tree_cell * nasl_ntlmv1_hash (lex_ctxt * lexic) { const uchar *cryptkey = (uchar *) get_str_var_by_name (lexic, "cryptkey"); char *password = get_str_var_by_name (lexic, "passhash"); int pass_len = get_var_size_by_name (lexic, "passhash"); unsigned char p21[21]; tree_cell *retc; uchar *ret; if (cryptkey == NULL || password == NULL) { nasl_perror (lexic, "Syntax : ntlmv1_hash(cryptkey:<c>, passhash:<p>)\n"); return NULL; } bzero (p21, sizeof (p21)); memcpy (p21, password, pass_len < 16 ? pass_len : 16); ret = emalloc (24); E_P24 (p21, cryptkey, ret); retc = alloc_tree_cell (0, NULL); retc->type = CONST_DATA; retc->size = 24; retc->x.str_val = (char *) ret; return retc; }
/* Does the des encryption from the NT or LM MD4 hash. */ void SMBOWFencrypt(const uint8_t passwd[16], const uint8_t *c8, uint8_t p24[24]) { uint8_t p21[21]; ZERO_STRUCT(p21); memcpy(p21, passwd, 16); E_P24(p21, c8, p24); }
/* Does the des encryption from the NT or LM MD4 hash. */ void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]) { uchar p21[21]; memset(p21,'\0',21); memcpy(p21, passwd, 16); E_P24(p21, c8, p24); }
void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p21[21]; memset(p21,'\0',21); E_md4hash(passwd, p21); E_P24(p21, c8, p24); }
/* Does the des encryption from the NT or LM MD4 hash. */ static void SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8, unsigned char p24[24]) { unsigned char p21[21]; memset(p21, '\0', 21); memcpy(p21, passwd, 16); E_P24(p21, c8, p24); }
/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ #if 0 /* currently unused */ static void NTLMSSPOWFencrypt(unsigned char passwd[8], unsigned char *ntlmchalresp, unsigned char p24[24]) { unsigned char p21[21]; memset(p21, '\0', 21); memcpy(p21, passwd, 8); memset(p21 + 8, 0xbd, 8); E_P24(p21, ntlmchalresp, p24); }
/* This implements the X/Open SMB password encryption It takes a password, a 8 byte "crypt key" and puts 24 bytes of encrypted password into p24 */ void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p14[15], p21[21]; memset(p21,'\0',21); memset(p14,'\0',14); strlcpy((char *)p14,(char *)passwd,14); strupper((char *)p14); E_P16(p14, p21); E_P24(p21, c8, p24); }
/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ void NTLMSSPOWFencrypt(const uchar passwd[8], const uchar *ntlmchalresp, uchar p24[24]) { uchar p21[21]; memset(p21,'\0',21); memcpy(p21, passwd, 8); memset(p21 + 8, 0xbd, 8); E_P24(p21, ntlmchalresp, p24); #ifdef DEBUG_PASSWORD DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n")); dump_data(100, (char *)p21, 21); dump_data(100, (const char *)ntlmchalresp, 8); dump_data(100, (char *)p24, 24); #endif }
/**************************************************************************** core of smb password checking routine. ****************************************************************************/ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8) { /* Finish the encryption of part_passwd. */ unsigned char p21[21]; unsigned char p24[24]; if (part_passwd == NULL) DEBUG(10,("No password set - allowing access\n")); /* No password set - always true ! */ if (part_passwd == NULL) return 1; memset(p21,'\0',21); memcpy(p21,part_passwd,16); E_P24(p21, c8, p24); #if DEBUG_PASSWORD { int i; DEBUG(100,("Part password (P16) was |")); for(i = 0; i < 16; i++) DEBUG(100,("%X ", (unsigned char)part_passwd[i])); DEBUG(100,("|\n")); DEBUG(100,("Password from client was |")); for(i = 0; i < 24; i++) DEBUG(100,("%X ", (unsigned char)password[i])); DEBUG(100,("|\n")); DEBUG(100,("Given challenge was |")); for(i = 0; i < 8; i++) DEBUG(100,("%X ", (unsigned char)c8[i])); DEBUG(100,("|\n")); DEBUG(100,("Value from encryption was |")); for(i = 0; i < 24; i++) DEBUG(100,("%X ", (unsigned char)p24[i])); DEBUG(100,("|\n")); } #endif return (memcmp(p24, password, 24) == 0); }