Example #1
0
uint8_t     *smb_lm2_response(smb_ntlmh *hash_v2, uint64_t srv_challenge,
                              uint64_t user_challenge)
{
    smb_buffer buf;

    smb_buffer_init(&buf, (void *)&user_challenge, 8);
    return (smb_ntlm2_response(hash_v2, srv_challenge, &buf));
}
Example #2
0
void    smb_buffer_free(smb_buffer *buf)
{
    if (buf == NULL || buf->data == NULL)
        return;

    free(buf->data);
    smb_buffer_init(buf, NULL, 0);
}
Example #3
0
void        smb_ntlmssp_response(uint64_t srv_challenge, uint64_t srv_ts,
                                 const char *host, const char *domain,
                                 const char *user, const char *password,
                                 smb_buffer *target, smb_buffer *token)
{
    smb_ntlmssp_auth      *auth;
    smb_ntlm_blob         *blob;
    smb_ntlmh             hash_v2, xkey, xkey_crypt;
    smb_buffer            buf;
    void                  *lm2, *ntlm2;
    size_t                blob_size, utf_sz, cursor = 0;
    uint64_t              user_challenge;
    char                  *utf;

    assert(host != NULL && domain != NULL && user != NULL && password != NULL);
    assert(token != NULL && target != NULL);

    //// We compute most of the data first to know the final token size
    smb_ntlm2_hash(user, password, domain, &hash_v2);
    user_challenge = smb_ntlm_generate_challenge();
    smb_ntlm_generate_xkey(&xkey);
    blob_size = smb_ntlm_make_blob(&blob, srv_ts, user_challenge, target);

    lm2   = smb_lm2_response(&hash_v2, srv_challenge, smb_ntlm_generate_challenge());
    smb_buffer_init(&buf, blob, blob_size);
    ntlm2 = smb_ntlm2_response(&hash_v2, srv_challenge, &buf);
    smb_ntlm2_session_key(&hash_v2, ntlm2, &xkey, &xkey_crypt);

    smb_buffer_init(&buf, NULL, 0);
    free(blob);

    // Compute size of and allocate token
    token->size = sizeof(smb_ntlmssp_auth)
                  + strlen(host) * 2
                  + strlen(domain) * 2
                  + strlen(user) * 2
                  + blob_size + 16 // Blob + HMAC
                  + 8 + 16  // LM2 Response (miniblob=user_challenge + HMAC)
                  + 16;     // Session Key
    if (token->size % 2) // Align on Word
        token->size += 1;
    smb_buffer_alloc(token, token->size);

    auth = (smb_ntlmssp_auth *)token->data;
    memset(auth, 0, token->size);

    memcpy(auth->id, "NTLMSSP", 8);
    auth->type  = SMB_NTLMSSP_CMD_AUTH;
    auth->flags = 0x60088215;


    __AUTH_APPEND(lm, lm2, 24, cursor)
    __AUTH_APPEND(ntlm, ntlm2, blob_size + 16, cursor)

    utf_sz = smb_to_utf16(domain, strlen(domain), &utf);
    __AUTH_APPEND(domain, utf, utf_sz, cursor)
    free(utf);
    utf_sz = smb_to_utf16(user, strlen(user), &utf);
    __AUTH_APPEND(user, utf, utf_sz, cursor)
    free(utf);
    utf_sz = smb_to_utf16(host, strlen(host), &utf);
    __AUTH_APPEND(host, utf, utf_sz, cursor)
    free(utf);

    __AUTH_APPEND(session_key, &xkey_crypt, 16, cursor)

    free(lm2);
    free(ntlm2);
}