uint8_t *smb_lm2_response(smb_ntlmh *hash_v2, uint64_t srv_challenge, uint64_t user_challenge) { smb_buffer buf; smb_buffer_init(&buf, (void *)&user_challenge, 8); return (smb_ntlm2_response(hash_v2, srv_challenge, &buf)); }
void smb_buffer_free(smb_buffer *buf) { if (buf == NULL || buf->data == NULL) return; free(buf->data); smb_buffer_init(buf, NULL, 0); }
void smb_ntlmssp_response(uint64_t srv_challenge, uint64_t srv_ts, const char *host, const char *domain, const char *user, const char *password, smb_buffer *target, smb_buffer *token) { smb_ntlmssp_auth *auth; smb_ntlm_blob *blob; smb_ntlmh hash_v2, xkey, xkey_crypt; smb_buffer buf; void *lm2, *ntlm2; size_t blob_size, utf_sz, cursor = 0; uint64_t user_challenge; char *utf; assert(host != NULL && domain != NULL && user != NULL && password != NULL); assert(token != NULL && target != NULL); //// We compute most of the data first to know the final token size smb_ntlm2_hash(user, password, domain, &hash_v2); user_challenge = smb_ntlm_generate_challenge(); smb_ntlm_generate_xkey(&xkey); blob_size = smb_ntlm_make_blob(&blob, srv_ts, user_challenge, target); lm2 = smb_lm2_response(&hash_v2, srv_challenge, smb_ntlm_generate_challenge()); smb_buffer_init(&buf, blob, blob_size); ntlm2 = smb_ntlm2_response(&hash_v2, srv_challenge, &buf); smb_ntlm2_session_key(&hash_v2, ntlm2, &xkey, &xkey_crypt); smb_buffer_init(&buf, NULL, 0); free(blob); // Compute size of and allocate token token->size = sizeof(smb_ntlmssp_auth) + strlen(host) * 2 + strlen(domain) * 2 + strlen(user) * 2 + blob_size + 16 // Blob + HMAC + 8 + 16 // LM2 Response (miniblob=user_challenge + HMAC) + 16; // Session Key if (token->size % 2) // Align on Word token->size += 1; smb_buffer_alloc(token, token->size); auth = (smb_ntlmssp_auth *)token->data; memset(auth, 0, token->size); memcpy(auth->id, "NTLMSSP", 8); auth->type = SMB_NTLMSSP_CMD_AUTH; auth->flags = 0x60088215; __AUTH_APPEND(lm, lm2, 24, cursor) __AUTH_APPEND(ntlm, ntlm2, blob_size + 16, cursor) utf_sz = smb_to_utf16(domain, strlen(domain), &utf); __AUTH_APPEND(domain, utf, utf_sz, cursor) free(utf); utf_sz = smb_to_utf16(user, strlen(user), &utf); __AUTH_APPEND(user, utf, utf_sz, cursor) free(utf); utf_sz = smb_to_utf16(host, strlen(host), &utf); __AUTH_APPEND(host, utf, utf_sz, cursor) free(utf); __AUTH_APPEND(session_key, &xkey_crypt, 16, cursor) free(lm2); free(ntlm2); }