示例#1
0
    def Get_Domain(exchangeserver):
        target_name = None
        try:

            HTTPREQ = HTTPSConnection(exchangeserver, context=ssl._create_unverified_context())
            HTTPREQ.putrequest("GET", "/autodiscover/autodiscover.xml")
            HTTPREQ.putheader("Content-length", "%d" % 0)
            HTTPREQ.putheader("Connection", "Keep-Alive")
            # #HTTPREQ.putheader("User-Agent", 'Python-urllib/2.6')
            # #if user == "":
            # #    user = raw_input("[+][devalias.net][NTLM Authentication] Enter username (DOMAIN\username): ")
            # #if password == "":
            # #    password = raw_input("[+][devalias.net][NTLM Authentication] Enter password: "******"xxx").decode('ascii')
            auth = u'%s %s' % ('NTLM', negotiate_message)
            HTTPREQ.putheader("Authorization", auth)
            HTTPREQ.endheaders()
            try:
                resp = HTTPREQ.getresponse()
                challenge = resp.msg.get('WWW-Authenticate').split(' ')[1]
                target_name = DOMAIN_utils.parse_NTLM_CHALLENGE_MESSAGE(challenge)
            except HTTPError as e:
                return targetname
            except URLError as e:
                return target_name
            except HTTPException as e:
                return target_name
            except Exception as e:
                #print('Reason4: ', e)
                return target_name
        except Exception as e:
            return target_name
        else:
            return target_name
    def test_verify_public_key_good(self, mock_unwrap):
        test_credssp_context = HttpCredSSPAuth('', '')
        test_ntlm_context = ntlm.Ntlm()
        test_ntlm_context.session_security = session_security.SessionSecurity(1, 'key'.encode())
        test_credssp_context.context = test_ntlm_context
        test_ts_request = TSRequest()
        test_ts_request.parse_data(public_key_ts_request)
        test_public_key = hex_to_byte('00') + server_pub_key_token[1:]

        test_credssp_context._verify_public_keys(test_public_key, test_ts_request)
    def test_verify_public_key_invalid(self, mock_unwrap):
        test_credssp_context = HttpCredSSPAuth('', '')
        test_ntlm_context = ntlm.Ntlm()
        test_ntlm_context.session_security = session_security.SessionSecurity(1, 'key'.encode())
        test_credssp_context.context = test_ntlm_context
        test_ts_request = TSRequest()
        test_ts_request.parse_data(public_key_ts_request)

        # Use the wrong first byte to ensure the keys don't match
        test_public_key = hex_to_byte('01') + server_pub_key_token[1:]

        with self.assertRaises(AssertionError) as context:
            test_credssp_context._verify_public_keys(test_public_key, test_ts_request)

        assert context.exception.args[0] == 'Could not verify key sent from the server, possibly man in the middle attack'
示例#4
0
 def __init__(self, username, domain, password, ntlm_compatibility):
     self.username = username
     self.domain = domain.upper()
     self.password = password
     self.ntlm_context = ntlm.Ntlm(ntlm_compatibility=ntlm_compatibility)
示例#5
0
    def retry_using_http_NTLM_auth(self, auth_header_field, auth_header,
                                   response, auth_type, args):
        ### Get the certificate of the server if using HTTPS for CBT
        server_certificate_hash = self._get_server_cert(response)

        """Attempt to authenticate using HTTP NTLM challenge/response."""
        if auth_header in response.request.headers:
            return response

        content_length = int(
            response.request.headers.get('Content-Length', '0'), base=10)
        if hasattr(response.request.body, 'seek'):
            if content_length > 0:
                response.request.body.seek(-content_length, 1)
            else:
                response.request.body.seek(0, 0)

        ### Consume content and release the original connection
        ### to allow our new request to reuse the same one.
        response.content
        response.raw.release_conn()
        request = response.request.copy()

        ### ntlm returns the headers as a base64 encoded bytestring. Convert to
        ### a string.
        context = ntlm.Ntlm()
        negotiate_message = context.create_negotiate_message(self.domain).decode('ascii')
        auth = u'%s %s' % (auth_type, negotiate_message)
        request.headers[auth_header] = auth

        ### A streaming response breaks authentication.
        ### This can be fixed by not streaming this request, which is safe
        ### because the returned response3 will still have stream=True set if
        ### specified in args. In addition, we expect this request to give us a
        ### challenge and not the real content, so the content will be short
        ### anyway.
        args_nostream = dict(args, stream=False)
        response2 = response.connection.send(request, **args_nostream)

        ### needed to make NTLM auth compatible with requests-2.3.0

        ### Consume content and release the original connection
        ### to allow our new request to reuse the same one.
        response2.content
        response2.raw.release_conn()
        request = response2.request.copy()

        ### this is important for some web applications that store
        ### authentication-related info in cookies (it took a long time to
        ### figure out)
        ###!!! VI HAR KOMMENTERT UT DE NESTE TO LINJENE DA DE FJERNET COOKIES SATT AV NETSCALER. DETTE GJORDE AT NETSCALER KASTET OSS UT.
        ###!!! (Dette er grunnen til at vi har måttet legge inn hele biblioteket her istedenfor å bare pip install'e det)
        ###!!! Dette er jo en slags tech debt :) Alt. løsning er f.eks. å forke biblioteket / submitte en PR til originalrepoet, men det er litt mer stress enn vi trenger akkurat nå.

        #if response2.headers.get('set-cookie'):
        #    request.headers['Cookie'] = response2.headers.get('set-cookie')

        ###!!! Slutt på våre endringer

        ### get the challenge
        auth_header_value = response2.headers[auth_header_field]

        auth_strip = auth_type + ' '

        ntlm_header_value = next(
            s for s in (val.lstrip() for val in auth_header_value.split(','))
            if s.startswith(auth_strip)
        ).strip()

        ### Parse the challenge in the ntlm context
        context.parse_challenge_message(ntlm_header_value[len(auth_strip):])

        ### build response
        ### Get the response based on the challenge message
        authenticate_message = context.create_authenticate_message(
            self.username,
            self.password,
            self.domain,
            server_certificate_hash=server_certificate_hash
        )
        authenticate_message = authenticate_message.decode('ascii')
        auth = u'%s %s' % (auth_type, authenticate_message)
        request.headers[auth_header] = auth

        response3 = response2.connection.send(request, **args)

        ### Update the history.
        response3.history.append(response)
        response3.history.append(response2)

        ### Get the session_security object created by ntlm-auth for signing and sealing of messages
        self.session_security = context.session_security

        return response3
示例#6
0
    def _retry_using_ntlm(self, request: Request, response):
        def auth_from_header(header):
            """
            Given a WWW-Authenticate or Proxy-Authenticate header, returns the
            authentication type to use. We prefer NTLM over Negotiate if the server
            suppports it.
            """
            header = header.lower() or ""
            if "ntlm" in header:
                return "NTLM"
            elif "negotiate" in header:
                return "Negotiate"
            return None

        if response.status_code == 401:
            resp_header = "www-authenticate"
            req_header = "Authorization"
        elif response.status_code == 407:
            resp_header = "proxy-authenticate"
            req_header = "Proxy-authorization"
        auth_type = auth_from_header(response.headers.get(resp_header))
        if not auth_type:
            return
        # Get the certificate of the server if using HTTPS for CBT
        server_certificate_hash = self._get_server_cert(response)
        """Attempt to authenticate using HTTP NTLM challenge/response."""
        if req_header in request.headers:
            return
        # content_length = int(request.headers.get("Content-Length") or "0", base=10)
        # if hasattr(request.body, "seek"):
        #     if content_length > 0:
        #         request.body.seek(-content_length, 1)
        #     else:
        #         request.body.seek(0, 0)
        # request = request.copy()
        # ntlm returns the headers as a base64 encoded bytestring. Convert to
        # a string.
        context = ntlm.Ntlm()
        negotiate_message = context.create_negotiate_message(
            self.domain).decode("ascii")
        request.headers[req_header] = f"{auth_type} {negotiate_message}"
        # A streaming response breaks authentication.
        # This can be fixed by not streaming this request, which is safe
        # because the returned response3 will still have stream=True set if
        # specified in args. In addition, we expect this request to give us a
        # challenge and not the real content, so the content will be short anyway.
        response2 = yield request

        # this is important for some web applications that store
        # authentication-related info in cookies (it took a long time to figure out)
        if response2.headers.get("set-cookie"):
            request.headers["Cookie"] = response2.headers.get("set-cookie")

        # get the challenge
        auth_header_value = response2.headers[resp_header]

        auth_strip = auth_type + " "

        ntlm_header_value = next(
            s for s in (val.lstrip() for val in auth_header_value.split(","))
            if s.startswith(auth_strip)).strip()

        # Parse the challenge in the ntlm context
        context.parse_challenge_message(ntlm_header_value[len(auth_strip):])

        # build response
        # Get the response based on the challenge message
        authenticate_message = context.create_authenticate_message(
            self.username,
            self.password,
            self.domain,
            server_certificate_hash=server_certificate_hash,
        )
        authenticate_message = authenticate_message.decode("ascii")
        auth = f"{auth_type} {authenticate_message}"
        request.headers[req_header] = auth
        yield request
示例#7
0
    def retry_using_http_NTLM_auth(self, auth_header_field, auth_header,
                                   response, auth_type, args):
        # Get the certificate of the server if using HTTPS for CBT
        server_certificate_hash = _get_server_cert(response)

        """Attempt to authenticate using HTTP NTLM challenge/response."""
        if auth_header in response.request.headers:
            return response

        content_length = int(
            response.request.headers.get('Content-Length', '0'), base=10)
        if hasattr(response.request.body, 'seek'):
            if content_length > 0:
                response.request.body.seek(-content_length, 1)
            else:
                response.request.body.seek(0, 0)

        # Consume content and release the original connection
        # to allow our new request to reuse the same one.
        response.content
        response.raw.release_conn()
        request = response.request.copy()

        # ntlm returns the headers as a base64 encoded bytestring. Convert to
        # a string.
        context = ntlm.Ntlm()
        negotiate_message = context.create_negotiate_message(self.domain).decode('ascii')
        auth = u'%s %s' % (auth_type, negotiate_message)
        request.headers[auth_header] = auth

        # A streaming response breaks authentication.
        # This can be fixed by not streaming this request, which is safe
        # because the returned response3 will still have stream=True set if
        # specified in args. In addition, we expect this request to give us a
        # challenge and not the real content, so the content will be short
        # anyway.
        args_nostream = dict(args, stream=False)
        response2 = response.connection.send(request, **args_nostream)

        # needed to make NTLM auth compatible with requests-2.3.0

        # Consume content and release the original connection
        # to allow our new request to reuse the same one.
        response2.content
        response2.raw.release_conn()
        request = response2.request.copy()

        # this is important for some web applications that store
        # authentication-related info in cookies (it took a long time to
        # figure out)
        if response2.headers.get('set-cookie'):
            request.headers['Cookie'] = response2.headers.get('set-cookie')

        # get the challenge
        auth_header_value = response2.headers[auth_header_field]

        auth_strip = auth_type + ' '

        ntlm_header_value = next(
            s for s in (val.lstrip() for val in auth_header_value.split(','))
            if s.startswith(auth_strip)
        ).strip()

        # Parse the challenge in the ntlm context
        context.parse_challenge_message(ntlm_header_value[len(auth_strip):])

        # build response
        # Get the response based on the challenge message
        authenticate_message = context.create_authenticate_message(
            self.username,
            self.password,
            self.domain,
            server_certificate_hash=server_certificate_hash
        )
        authenticate_message = authenticate_message.decode('ascii')
        auth = u'%s %s' % (auth_type, authenticate_message)
        request.headers[auth_header] = auth

        response3 = response2.connection.send(request, **args)

        # Update the history.
        response3.history.append(response)
        response3.history.append(response2)

        # Get the session_security object created by ntlm-auth for signing and sealing of messages
        self.session_security = context.session_security

        return response3
示例#8
0
    async def retry_using_http_NTLM_auth(self, auth_header_field, auth_header,
                                         response, auth_type, args):
        """
        Attempt to authenticate using HTTP NTLM challenge/response.
        """
        assert isinstance(response, AioWinRmResponseClass)
        # Get the certificate of the server if using HTTPS for CBT
        server_certificate_hash = self._get_server_cert(response)

        if auth_header in response.request_info.headers:
            return response

        request = response.recycle()

        # ntlm returns the headers as a base64 encoded bytestring. Convert to
        # a string.
        context = ntlm.Ntlm()
        negotiate_message = context.create_negotiate_message(
            self.domain).decode('ascii')
        request.headers[auth_header] = f'{auth_type} {negotiate_message}'

        # NOTE: A streaming response breaks authentication.
        # is this something iohttp does?

        response2 = await request.send()
        request = response2.recycle()

        # this is important for some web applications that store
        # authentication-related info in cookies (it took a long time to
        # figure out)
        if response2.headers.get('set-cookie'):
            request.headers['Cookie'] = response2.headers.get('set-cookie')

        # get the challenge
        auth_header_value = response2.headers[auth_header_field]

        auth_strip = auth_type + ' '

        ntlm_header_value = next(
            s for s in (val.lstrip() for val in auth_header_value.split(','))
            if s.startswith(auth_strip)).strip()

        # Parse the challenge in the ntlm context
        context.parse_challenge_message(ntlm_header_value[len(auth_strip):])

        # build response
        # Get the response based on the challenge message
        authenticate_message = context.create_authenticate_message(
            self.username,
            self.password,
            self.domain,
            server_certificate_hash=server_certificate_hash)
        authenticate_message = authenticate_message.decode('ascii')
        request.headers[auth_header] = f'{auth_type} {authenticate_message}'

        response3 = await request.send()

        # Get the session_security object created by ntlm-auth for signing and sealing of messages
        self.session_security = context.session_security

        return response3