Class: Rex::Proto::NTLM::Message::Type2

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/proto/ntlm/message.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.parse(str) ⇒ Object 



185
186
187
188
189
 
# File 'lib/rex/proto/ntlm/message.rb', line 185

def parse(str)
  t = new
  t.parse(str)
  t
end

Instance Method Details

#parse(str) ⇒ Object 



192
193
194
195
196
197
198
199
200
201
202
203
 
# File 'lib/rex/proto/ntlm/message.rb', line 192

def parse(str)
  super(str)
  if has_flag?(:TARGET_INFO)
    enable(:context)
    enable(:target_info)
    super(str)
  end
  if ( (len = data_edge - head_size) > 0)
    self.padding = "\0" * len
    super(str)
  end
end

#response(arg, opt = {}) ⇒ Object

create a type 3 response base on a type2 This mehod is not compatible with windows 7 / 2008 r2 to make it compatible avpair Time and SPN must be handle as in utils



207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
 
# File 'lib/rex/proto/ntlm/message.rb', line 207

def response(arg, opt = {})
  usr = arg[:user]
  pwd = arg[:password]
  if usr.nil? or pwd.nil?
    raise ArgumentError, "user and password have to be supplied"
  end

  if opt[:workstation]
    ws = opt[:workstation]
  else
    ws = ""
  end

  if opt[:client_challenge]
    cc  = opt[:client_challenge]
  else
    cc = rand(CONST::MAX64)
  end
  cc = Rex::Text::pack_int64le(cc) if cc.is_a?(Integer)
  opt[:client_challenge] = cc

  if has_flag?(:OEM) and opt[:unicode]
    usr = Rex::Text::to_ascii(usr,'utf-16le')
    pwd = Rex::Text::to_ascii(pwd,'utf-16le')
    ws  = Rex::Text::to_ascii(ws,'utf-16le')
    opt[:unicode] = false
  end

  if has_flag?(:UNICODE) and !opt[:unicode]
    usr = Rex::Text::to_unicode(usr,'utf-16le')
    pwd = Rex::Text::to_unicode(pwd,'utf-16le')
    ws  = Rex::Text::to_unicode(ws,'utf-16le')
    opt[:unicode] = true
  end

  tgt = self.target_name
  ti = self.target_info

  chal = self[:challenge].serialize

  if opt[:ntlmv2]
    ar = {	:ntlmv2_hash => CRYPT::ntlmv2_hash(usr, pwd, tgt, opt),
      :challenge => chal, :target_info => ti}
    lm_res = CRYPT::lmv2_response(ar, opt)
    ntlm_res = CRYPT::ntlmv2_response(ar, opt)
  elsif has_flag?(:NTLM2_KEY)
    ar = {:ntlm_hash => CRYPT::ntlm_hash(pwd, opt), :challenge => chal}
    lm_res, ntlm_res = CRYPT::ntlm2_session(ar, opt)
  else
    lm_res = CRYPT::lm_response(pwd, chal)
    ntlm_res = CRYPT::ntlm_response(pwd, chal)
  end

  Type3.create({
    :lm_response => lm_res,
    :ntlm_response => ntlm_res,
    :domain => tgt,
    :user => usr,
    :workstation => ws,
    :flag => self.flag
    })
end