Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix HTTP WWW-Authenticate header parsing #113

Merged
merged 1 commit into from
May 1, 2020
Merged

fix HTTP WWW-Authenticate header parsing #113

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 36 additions & 4 deletions autodiscover/autodiscover.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,10 +355,6 @@ func autodiscover(domain string, mapi bool) (*utils.AutodiscoverResp, string, er

defer resp.Body.Close()

if resp.StatusCode == 401 || resp.StatusCode == 403 {
return nil, autodiscoverURL, fmt.Errorf("Access denied. Check your credentials")
}

body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, "", err
Expand Down Expand Up @@ -405,6 +401,42 @@ func autodiscover(domain string, mapi bool) (*utils.AutodiscoverResp, string, er
SessionConfig.Email = secondaryEmail
return autodiscover(domain, mapi)
}

if resp.StatusCode == 401 || resp.StatusCode == 403 {
var authMethods []string
var currentAuthMethod string
var found = false

if SessionConfig.Basic == true {
currentAuthMethod = "Basic"
} else {
currentAuthMethod = "NTLM"
}

for _, header := range resp.Header[http.CanonicalHeaderKey("WWW-Authenticate")] {
authMethods = append(authMethods, header)

if strings.HasPrefix(header, currentAuthMethod) {
found = true
}
}

if !found {
if SessionConfig.Verbose == true {
utils.Trace.Printf("Available authentication scheme(s): %s", strings.Join(authMethods, ", "))
}

err := "It looks like that this authentication scheme is not supported"
if SessionConfig.Basic == true {
err += ". Try to remove --basic option or specify --rpc option"
}

return nil, "", fmt.Errorf(err)
}

return nil, autodiscoverURL, fmt.Errorf("Access denied. Check your credentials")
}

if m, _ := regexp.Match("http[s]?://", []byte(domain)); m == true {
return nil, "", fmt.Errorf("Failed to authenticate: StatusCode [%d]\n", resp.StatusCode)
}
Expand Down
10 changes: 7 additions & 3 deletions http-ntlm/ntlmtransport.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,13 @@ func (t NtlmTransport) RoundTrip(req *http.Request) (res *http.Response, err err
return nil, err
}

// retrieve Www-Authenticate header from response

ntlmChallengeHeader := resp.Header.Get("WWW-Authenticate")
// retrieve WWW-Authenticate header from response
ntlmChallengeHeader := ""
for _, header := range resp.Header[http.CanonicalHeaderKey("WWW-Authenticate")] {
if strings.HasPrefix(header, "NTLM") {
ntlmChallengeHeader = header
}
}
if ntlmChallengeHeader == "" {
return nil, errors.New("Wrong WWW-Authenticate header")
}
Expand Down
42 changes: 39 additions & 3 deletions mapi/mapi.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"net/url"
"regexp"
"runtime"
"strings"
"time"

"github.com/sensepost/ruler/http-ntlm"
Expand Down Expand Up @@ -191,17 +192,52 @@ func mapiRequestHTTP(URL, mapiType string, body []byte) ([]byte, error) {
return nil, err //&TransportError{err}
}
}

defer resp.Body.Close()

if resp == nil {
return nil, &TransportError{fmt.Errorf("Empty HTTP Response")}
}

if resp.StatusCode == 401 || resp.StatusCode == 403 {
var authMethods []string
var currentAuthMethod string
var found = false

if AuthSession.Basic == true {
currentAuthMethod = "Basic"
} else {
currentAuthMethod = "NTLM"
}

for _, header := range resp.Header[http.CanonicalHeaderKey("WWW-Authenticate")] {
authMethods = append(authMethods, header)

if strings.HasPrefix(header, currentAuthMethod) {
found = true
}
}

if !found {
if AuthSession.Verbose == true {
utils.Trace.Printf("Available authentication scheme(s): %s", strings.Join(authMethods, ", "))
}

err := "It looks like that this authentication scheme is not supported"
if AuthSession.Basic == true {
err += ". Try to remove --basic option or specify --rpc option"
}

return nil, fmt.Errorf(err)
}
}

rbody, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, &TransportError{err}
}
responseBody, err := readResponse(resp.Header, rbody)
if resp != nil {
defer resp.Body.Close()
}

return responseBody, err
}

Expand Down
9 changes: 6 additions & 3 deletions rpc-http/rpctransport.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,12 @@ func setupHTTP(rpctype string, URL string, ntlmAuth bool, full bool) (net.Conn,
ntlmChallengeHeader := ""
for _, v := range parts {
if n := strings.Split(v, ": "); len(n) > 0 {
if n[0] == "WWW-Authenticate" {
ntlmChallengeHeader = n[1]
break
//sometimes header name may be WWW or Www
if strings.ToLower(n[0]) == strings.ToLower("WWW-Authenticate") {
if strings.HasPrefix(n[1], "NTLM") {
ntlmChallengeHeader = n[1]
break
}
}
}
}
Expand Down