Module: Net::NTLM

Defined in:
lib/watobo/external/ntlm/ntlm.rb

Defined Under Namespace

Modules: VERSION Classes: Field, FieldSet, Int16LE, Int32LE, Int64LE, Message, SecurityBuffer, String

Constant Summary collapse

SSP_SIGN =
"NTLMSSP\0"
BLOB_SIGN =
0x00000101
LM_MAGIC =
"[email protected]\#$%"
TIME_OFFSET =
11644473600
MAX64 =
0xffffffffffffffff
FLAGS =
{
  :UNICODE              => 0x00000001,
  :OEM                  => 0x00000002,
  :REQUEST_TARGET       => 0x00000004,
  #   :UNKNOWN              => 0x00000008,
  :SIGN                 => 0x00000010,
  :SEAL                 => 0x00000020,
  #   :UNKNOWN              => 0x00000040,
  :NETWARE              => 0x00000100,
  :NTLM                 => 0x00000200,
  #   :UNKNOWN              => 0x00000400,
  #   :UNKNOWN              => 0x00000800,
  :DOMAIN_SUPPLIED      => 0x00001000,
  :WORKSTATION_SUPPLIED => 0x00002000,
  :LOCAL_CALL           => 0x00004000,
  :ALWAYS_SIGN          => 0x00008000,
  :TARGET_TYPE_DOMAIN   => 0x00010000,
  :TARGET_INFO          => 0x00800000,
  :NTLM2_KEY            => 0x00080000,
  :KEY128               => 0x20000000,
  :KEY56                => 0x80000000
}
FLAG_KEYS =
FLAGS.keys.sort{|a, b| FLAGS[a] <=> FLAGS[b] }
DEFAULT_FLAGS =
{
  :TYPE1 => FLAGS[:UNICODE] | FLAGS[:OEM] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY],
  :TYPE2 => FLAGS[:UNICODE],
  :TYPE3 => FLAGS[:UNICODE] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY]
}
Blob =
FieldSet.define {
  int32LE    :blob_signature,   {:value => BLOB_SIGN}
  int32LE    :reserved,         {:value => 0}
  int64LE    :timestamp,      {:value => 0}
  string     :challenge,      {:value => "", :size => 8}
  int32LE    :unknown1,     {:value => 0}
  string     :target_info,      {:value => "", :size => 0}
  int32LE    :unknown2,         {:value => 0}
}

Class Method Summary collapse

Class Method Details

.apply_des(plain, keys) ⇒ Object


153
154
155
156
157
158
159
# File 'lib/watobo/external/ntlm/ntlm.rb', line 153

def apply_des(plain, keys)
  dec = OpenSSL::Cipher::DES.new
  keys.map {|k|
    dec.key = k
    dec.encrypt.update(plain)
  }
end

.decode_utf16le(str) ⇒ Object


121
122
123
# File 'lib/watobo/external/ntlm/ntlm.rb', line 121

def decode_utf16le(str)
  Kconv.kconv(swap16(str), Kconv::ASCII, Kconv::UTF16)
end

.encode_utf16le(str) ⇒ Object


125
126
127
# File 'lib/watobo/external/ntlm/ntlm.rb', line 125

def encode_utf16le(str)
  swap16(Kconv.kconv(str, Kconv::UTF16, Kconv::ASCII))
end

.gen_keys(str) ⇒ Object


145
146
147
148
149
150
151
# File 'lib/watobo/external/ntlm/ntlm.rb', line 145

def gen_keys(str)
  split7(str).map{ |str7| 
    bits = split7(str7.unpack("B*")[0]).inject('')\
      {|ret, tkn| ret += tkn + (tkn.gsub('1', '').size % 2).to_s }
    [bits].pack("B*")
  }
end

.lm_hash(password) ⇒ Object


161
162
163
164
# File 'lib/watobo/external/ntlm/ntlm.rb', line 161

def lm_hash(password)
  keys = gen_keys password.upcase.ljust(14, "\0")
  apply_des(LM_MAGIC, keys).join
end

.lm_response(arg) ⇒ Object

responses


184
185
186
187
188
189
190
191
192
193
194
# File 'lib/watobo/external/ntlm/ntlm.rb', line 184

def lm_response(arg)
  begin
    hash = arg[:lm_hash]
    chal = arg[:challenge]
  rescue
    raise ArgumentError
  end
  chal = NTL::pack_int64le(chal) if chal.is_a?(Integer)
  keys = gen_keys hash.ljust(21, "\0")
  apply_des(chal, keys).join
end

.lmv2_response(arg, opt = {}) ⇒ Object


238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# File 'lib/watobo/external/ntlm/ntlm.rb', line 238

def lmv2_response(arg, opt = {})
  key = arg[:ntlmv2_hash]
  chal = arg[:challenge]
  
  chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)

  if opt[:client_challenge]
    cc  = opt[:client_challenge]
  else
    cc = rand(MAX64)
  end
  cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)

  OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + cc) + cc
end

.ntlm2_session(arg, opt = {}) ⇒ Object


254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
# File 'lib/watobo/external/ntlm/ntlm.rb', line 254

def ntlm2_session(arg, opt = {})
  begin
    passwd_hash = arg[:ntlm_hash]
    chal = arg[:challenge]
  rescue
    raise ArgumentError
  end

  if opt[:client_challenge]
    cc  = opt[:client_challenge]
  else
    cc = rand(MAX64)
  end
  cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)

  keys = gen_keys passwd_hash.ljust(21, "\0")
  session_hash = OpenSSL::Digest::MD5.digest(chal + cc).slice(0, 8)
  response = apply_des(session_hash, keys).join
  [cc.ljust(24, "\0"), response]
end

.ntlm_hash(password, opt = {}) ⇒ Object


166
167
168
169
170
171
172
# File 'lib/watobo/external/ntlm/ntlm.rb', line 166

def ntlm_hash(password, opt = {})
  pwd = password.dup
  unless opt[:unicode]
    pwd = encode_utf16le(pwd)
  end
  OpenSSL::Digest::MD4.digest pwd
end

.ntlm_response(arg) ⇒ Object


196
197
198
199
200
201
202
# File 'lib/watobo/external/ntlm/ntlm.rb', line 196

def ntlm_response(arg)
  hash = arg[:ntlm_hash]
  chal = arg[:challenge]
  chal = NTL::pack_int64le(chal) if chal.is_a?(Integer)
  keys = gen_keys hash.ljust(21, "\0")
  apply_des(chal, keys).join
end

.ntlmv2_hash(user, password, target, opt = {}) ⇒ Object


174
175
176
177
178
179
180
181
# File 'lib/watobo/external/ntlm/ntlm.rb', line 174

def ntlmv2_hash(user, password, target, opt={})
  ntlmhash = ntlm_hash(password, opt)
  userdomain = (user + target).upcase
  unless opt[:unicode]
    userdomain = encode_utf16le(userdomain)
  end
  OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmhash, userdomain)
end

.ntlmv2_response(arg, opt = {}) ⇒ Object


204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
# File 'lib/watobo/external/ntlm/ntlm.rb', line 204

def ntlmv2_response(arg, opt = {})
  begin
    key = arg[:ntlmv2_hash]
    chal = arg[:challenge]
    ti = arg[:target_info]
  rescue
    raise ArgumentError
  end
  chal = NTL::pack_int64le(chal) if chal.is_a?(Integer)
  
  if opt[:client_challenge]
    cc  = opt[:client_challenge]
  else
    cc = rand(MAX64)
  end
  cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)

  if opt[:timestamp]
    ts = opt[:timestamp]
  else
    ts = Time.now.to_i
  end
  # epoch -> milsec from Jan 1, 1601
  ts = 10000000 * (ts + TIME_OFFSET)

  blob = Blob.new
  blob.timestamp = ts
  blob.challenge = cc
  blob.target_info = ti
  
  bb = blob.serialize
  OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + bb) + bb
end

.pack_int64le(val) ⇒ Object


129
130
131
# File 'lib/watobo/external/ntlm/ntlm.rb', line 129

def pack_int64le(val)
    [val & 0x00000000ffffffff, val >> 32].pack("V2")
end

.split7(str) ⇒ Object


137
138
139
140
141
142
143
# File 'lib/watobo/external/ntlm/ntlm.rb', line 137

def split7(str)
  s = str.dup
  until s.empty?
    (ret ||= []).push s.slice!(0, 7)
  end
  ret
end

.swap16(str) ⇒ Object


133
134
135
# File 'lib/watobo/external/ntlm/ntlm.rb', line 133

def swap16(str)
  str.unpack("v*").pack("n*")
end