forked from vanhauser-thc/thc-hydra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ntlm.h
146 lines (105 loc) · 4.3 KB
/
ntlm.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
/* $Id$
Single file NTLM system to create and parse authentication messages.
http://www.reversing.org
ilo-- ilo@reversing.org
I did copy&paste&modify several files to leave independent NTLM code
that compile in cygwin/linux environment. Most of the code was ripped
from Samba implementation so I left the Copying statement. Samba core
code was left unmodified from 1.9 version.
Also libntlm was ripped but rewrote, due to fixed and useless interface.
Copyright and licensing information is in ntlm.c file.
NTLM Interface, just two functions:
void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain);
if flags is 0 minimun security level is selected, otherwise new value superseeds.
host and domain are optional, they may be NULLed.
void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host);
Given a challenge, generates a response for that user/passwd/host/domain.
flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication
This is an usage sample:
...
//beware of fixed sized buffer, asserts may fail, don't use long strings :)
//Yes, I Know, year 2k6 and still with this shit..
unsigned char buf[4096];
unsigned char buf2[4096];
//send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL);
to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2));
send_to_server(buf);
//receive challenge
receive_from_server(buf);
//build response with hostname and domainname from server
buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL);
to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2));
send_to_server(buf);
//get reply and Check if ok
...
included bonus!!:
Base64 code
int from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int inlen);
You don't need to read the rest of the file.
*/
/*
* These structures are byte-order dependant, and should not
* be manipulated except by the use of the routines provided
*/
typedef unsigned short uint16;
typedef unsigned int uint32;
typedef unsigned char uint8;
typedef struct {
uint16 len;
uint16 maxlen;
uint32 offset;
} tSmbStrHeader;
typedef struct {
char ident[8];
uint32 msgType;
uint32 flags;
tSmbStrHeader host;
tSmbStrHeader domain;
uint8 buffer[1024];
uint32 bufIndex;
} tSmbNtlmAuthRequest;
typedef struct {
char ident[8];
uint32 msgType;
tSmbStrHeader uDomain;
uint32 flags;
uint8 challengeData[8];
uint8 reserved[8];
tSmbStrHeader emptyString;
uint8 buffer[1024];
uint32 bufIndex;
} tSmbNtlmAuthChallenge;
typedef struct {
char ident[8];
uint32 msgType;
tSmbStrHeader lmResponse;
tSmbStrHeader ntResponse;
tSmbStrHeader uDomain;
tSmbStrHeader uUser;
tSmbStrHeader uWks;
tSmbStrHeader sessionKey;
uint32 flags;
uint8 buffer[1024];
uint32 bufIndex;
} tSmbNtlmAuthResponse;
extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain);
/* reversing interface */
/* ntlm functions */
void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain);
// if flags is 0 minimun security level is selected, otherwise new value superseeds.
// host and domain are optional, they may be NULLed.
void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host);
//Given a challenge, generates a response for that user/passwd/host/domain.
//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication
/* Base64 code*/
int from64tobits(char *out, const char *in);
void to64frombits(unsigned char *out, const unsigned char *in, int inlen);
void xor(char *out, char *in1, char *in2, int n);
// info functions
void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request);
void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge);
void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response);
void strupper(char *s);
#define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex)