infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

style updates, expand constants

GSoC/Meterpreter_Web_Console
Brent Cook 2018-05-07 00:13:59 -05:00
parent a4ecd43a8f
commit 3e7e1e59df
1 changed files with 656 additions and 667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
lib/rex/proto/ntlm/utils.rb
View File

@ -3,16 +3,10 @@ require 'rex/proto/ntlm/constants'
require 'rex/proto/ntlm/crypt'
require 'rex/proto/ntlm/exceptions'
module Rex
module Proto
module NTLM
class Utils
module Rex::Proto::NTLM
class Utils
CONST = Rex::Proto::NTLM::Constants
CRYPT = Rex::Proto::NTLM::Crypt
XCEPT = Rex::Proto::NTLM::Exceptions
#duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
# duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
# Convert a unix timestamp to a 64-bit signed server time
def self.time_unix_to_smb(unix_time)
t64 = (unix_time + 11644473600) * 10000000
@ -353,7 +347,7 @@ class Utils
if usentlm2_session
if use_ntlmv2
#set Negotiate Target Info
ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_TARGET_INFO
end
else
@ -361,7 +355,7 @@ class Utils
ntlmssp_flags &= 0xfff7ffff
#set lanmanflag only when lm and ntlm are sent
if send_lm
ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_LMKEY if use_lanman_key
end
end
@ -379,7 +373,7 @@ class Utils
cidx = blob.index("NTLMSSP\x00\x02\x00\x00\x00")
if not cidx
raise XCEPT::NTLMMissingChallenge
raise Rex::Proto::NTLM::Exceptions::NTLMMissingChallenge
end
data[:challenge_key] = blob[cidx + 24, 8]
@ -501,12 +495,14 @@ class Utils
if send_ntlm #should be default
if usentlm2_session
if use_ntlmv2
ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
dns_host_name,client_challenge ,
ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(
default_domain, default_name, dns_domain_name,
dns_host_name,client_challenge,
chall_MsvAvTimestamp, spnopt)
if self.is_pass_ntlm_hash?(pass)
argntlm = {
:ntlmv2_hash => CRYPT::ntlmv2_hash(
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(
user,
[ pass.upcase()[33,65] ].pack('H32'),
domain,{:pass_is_hash => true}
@ -515,19 +511,19 @@ class Utils
}
else
argntlm = {
:ntlmv2_hash => CRYPT::ntlmv2_hash(user, pass, domain),
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(user, pass, domain),
:challenge => challenge_key
}
end
optntlm = { :nt_client_challenge => ntlm_cli_challenge}
ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
ntlmv2_response = Rex::Proto::NTLM::Crypt::ntlmv2_response(argntlm,optntlm)
resp_ntlm = ntlmv2_response
if send_lm
if self.is_pass_ntlm_hash?(pass)
arglm = {
:ntlmv2_hash => CRYPT::ntlmv2_hash(
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(
user,
[ pass.upcase()[33,65] ].pack('H32'),
domain,{:pass_is_hash => true}
@ -536,13 +532,13 @@ class Utils
}
else
arglm = {
:ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(user,pass, domain),
:challenge => challenge_key
}
end
optlm = { :client_challenge => client_challenge }
resp_lm = CRYPT::lmv2_response(arglm, optlm)
resp_lm = Rex::Proto::NTLM::Crypt::lmv2_response(arglm, optlm)
else
resp_lm = "\x00" * 24
end
@ -555,13 +551,13 @@ class Utils
}
else
argntlm = {
:ntlm_hash => CRYPT::ntlm_hash(pass),
:ntlm_hash => Rex::Proto::NTLM::Crypt::ntlm_hash(pass),
:challenge => challenge_key
}
end
optntlm = { :client_challenge => client_challenge}
resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
resp_ntlm = Rex::Proto::NTLM::Crypt::ntlm2_session(argntlm,optntlm).join[24,24]
# Generate the fake LANMAN hash
resp_lm = client_challenge + ("\x00" * 16)
@ -575,12 +571,12 @@ class Utils
}
else
argntlm = {
:ntlm_hash => CRYPT::ntlm_hash(pass),
:ntlm_hash => Rex::Proto::NTLM::Crypt::ntlm_hash(pass),
:challenge => challenge_key
}
end
resp_ntlm = CRYPT::ntlm_response(argntlm)
resp_ntlm = Rex::Proto::NTLM::Crypt::ntlm_response(argntlm)
if send_lm
if self.is_pass_ntlm_hash?(pass)
arglm = {
@ -589,11 +585,11 @@ class Utils
}
else
arglm = {
:lm_hash => CRYPT::lm_hash(pass),
:lm_hash => Rex::Proto::NTLM::Crypt::lm_hash(pass),
:challenge => challenge_key
}
end
resp_lm = CRYPT::lm_response(arglm)
resp_lm = Rex::Proto::NTLM::Crypt::lm_response(arglm)
else
#when windows does not send lm in ntlmv1 type response,
# it gives lm response the same value as ntlm response
@ -605,7 +601,7 @@ class Utils
if usentlm2_session && use_ntlmv2
if self.is_pass_ntlm_hash?(pass)
arglm = {
:ntlmv2_hash => CRYPT::ntlmv2_hash(
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(
user,
[ pass.upcase()[33,65] ].pack('H32'),
domain,{:pass_is_hash => true}
@ -614,12 +610,12 @@ class Utils
}
else
arglm = {
:ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
:ntlmv2_hash => Rex::Proto::NTLM::Crypt::ntlmv2_hash(user,pass, domain),
:challenge => challenge_key
}
end
optlm = { :client_challenge => client_challenge }
resp_lm = CRYPT::lmv2_response(arglm, optlm)
resp_lm = Rex::Proto::NTLM::Crypt::lmv2_response(arglm, optlm)
else
if self.is_pass_ntlm_hash?(pass)
arglm = {
@ -628,11 +624,11 @@ class Utils
}
else
arglm = {
:lm_hash => CRYPT::lm_hash(pass),
:lm_hash => Rex::Proto::NTLM::Crypt::lm_hash(pass),
:challenge => challenge_key
}
end
resp_lm = CRYPT::lm_response(arglm)
resp_lm = Rex::Proto::NTLM::Crypt::lm_response(arglm)
end
resp_ntlm = ""
end
@ -664,20 +660,20 @@ class Utils
# Remove ntlmssp.negotiate128
ntlmssp_flags &= 0xdfffffff
# Check the keyexchange
if server_ntlmssp_flags & CONST::NEGOTIATE_KEY_EXCH != 0 then
if server_ntlmssp_flags & Rex::Proto::NTLM::Constants::NEGOTIATE_KEY_EXCH != 0 then
key_exchange = true
ntlmssp_flags |= CONST::NEGOTIATE_KEY_EXCH
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_KEY_EXCH
end
# Check 128bits
if server_ntlmssp_flags & CONST::NEGOTIATE_128 != 0 then
if server_ntlmssp_flags & Rex::Proto::NTLM::Constants::NEGOTIATE_128 != 0 then
key_size = 128
ntlmssp_flags |= CONST::NEGOTIATE_128
ntlmssp_flags |= CONST::NEGOTIATE_56
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_128
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_56
# Check 56bits
else
if server_ntlmssp_flags & CONST::NEGOTIATE_56 != 0 then
if server_ntlmssp_flags & Rex::Proto::NTLM::Constants::NEGOTIATE_56 != 0 then
key_size = 56
ntlmssp_flags |= CONST::NEGOTIATE_56
ntlmssp_flags |= Rex::Proto::NTLM::Constants::NEGOTIATE_56
end
end
# Generate the user session key
@ -686,23 +682,23 @@ class Utils
if usentlm2_session
if use_ntlmv2
if self.is_pass_ntlm_hash?(pass)
user_session_key = CRYPT::ntlmv2_user_session_key(user,
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv2_user_session_key(user,
[ pass.upcase()[33,65] ].pack('H32'),
domain,
challenge_key, ntlm_cli_challenge,
{:pass_is_hash => true})
else
user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv2_user_session_key(user, pass, domain,
challenge_key, ntlm_cli_challenge)
end
else
if self.is_pass_ntlm_hash?(pass)
user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
user_session_key = Rex::Proto::NTLM::Crypt::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
challenge_key,
client_challenge,
{:pass_is_hash => true})
else
user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
user_session_key = Rex::Proto::NTLM::Crypt::ntlm2_session_user_session_key(pass, challenge_key,
client_challenge)
end
end
@ -711,63 +707,56 @@ class Utils
# so we don't care about this feature
if send_lm && use_lanman_key
if self.is_pass_ntlm_hash?(pass)
user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
user_session_key = Rex::Proto::NTLM::Crypt::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
challenge_key,
{:pass_is_hash => true})
else
user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
user_session_key = Rex::Proto::NTLM::Crypt::lanman_session_key(pass, challenge_key)
end
lanman_weak = true
else
if self.is_pass_ntlm_hash?(pass)
user_session_key = CRYPT::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
{:pass_is_hash => true})
else
user_session_key = CRYPT::ntlmv1_user_session_key(pass)
user_session_key = Rex::Proto::NTLM::Crypt::ntlmv1_user_session_key(pass)
end
end
end
else
if usentlm2_session && use_ntlmv2
if self.is_pass_ntlm_hash?(pass)
user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
user_session_key = Rex::Proto::NTLM::Crypt::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
domain,
challenge_key, client_challenge,
{:pass_is_hash => true})
else
user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
user_session_key = Rex::Proto::NTLM::Crypt::lmv2_user_session_key(user, pass, domain,
challenge_key, client_challenge)
end
else
if self.is_pass_ntlm_hash?(pass)
user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
user_session_key = Rex::Proto::NTLM::Crypt::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
{:pass_is_hash => true})
else
user_session_key = CRYPT::lmv1_user_session_key(pass)
user_session_key = Rex::Proto::NTLM::Crypt::lmv1_user_session_key(pass)
end
end
end
user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
user_session_key = Rex::Proto::NTLM::Crypt::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
# Sessionkey and encrypted session key
if key_exchange
signing_key = Rex::Text.rand_text(16)
enc_session_key = CRYPT::encrypt_sessionkey(signing_key, user_session_key)
enc_session_key = Rex::Proto::NTLM::Crypt::encrypt_sessionkey(signing_key, user_session_key)
else
signing_key = user_session_key
end
return signing_key, enc_session_key, ntlmssp_flags
end
end
end
end
end
end