75 lines
3.1 KiB
Ruby
75 lines
3.1 KiB
Ruby
module Rex
|
|
module Proto
|
|
module NTLM
|
|
class Constants
|
|
|
|
SSP_SIGN = "NTLMSSP\0"
|
|
BLOB_SIGN = 0x00000101
|
|
LM_MAGIC = "KGS!@\#$%"
|
|
TIME_OFFSET = 11644473600
|
|
MAX64 = 0xffffffffffffffff
|
|
|
|
FLAGS = {
|
|
:UNICODE => 0x00000001,
|
|
:OEM => 0x00000002,
|
|
:REQUEST_TARGET => 0x00000004,
|
|
#:UNKNOWN => 0x00000008,
|
|
:SIGN => 0x00000010,
|
|
:SEAL => 0x00000020,
|
|
#:UNKNOWN => 0x00000040,
|
|
:NETWARE => 0x00000100,
|
|
:NTLM => 0x00000200,
|
|
#:UNKNOWN => 0x00000400,
|
|
#:UNKNOWN => 0x00000800,
|
|
:DOMAIN_SUPPLIED => 0x00001000,
|
|
:WORKSTATION_SUPPLIED => 0x00002000,
|
|
:LOCAL_CALL => 0x00004000,
|
|
:ALWAYS_SIGN => 0x00008000,
|
|
:TARGET_TYPE_DOMAIN => 0x00010000,
|
|
:TARGET_INFO => 0x00800000,
|
|
:NTLM2_KEY => 0x00080000,
|
|
:KEY128 => 0x20000000,
|
|
:KEY56 => 0x80000000
|
|
}
|
|
|
|
FLAG_KEYS = FLAGS.keys.sort{|a, b| FLAGS[a] <=> FLAGS[b] }
|
|
|
|
DEFAULT_FLAGS = {
|
|
:TYPE1 => FLAGS[:UNICODE] | FLAGS[:OEM] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY],
|
|
:TYPE2 => FLAGS[:UNICODE],
|
|
:TYPE3 => FLAGS[:UNICODE] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY]
|
|
}
|
|
|
|
# NTLM Response Type
|
|
NTLM_V1_RESPONSE = 1
|
|
NTLM_V2_RESPONSE = 2
|
|
NTLM_2_SESSION_RESPONSE = 3
|
|
|
|
#the same flags but merged from lib/rex/proto/smb/constants and keeped for compatibility
|
|
# NTLMSSP Message Flags
|
|
NEGOTIATE_UNICODE = 0x00000001 # Only set if Type 1 contains it - this or oem, not both
|
|
NEGOTIATE_OEM = 0x00000002 # Only set if Type 1 contains it - this or unicode, not both
|
|
REQUEST_TARGET = 0x00000004 # If set in Type 1, must return domain or server
|
|
NEGOTIATE_SIGN = 0x00000010 # Session signature required
|
|
NEGOTIATE_SEAL = 0x00000020 # Session seal required
|
|
NEGOTIATE_LMKEY = 0x00000080 # LM Session Key should be used for signing and sealing
|
|
NEGOTIATE_NTLM = 0x00000200 # NTLM auth is supported
|
|
NEGOTIATE_ANONYMOUS = 0x00000800 # Anonymous context used
|
|
NEGOTIATE_DOMAIN = 0x00001000 # Sent in Type1, client gives domain info
|
|
NEGOTIATE_WORKSTATION = 0x00002000 # Sent in Type1, client gives workstation info
|
|
NEGOTIATE_LOCAL_CALL = 0x00004000 # Server and client are on same machine
|
|
NEGOTIATE_ALWAYS_SIGN = 0x00008000 # Add signatures to packets
|
|
TARGET_TYPE_DOMAIN = 0x00010000 # If REQUEST_TARGET, we're adding the domain name
|
|
TARGET_TYPE_SERVER = 0x00020000 # If REQUEST_TARGET, we're adding the server name
|
|
TARGET_TYPE_SHARE = 0x00040000 # Supposed to denote "a share" but for a webserver?
|
|
NEGOTIATE_NTLM2_KEY = 0x00080000 # NTLMv2 Signature and Key exchanges
|
|
NEGOTIATE_TARGET_INFO = 0x00800000 # Server set when sending Target Information Block
|
|
NEGOTIATE_128 = 0x20000000 # 128-bit encryption supported
|
|
NEGOTIATE_KEY_EXCH = 0x40000000 # Client will supply encrypted master key in Session Key field of Type3 msg
|
|
NEGOTIATE_56 = 0x80000000 # 56-bit encryption supported
|
|
|
|
end
|
|
end
|
|
end
|
|
end
|