MCPcopy
hub / github.com/fortra/impacket / _ntlm_auth

Method _ntlm_auth

impacket/smbserver.py:2984–3182  ·  view source on GitHub ↗
(token, connData, smbServer, rawNTLM)

Source from the content-addressed store, hash-verified

2982
2983 @staticmethod
2984 def _ntlm_auth(token, connData, smbServer, rawNTLM):
2985 # Here we only handle NTLMSSP, depending on what stage of the
2986 # authentication we are, we act on it
2987 messageType = struct.unpack('<L', token[len('NTLMSSP\x00'):len('NTLMSSP\x00') + 4])[0]
2988 respSMBCommand = smb2.SMB2SessionSetup_Response()
2989
2990 if messageType == 0x01:
2991 # NEGOTIATE_MESSAGE
2992 negotiateMessage = ntlm.NTLMAuthNegotiate()
2993 negotiateMessage.fromString(token)
2994 # Let's store it in the connection data
2995 connData['NEGOTIATE_MESSAGE'] = negotiateMessage
2996 # Let's build the answer flags
2997 # TODO: Parse all the flags. With this we're leaving some clients out
2998
2999 ansFlags = 0
3000
3001 if negotiateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_56:
3002 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_56
3003 if negotiateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_128:
3004 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_128
3005 if negotiateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH:
3006 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH
3007 if negotiateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
3008 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
3009 if negotiateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE:
3010 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_UNICODE
3011 if negotiateMessage['flags'] & ntlm.NTLM_NEGOTIATE_OEM:
3012 ansFlags |= ntlm.NTLM_NEGOTIATE_OEM
3013 if negotiateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_SIGN:
3014 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_SIGN
3015
3016 ansFlags |= ntlm.NTLMSSP_NEGOTIATE_VERSION | ntlm.NTLMSSP_NEGOTIATE_TARGET_INFO | ntlm.NTLMSSP_TARGET_TYPE_SERVER | ntlm.NTLMSSP_NEGOTIATE_NTLM | ntlm.NTLMSSP_REQUEST_TARGET
3017
3018 if smbServer._SMBSERVER__dropSSP:
3019 ansFlags = (ntlm.NTLMSSP_DROP_SSP_STATIC | 0)
3020 # Generate the AV_PAIRS
3021 av_pairs = ntlm.AV_PAIRS()
3022 # important for signing support, as NetrLogonSamLogonWithFlags checks these!
3023 if "." in smbServer.getServerDomain():
3024 av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME] = smbServer.getServerDomain().split(".")[0].upper().encode('utf-16le')
3025 av_pairs[ntlm.NTLMSSP_AV_DNS_DOMAINNAME] = smbServer.getServerDomain().encode('utf-16le')
3026 else:
3027 av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME] = av_pairs[ntlm.NTLMSSP_AV_DNS_DOMAINNAME] = smbServer.getServerDomain().upper().encode('utf-16le')
3028
3029 av_pairs[ntlm.NTLMSSP_AV_HOSTNAME] = av_pairs[ntlm.NTLMSSP_AV_DNS_HOSTNAME] = smbServer.getServerName().upper().encode('utf-16le')
3030 av_pairs[ntlm.NTLMSSP_AV_TIME] = struct.pack('<q', (
3031 116444736000000000 + calendar.timegm(time.gmtime()) * 10000000))
3032
3033 challengeMessage = ntlm.NTLMAuthChallenge()
3034 challengeMessage['flags'] = ansFlags
3035 challengeMessage['domain_len'] = len(smbServer.getServerDomain().encode('utf-16le'))
3036 challengeMessage['domain_max_len'] = challengeMessage['domain_len']
3037 challengeMessage['domain_offset'] = 40 + 16
3038 challengeMessage['challenge'] = smbServer.getSMBChallenge()
3039 challengeMessage['domain_name'] = smbServer.getServerDomain().encode('utf-16le')
3040 challengeMessage['TargetInfoFields_len'] = len(av_pairs)
3041 challengeMessage['TargetInfoFields_max_len'] = len(av_pairs)

Callers 1

smb2SessionSetupMethod · 0.80

Calls 15

fromStringMethod · 0.95
getDataMethod · 0.95
fromStringMethod · 0.95
setupConnectionMethod · 0.95
getDataMethod · 0.95
SPNEGO_NegTokenRespClass · 0.90
computeNTLMv2Function · 0.85
NetLogonClass · 0.85
outputToJohnFormatFunction · 0.85
writeJohnOutputToFileFunction · 0.85
encodeMethod · 0.80

Tested by

no test coverage detected