CmdLineHandler::CmdLineHandler() { USES_CONVERSION; char userId[128] = {0}; ULONG userIdLength = sizeof userId; if (0 == GetUserNameExA(NameSamCompatible, userId, &userIdLength)){ ErrorExit("GetUserId"); return; } for (int i = 0; i < userIdLength; i++){ if ((userId[i] >= '0' && userId[i] <= '9') || (userId[i] >= 'a' && userId[i] <= 'z') || (userId[i] >= 'A' && userId[i] <= 'Z')) continue; userId[i] = '_'; } std::string full_version(ver); for (int i = 0; i < full_version.length(); i++){ if (full_version[i] == ' ' || full_version[i] == ',' || full_version[i] == ':' || full_version[i] == '.') full_version[i] = '_'; } _snprintf(userShareMemName_, sizeof(userShareMemName_), "%s_%s_%s", SHARED_MEM_NAME, userId, full_version.c_str()); _snprintf(userShareMemMutexName_, sizeof(userShareMemMutexName_), "%s_%s_%s", SHARED_MEM_MUTEX_NAME, userId, full_version.c_str()); sharedBuffer_ = NULL; sharedMemMutex_ = CreateMutex(NULL,FALSE, A2W(userShareMemMutexName_)); memset(cmdLine_, 0, sizeof(cmdLine_)); isLeaderStartWithCmd_ = false; }
std::string MakeValidFileNameUsingUserName(const std::string& in_strHint) { char szUserName[2048] = { 0 }; unsigned long userNameSize = _countof( szUserName ); if( GetUserNameExA( NameSamCompatible, szUserName, &userNameSize ) ) { return MakeValidFileName(szUserName + in_strHint); } return MakeValidFileName("unknown"+ in_strHint); }
BOOL DoAuthentication (void) { SECURITY_STATUS ss; DWORD cbIn; DWORD cbOut; DWORD g_cbMaxMessage; BOOL done = FALSE; BOOL fDone = FALSE; BOOL fNewConversation = TRUE; TimeStamp Lifetime; PSecPkgInfoA pkgInfo; CredHandle hcred; CredHandle hCcred; struct _SecHandle hctxt; struct _SecHandle hCctxt; PBYTE g_pInBuf = NULL; PBYTE g_pOutBuf = NULL; SEC_CHAR g_lpPackageName[1024]; PBYTE nonce, clientnonce, lmhash, nthash; PCHAR pUserName = NULL; DWORD cbUserName = 0; lstrcpynA (g_lpPackageName, "NTLM",5); ss = QuerySecurityPackageInfoA ( g_lpPackageName, &pkgInfo); if (!SEC_SUCCESS(ss)) MyHandleError("Could not query package"); g_cbMaxMessage = pkgInfo->cbMaxToken; FreeContextBuffer(pkgInfo); g_pInBuf = (PBYTE) malloc (g_cbMaxMessage); g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage); if (NULL == g_pInBuf || NULL == g_pOutBuf) MyHandleError("Memory allocation"); ss = AcquireCredentialsHandleA (NULL, g_lpPackageName, SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, &hcred, &Lifetime); if (!SEC_SUCCESS (ss)) MyHandleError("AcquireCreds failed"); cbOut = g_cbMaxMessage; if (!GenClientContext ( NULL, 0, g_pOutBuf, &cbOut, &fDone, "NTLM", &hCcred, &hCctxt)) MyHandleError("Cant't generate client context"); printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut);//type1 PrintHexDump (cbOut, (PBYTE)g_pOutBuf); memcpy(g_pInBuf,g_pOutBuf, cbOut); cbIn = cbOut; cbOut = g_cbMaxMessage; if (!GenServerContext (g_pInBuf, cbIn, g_pOutBuf, &cbOut, &done, fNewConversation, &hcred, &hctxt)) MyHandleError("GenServerContext failed"); fNewConversation = FALSE; printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut); //type2 PrintHexDump (cbOut, (PBYTE)g_pOutBuf); memcpy(g_pInBuf,g_pOutBuf, cbOut); cbIn = cbOut; cbOut = g_cbMaxMessage; nonce = (PBYTE) malloc (16); memcpy (nonce, (void *)&g_pOutBuf[24], 8); if (!GenClientContext (g_pInBuf, cbIn, g_pOutBuf, &cbOut, &fDone, "NTLM", &hCcred, &hCctxt)) MyHandleError("GenClientContext failed"); printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut);//type3 PrintHexDump (cbOut, (PBYTE)g_pOutBuf); GetUserNameExA(NameSamCompatible, pUserName, &cbUserName); pUserName = (PCHAR) malloc (cbUserName); GetUserNameExA(NameSamCompatible, pUserName, &cbUserName); cbUserName = (DWORD)((int)strchr(pUserName,'\\')); *(char *)cbUserName = 0; printf("g_pOutBuf[22]=%d\n",g_pOutBuf[22]); if (g_pOutBuf[22] > 24) { printf("NTLMv2\n"); nthash = (PBYTE) malloc (16); cbIn = g_pOutBuf[24] + (g_pOutBuf[25] << 8); memcpy (nthash, (void *)&g_pOutBuf[cbIn], 16); cbIn += 16; clientnonce = (PBYTE) malloc (cbOut - cbIn - 16); //memcpy (clientnonce, (void *)&g_pOutBuf[cbIn], 84); memcpy (clientnonce, (void *)&g_pOutBuf[cbIn], cbOut - cbIn - 16); printf("Nonce: "); PrintHex (8, nonce); printf("\nClientNonce: "); PrintHex (cbOut - cbIn - 16, clientnonce); printf("\nNThash: "); PrintHex (16, nthash); printf("\n"); printf("\nJTR: %s::%s", (unsigned char *)((int)cbUserName+1), (unsigned char *)pUserName); printf(":"); PrintHex (8, nonce); printf(":"); PrintHex (16, nthash); printf(":"); PrintHex (cbOut - cbIn - 16, clientnonce); printf("\n"); } else if (g_pOutBuf[22] == 24) { printf("NTLM\n"); lmhash = (PBYTE) malloc (24); cbIn = g_pOutBuf[16] + (g_pOutBuf[17] << 8); memcpy (lmhash, (void *)&g_pOutBuf[cbIn], 24); nthash = (PBYTE) malloc (24); cbIn = g_pOutBuf[24] + (g_pOutBuf[25] << 8); memcpy (nthash, (void *)&g_pOutBuf[cbIn], 24); printf("\nNonce: "); PrintHex (8, nonce); printf("\nLMhash: "); PrintHex (24, lmhash); printf("\nNThash: "); PrintHex (24, nthash); printf("\nJTR: %s::%s", (unsigned char *)((int)cbUserName+1), (unsigned char *)pUserName); printf(":"); PrintHex (24, lmhash); printf(":"); PrintHex (24, nthash); printf(":"); PrintHex (8, nonce); printf("\n"); } else { printf("Unknown hashtype"); } return(TRUE); }
BOOL GenClientContext (BYTE *pIn, DWORD cbIn, BYTE *pOut, DWORD *pcbOut, BOOL *pfDone, SEC_CHAR *pszTarget, CredHandle *hCred, struct _SecHandle *hCtxt) { SECURITY_STATUS ss; TimeStamp Lifetime; SecBufferDesc OutBuffDesc; SecBuffer OutSecBuff; SecBufferDesc InBuffDesc; SecBuffer InSecBuff; ULONG ContextAttributes; SEC_CHAR lpPackageName[1024]; _SEC_WINNT_AUTH_IDENTITY auth_data; PCHAR pUserName = NULL; DWORD cbUserName = 0; DWORD dw; if( NULL == pIn ) { GetUserNameExA(NameSamCompatible, pUserName, &cbUserName); pUserName = (PCHAR) malloc (cbUserName); GetUserNameExA(NameSamCompatible, pUserName, &cbUserName); cbUserName = (DWORD)((int)strchr(pUserName,'\\')); *(char *)cbUserName = 0; auth_data.Domain = (unsigned char *)pUserName; auth_data.User = (unsigned char *)((int)cbUserName+1); printf("%s@%s\n",(char *)auth_data.User,(char *)auth_data.Domain); auth_data.UserLength = strlen((char *)auth_data.User); auth_data.DomainLength = strlen((char *)auth_data.Domain); auth_data.Password = NULL; auth_data.PasswordLength = 0; auth_data.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; lstrcpynA (lpPackageName, "NTLM", 5); ss = AcquireCredentialsHandleA (NULL, lpPackageName, SECPKG_CRED_OUTBOUND, NULL, &auth_data, NULL, NULL, hCred, &Lifetime); if (!(SEC_SUCCESS (ss))) MyHandleError("AcquireCreds failed "); } OutBuffDesc.ulVersion = 0; OutBuffDesc.cBuffers = 1; OutBuffDesc.pBuffers = &OutSecBuff; OutSecBuff.cbBuffer = *pcbOut; OutSecBuff.BufferType = SECBUFFER_TOKEN; OutSecBuff.pvBuffer = pOut; if (pIn) { InBuffDesc.ulVersion = 0; InBuffDesc.cBuffers = 1; InBuffDesc.pBuffers = &InSecBuff; InSecBuff.cbBuffer = cbIn; InSecBuff.BufferType = SECBUFFER_TOKEN; InSecBuff.pvBuffer = pIn; ss = InitializeSecurityContextA (hCred, hCtxt, pszTarget, ISC_REQ_CONFIDENTIALITY, 0, SECURITY_NATIVE_DREP, &InBuffDesc, 0, hCtxt, &OutBuffDesc, &ContextAttributes, &Lifetime); } else { ss = InitializeSecurityContextA (hCred, NULL, pszTarget, ISC_REQ_CONFIDENTIALITY, 0, SECURITY_NATIVE_DREP, NULL, 0, hCtxt, &OutBuffDesc, &ContextAttributes, &Lifetime); } if (!SEC_SUCCESS (ss)) MyHandleError ("InitializeSecurityContext failed " ); *pcbOut = OutSecBuff.cbBuffer; *pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||(SEC_I_COMPLETE_AND_CONTINUE == ss)); return TRUE; }