Python impacket.ntlm.NTLMSSP_AV_HOSTNAME Examples
The following are 3
code examples of impacket.ntlm.NTLMSSP_AV_HOSTNAME().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.ntlm
, or try the search function
.
.
Example #1
| Source File: httprelayserver.py From GhostPotato with MIT License | 5 votes |
|
def do_ntlm_negotiate(self, token, proxy):
if self.target.scheme.upper() in self.server.config.protocolClients:
self.client = self.server.config.protocolClients[self.target.scheme.upper()](self.server.config, self.target)
# If connection failed, return
if not self.client.initConnection():
return False
self.challengeMessage = self.client.sendNegotiate(token)
# Remove target NetBIOS field from the NTLMSSP_CHALLENGE
if self.server.config.remove_target:
av_pairs = ntlm.AV_PAIRS(self.challengeMessage['TargetInfoFields'])
del av_pairs[ntlm.NTLMSSP_AV_HOSTNAME]
self.challengeMessage['TargetInfoFields'] = av_pairs.getData()
self.challengeMessage['TargetInfoFields_len'] = len(av_pairs.getData())
self.challengeMessage['TargetInfoFields_max_len'] = len(av_pairs.getData())
# Check for errors
if self.challengeMessage is False:
return False
else:
LOG.error('Protocol Client for %s not found!' % self.target.scheme.upper())
return False
#Calculate auth
self.do_AUTHHEAD(message = b'NTLM '+base64.b64encode(self.challengeMessage.getData()), proxy=proxy)
return True
Example #2
| Source File: httprelayserver.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def do_ntlm_negotiate(self, token, proxy):
if self.target.scheme.upper() in self.server.config.protocolClients:
self.client = self.server.config.protocolClients[self.target.scheme.upper()](self.server.config, self.target)
# If connection failed, return
if not self.client.initConnection():
return False
self.challengeMessage = self.client.sendNegotiate(token)
# Remove target NetBIOS field from the NTLMSSP_CHALLENGE
if self.server.config.remove_target:
av_pairs = ntlm.AV_PAIRS(self.challengeMessage['TargetInfoFields'])
del av_pairs[ntlm.NTLMSSP_AV_HOSTNAME]
self.challengeMessage['TargetInfoFields'] = av_pairs.getData()
self.challengeMessage['TargetInfoFields_len'] = len(av_pairs.getData())
self.challengeMessage['TargetInfoFields_max_len'] = len(av_pairs.getData())
# Check for errors
if self.challengeMessage is False:
return False
else:
LOG.error('Protocol Client for %s not found!' % self.target.scheme.upper())
return False
#Calculate auth
self.do_AUTHHEAD(message = b'NTLM '+base64.b64encode(self.challengeMessage.getData()), proxy=proxy)
return True
Example #3
| Source File: scan.py From cve-2019-1040-scanner with MIT License | 5 votes |
|
def mod_computeResponseNTLMv2(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash='',
nthash='', use_ntlmv2=USE_NTLMv2, check=False):
responseServerVersion = b'\x01'
hiResponseServerVersion = b'\x01'
responseKeyNT = NTOWFv2(user, password, domain, nthash)
av_pairs = AV_PAIRS(serverName)
av_pairs[NTLMSSP_AV_TARGET_NAME] = 'cifs/'.encode('utf-16le') + av_pairs[NTLMSSP_AV_HOSTNAME][1]
if av_pairs[NTLMSSP_AV_TIME] is not None:
aTime = av_pairs[NTLMSSP_AV_TIME][1]
else:
aTime = struct.pack('<q', (116444736000000000 + calendar.timegm(time.gmtime()) * 10000000))
av_pairs[NTLMSSP_AV_TIME] = aTime
av_pairs[NTLMSSP_AV_FLAGS] = b'\x02' + b'\x00' * 3
serverName = av_pairs.getData()
temp = responseServerVersion + hiResponseServerVersion + b'\x00' * 6 + aTime + clientChallenge + b'\x00' * 4 + \
serverName + b'\x00' * 4
ntProofStr = hmac_md5(responseKeyNT, serverChallenge + temp)
ntChallengeResponse = ntProofStr + temp
lmChallengeResponse = hmac_md5(responseKeyNT, serverChallenge + clientChallenge) + clientChallenge
sessionBaseKey = hmac_md5(responseKeyNT, ntProofStr)
return ntChallengeResponse, lmChallengeResponse, sessionBaseKey
