Return the Session Key by asking the DC.
(self, Context, ntlm)
| 2185 | self.ssp = ssp |
| 2186 | |
| 2187 | def _getSessionBaseKey(self, Context, ntlm): |
| 2188 | """ |
| 2189 | Return the Session Key by asking the DC. |
| 2190 | """ |
| 2191 | # No user / no domain: skip. |
| 2192 | if not ntlm.UserNameLen or not ntlm.DomainNameLen: |
| 2193 | return super(NTLMSSP_DOMAIN, self)._getSessionBaseKey(Context, ntlm) |
| 2194 | |
| 2195 | # Import RPC stuff |
| 2196 | from scapy.layers.dcerpc import NDRUnion |
| 2197 | from scapy.layers.msrpce.msnrpc import ( |
| 2198 | NETLOGON_SECURE_CHANNEL_METHOD, |
| 2199 | NetlogonClient, |
| 2200 | ) |
| 2201 | from scapy.layers.msrpce.raw.ms_nrpc import ( |
| 2202 | NETLOGON_LOGON_IDENTITY_INFO, |
| 2203 | NetrLogonSamLogonWithFlags_Request, |
| 2204 | PNETLOGON_AUTHENTICATOR, |
| 2205 | PNETLOGON_NETWORK_INFO, |
| 2206 | STRING, |
| 2207 | UNICODE_STRING, |
| 2208 | ) |
| 2209 | |
| 2210 | # Create NetlogonClient with PRIVACY |
| 2211 | client = NetlogonClient() |
| 2212 | client.connect(self.DC_FQDN) |
| 2213 | |
| 2214 | # Establish the Netlogon secure channel (this will bind) |
| 2215 | try: |
| 2216 | if self.ssp is None and self.KEY is None: |
| 2217 | # Login via classic NetlogonSSP |
| 2218 | client.establish_secure_channel( |
| 2219 | mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3, |
| 2220 | UPN=f"{self.COMPUTER_NB_NAME}@{self.DOMAIN_NB_NAME}", |
| 2221 | DC_FQDN=self.DC_FQDN, |
| 2222 | HASHNT=self.HASHNT, |
| 2223 | ) |
| 2224 | else: |
| 2225 | # Login via KerberosSSP (Windows 2025) |
| 2226 | client.establish_secure_channel( |
| 2227 | mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticateKerberos, |
| 2228 | UPN=self.UPN, |
| 2229 | DC_FQDN=self.DC_FQDN, |
| 2230 | PASSWORD=self.PASSWORD, |
| 2231 | KEY=self.KEY, |
| 2232 | ssp=self.ssp, |
| 2233 | ) |
| 2234 | except ValueError: |
| 2235 | log_runtime.warning( |
| 2236 | "Couldn't establish the Netlogon secure channel. " |
| 2237 | "Check the credentials for '%s' !" % self.COMPUTER_NB_NAME |
| 2238 | ) |
| 2239 | return super(NTLMSSP_DOMAIN, self)._getSessionBaseKey(Context, ntlm) |
| 2240 | |
| 2241 | # Request validation of the NTLM request |
| 2242 | req = NetrLogonSamLogonWithFlags_Request( |
| 2243 | LogonServer="", |
| 2244 | ComputerName=self.COMPUTER_NB_NAME, |
nothing calls this directly
no test coverage detected