi.negotiate(ctx_flags=self.flags) self.actual_ctx_flags = self.sspi.ctx_outflags self.ntlm_ctx.load_negotiate(data) return data, res, None except Exception as e: return None, None, e else: self.ntlm_ctx.load_challenge(authData) data, res = self.sspi.authenticate(authData, ctx_flags=self.flags) self.ntlm_ctx.load_authenticate(data) self.ntlm_ctx.load_sessionkey(self.get_session_key()) return data, res, None