style updates, expand constants
parent
a4ecd43a8f
commit
3e7e1e59df
|
@ -3,16 +3,10 @@ require 'rex/proto/ntlm/constants'
|
|||
require 'rex/proto/ntlm/crypt'
|
||||
require 'rex/proto/ntlm/exceptions'
|
||||
|
||||
module Rex
|
||||
module Proto
|
||||
module NTLM
|
||||
class Utils
|
||||
module Rex::Proto::NTLM
|
||||
class Utils
|
||||
|
||||
CONST = Rex::Proto::NTLM::Constants
|
||||
CRYPT = Rex::Proto::NTLM::Crypt
|
||||
XCEPT = Rex::Proto::NTLM::Exceptions
|
||||
|
||||
#duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
|
||||
# duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
|
||||
# Convert a unix timestamp to a 64-bit signed server time
|
||||
def self.time_unix_to_smb(unix_time)
|
||||
t64 = (unix_time + 11644473600) * 10000000
|
||||
|
@ -353,7 +347,7 @@ class Utils
|
|||
if usentlm2_session
|
||||
if use_ntlmv2
|
||||
#set Negotiate Target Info
|
||||
ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
|
||||
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_TARGET_INFO
|
||||
end
|
||||
|
||||
else
|
||||
|
@ -361,7 +355,7 @@ class Utils
|
|||
ntlmssp_flags &= 0xfff7ffff
|
||||
#set lanmanflag only when lm and ntlm are sent
|
||||
if send_lm
|
||||
ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
|
||||
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_LMKEY if use_lanman_key
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -379,7 +373,7 @@ class Utils
|
|||
cidx = blob.index("NTLMSSP\x00\x02\x00\x00\x00")
|
||||
|
||||
if not cidx
|
||||
raise XCEPT::NTLMMissingChallenge
|
||||
raise Rex::Proto::NTLM::Exceptions::NTLMMissingChallenge
|
||||
end
|
||||
|
||||
data[:challenge_key] = blob[cidx + 24, 8]
|
||||
|
@ -501,12 +495,14 @@ class Utils
|
|||
if send_ntlm #should be default
|
||||
if usentlm2_session
|
||||
if use_ntlmv2
|
||||
ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
|
||||
dns_host_name,client_challenge ,
|
||||
ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(
|
||||
default_domain, default_name, dns_domain_name,
|
||||
dns_host_name,client_challenge,
|
||||
chall_MsvAvTimestamp, spnopt)
|
||||
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
argntlm = {
|
||||
:ntlmv2_hash => CRYPT::ntlmv2_hash(
|
||||
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(
|
||||
user,
|
||||
[ pass.upcase()[33,65] ].pack('H32'),
|
||||
domain,{:pass_is_hash => true}
|
||||
|
@ -515,19 +511,19 @@ class Utils
|
|||
}
|
||||
else
|
||||
argntlm = {
|
||||
:ntlmv2_hash => CRYPT::ntlmv2_hash(user, pass, domain),
|
||||
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(user, pass, domain),
|
||||
:challenge => challenge_key
|
||||
}
|
||||
end
|
||||
|
||||
optntlm = { :nt_client_challenge => ntlm_cli_challenge}
|
||||
ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
|
||||
ntlmv2_response = Rex::Proto::NTLM::Crypt::ntlmv2_response(argntlm,optntlm)
|
||||
resp_ntlm = ntlmv2_response
|
||||
|
||||
if send_lm
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
arglm = {
|
||||
:ntlmv2_hash => CRYPT::ntlmv2_hash(
|
||||
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(
|
||||
user,
|
||||
[ pass.upcase()[33,65] ].pack('H32'),
|
||||
domain,{:pass_is_hash => true}
|
||||
|
@ -536,13 +532,13 @@ class Utils
|
|||
}
|
||||
else
|
||||
arglm = {
|
||||
:ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
|
||||
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(user,pass, domain),
|
||||
:challenge => challenge_key
|
||||
}
|
||||
end
|
||||
|
||||
optlm = { :client_challenge => client_challenge }
|
||||
resp_lm = CRYPT::lmv2_response(arglm, optlm)
|
||||
resp_lm = Rex::Proto::NTLM::Crypt::lmv2_response(arglm, optlm)
|
||||
else
|
||||
resp_lm = "\x00" * 24
|
||||
end
|
||||
|
@ -555,13 +551,13 @@ class Utils
|
|||
}
|
||||
else
|
||||
argntlm = {
|
||||
:ntlm_hash => CRYPT::ntlm_hash(pass),
|
||||
:ntlm_hash => Rex::Proto::NTLM::Crypt::ntlm_hash(pass),
|
||||
:challenge => challenge_key
|
||||
}
|
||||
end
|
||||
|
||||
optntlm = { :client_challenge => client_challenge}
|
||||
resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
|
||||
resp_ntlm = Rex::Proto::NTLM::Crypt::ntlm2_session(argntlm,optntlm).join[24,24]
|
||||
|
||||
# Generate the fake LANMAN hash
|
||||
resp_lm = client_challenge + ("\x00" * 16)
|
||||
|
@ -575,12 +571,12 @@ class Utils
|
|||
}
|
||||
else
|
||||
argntlm = {
|
||||
:ntlm_hash => CRYPT::ntlm_hash(pass),
|
||||
:ntlm_hash => Rex::Proto::NTLM::Crypt::ntlm_hash(pass),
|
||||
:challenge => challenge_key
|
||||
}
|
||||
end
|
||||
|
||||
resp_ntlm = CRYPT::ntlm_response(argntlm)
|
||||
resp_ntlm = Rex::Proto::NTLM::Crypt::ntlm_response(argntlm)
|
||||
if send_lm
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
arglm = {
|
||||
|
@ -589,11 +585,11 @@ class Utils
|
|||
}
|
||||
else
|
||||
arglm = {
|
||||
:lm_hash => CRYPT::lm_hash(pass),
|
||||
:lm_hash => Rex::Proto::NTLM::Crypt::lm_hash(pass),
|
||||
:challenge => challenge_key
|
||||
}
|
||||
end
|
||||
resp_lm = CRYPT::lm_response(arglm)
|
||||
resp_lm = Rex::Proto::NTLM::Crypt::lm_response(arglm)
|
||||
else
|
||||
#when windows does not send lm in ntlmv1 type response,
|
||||
# it gives lm response the same value as ntlm response
|
||||
|
@ -605,7 +601,7 @@ class Utils
|
|||
if usentlm2_session && use_ntlmv2
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
arglm = {
|
||||
:ntlmv2_hash => CRYPT::ntlmv2_hash(
|
||||
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(
|
||||
user,
|
||||
[ pass.upcase()[33,65] ].pack('H32'),
|
||||
domain,{:pass_is_hash => true}
|
||||
|
@ -614,12 +610,12 @@ class Utils
|
|||
}
|
||||
else
|
||||
arglm = {
|
||||
:ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
|
||||
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(user,pass, domain),
|
||||
:challenge => challenge_key
|
||||
}
|
||||
end
|
||||
optlm = { :client_challenge => client_challenge }
|
||||
resp_lm = CRYPT::lmv2_response(arglm, optlm)
|
||||
resp_lm = Rex::Proto::NTLM::Crypt::lmv2_response(arglm, optlm)
|
||||
else
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
arglm = {
|
||||
|
@ -628,11 +624,11 @@ class Utils
|
|||
}
|
||||
else
|
||||
arglm = {
|
||||
:lm_hash => CRYPT::lm_hash(pass),
|
||||
:lm_hash => Rex::Proto::NTLM::Crypt::lm_hash(pass),
|
||||
:challenge => challenge_key
|
||||
}
|
||||
end
|
||||
resp_lm = CRYPT::lm_response(arglm)
|
||||
resp_lm = Rex::Proto::NTLM::Crypt::lm_response(arglm)
|
||||
end
|
||||
resp_ntlm = ""
|
||||
end
|
||||
|
@ -664,20 +660,20 @@ class Utils
|
|||
# Remove ntlmssp.negotiate128
|
||||
ntlmssp_flags &= 0xdfffffff
|
||||
# Check the keyexchange
|
||||
if server_ntlmssp_flags & CONST::NEGOTIATE_KEY_EXCH != 0 then
|
||||
if server_ntlmssp_flags & Rex::Proto::NTLM::Constants::NEGOTIATE_KEY_EXCH != 0 then
|
||||
key_exchange = true
|
||||
ntlmssp_flags |= CONST::NEGOTIATE_KEY_EXCH
|
||||
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_KEY_EXCH
|
||||
end
|
||||
# Check 128bits
|
||||
if server_ntlmssp_flags & CONST::NEGOTIATE_128 != 0 then
|
||||
if server_ntlmssp_flags & Rex::Proto::NTLM::Constants::NEGOTIATE_128 != 0 then
|
||||
key_size = 128
|
||||
ntlmssp_flags |= CONST::NEGOTIATE_128
|
||||
ntlmssp_flags |= CONST::NEGOTIATE_56
|
||||
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_128
|
||||
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_56
|
||||
# Check 56bits
|
||||
else
|
||||
if server_ntlmssp_flags & CONST::NEGOTIATE_56 != 0 then
|
||||
if server_ntlmssp_flags & Rex::Proto::NTLM::Constants::NEGOTIATE_56 != 0 then
|
||||
key_size = 56
|
||||
ntlmssp_flags |= CONST::NEGOTIATE_56
|
||||
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_56
|
||||
end
|
||||
end
|
||||
# Generate the user session key
|
||||
|
@ -686,23 +682,23 @@ class Utils
|
|||
if usentlm2_session
|
||||
if use_ntlmv2
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
user_session_key = CRYPT::ntlmv2_user_session_key(user,
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv2_user_session_key(user,
|
||||
[ pass.upcase()[33,65] ].pack('H32'),
|
||||
domain,
|
||||
challenge_key, ntlm_cli_challenge,
|
||||
{:pass_is_hash => true})
|
||||
else
|
||||
user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv2_user_session_key(user, pass, domain,
|
||||
challenge_key, ntlm_cli_challenge)
|
||||
end
|
||||
else
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
|
||||
challenge_key,
|
||||
client_challenge,
|
||||
{:pass_is_hash => true})
|
||||
else
|
||||
user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::ntlm2_session_user_session_key(pass, challenge_key,
|
||||
client_challenge)
|
||||
end
|
||||
end
|
||||
|
@ -711,63 +707,56 @@ class Utils
|
|||
# so we don't care about this feature
|
||||
if send_lm && use_lanman_key
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
||||
challenge_key,
|
||||
{:pass_is_hash => true})
|
||||
else
|
||||
user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::lanman_session_key(pass, challenge_key)
|
||||
end
|
||||
lanman_weak = true
|
||||
|
||||
|
||||
else
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
user_session_key = CRYPT::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
|
||||
{:pass_is_hash => true})
|
||||
else
|
||||
user_session_key = CRYPT::ntlmv1_user_session_key(pass)
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv1_user_session_key(pass)
|
||||
end
|
||||
end
|
||||
end
|
||||
else
|
||||
if usentlm2_session && use_ntlmv2
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
|
||||
domain,
|
||||
challenge_key, client_challenge,
|
||||
{:pass_is_hash => true})
|
||||
else
|
||||
user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::lmv2_user_session_key(user, pass, domain,
|
||||
challenge_key, client_challenge)
|
||||
end
|
||||
else
|
||||
if self.is_pass_ntlm_hash?(pass)
|
||||
user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
|
||||
{:pass_is_hash => true})
|
||||
else
|
||||
user_session_key = CRYPT::lmv1_user_session_key(pass)
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::lmv1_user_session_key(pass)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
|
||||
user_session_key = Rex::Proto::NTLM::Crypt::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
|
||||
|
||||
# Sessionkey and encrypted session key
|
||||
if key_exchange
|
||||
signing_key = Rex::Text.rand_text(16)
|
||||
enc_session_key = CRYPT::encrypt_sessionkey(signing_key, user_session_key)
|
||||
enc_session_key = Rex::Proto::NTLM::Crypt::encrypt_sessionkey(signing_key, user_session_key)
|
||||
else
|
||||
signing_key = user_session_key
|
||||
end
|
||||
|
||||
return signing_key, enc_session_key, ntlmssp_flags
|
||||
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue