private static byte[] getLMv2Response(byte[] responseKeyNT, byte[] serverChallenge, byte[] clientChallenge)
{
byte[] buf = new byte[0x18];
HMACT64 hmact = new HMACT64(responseKeyNT);
hmact.update(serverChallenge);
hmact.update(clientChallenge);
hmact.digest(buf, 0, 0x10);
Array.Copy(clientChallenge, 0, buf, 0x10, 8);
return(buf);
}
private static byte[] computeResponse(byte[] responseKey, byte[] serverChallenge, byte[] clientData, int offset, int length, out byte[] keyExchangeKey)
{
HMACT64 hmact = new HMACT64(responseKey);
hmact.update(serverChallenge);
hmact.update(clientData, offset, length);
byte[] sourceArray = hmact.digest();
byte[] destinationArray = new byte[sourceArray.Length + clientData.Length];
Array.Copy(sourceArray, 0, destinationArray, 0, sourceArray.Length);
Array.Copy(clientData, 0, destinationArray, sourceArray.Length, clientData.Length);
hmact = new HMACT64(responseKey);
hmact.update(sourceArray);
keyExchangeKey = hmact.digest();
return(destinationArray);
}
private static byte[] MakeSignature(RC4 SealKey, byte[] SignKey, byte[] message, ref uint sequenceNum)
{
HMACT64 hmact = new HMACT64(SignKey);
byte[] bytes = BitConverter.GetBytes(sequenceNum++);
hmact.update(bytes);
hmact.update(message);
byte[] data = hmact.digest();
byte[] collection = SealKey.crypt(data, 0, 8);
List <byte> list = new List <byte> {
1, 0, 0, 0
};
list.AddRange(collection);
list.AddRange(bytes);
return(list.ToArray());
}
private static byte[] nTOWFv2(string domain, string username, string password)
{
byte[] byteArray = null;
if (Options.hash.Length > 0)
{
byteArray = ConvertHexStringToBytes(Options.hash);
}
else
{
byteArray = nTOWFv1(password);
}
HMACT64 hmact = new HMACT64(byteArray);
hmact.update(Encoding.Unicode.GetBytes(username.ToUpper()));
hmact.update(Encoding.Unicode.GetBytes(domain));
return(hmact.digest());
}
private byte[] Authenticate(byte[] lmChallengeResponse, byte[] ntChallengeResponse, string sDomainName, string sUser, string sWorkstation, byte[] EncryptedRandomSessionKey, byte[] ExportedSessionKey, bool bGenerateMIC)
{
RdpPacket packet = new RdpPacket();
uint flags = (
(((((0xe2800000 | NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY) |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN) | NTLMSSP_NEGOTIATE_NTLM) |
NTLMSSP_NEGOTIATE_SEAL) | NTLMSSP_NEGOTIATE_SIGN) |
NTLMSSP_REQUEST_TARGET) | NTLMSSP_NEGOTIATE_UNICODE;
DumpFlags(flags);
int position = (int)packet.Position;
packet.WriteString("NTLMSSP", false);
packet.WriteByte(0);
packet.WriteLittleEndian32(3);
int num3 = ((int)packet.Position) - position;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 8;
num3 += 4;
if ((flags & 0x2000000) != 0)
{
num3 += 8;
}
if (bGenerateMIC)
{
num3 += 0x10;
}
byte[] bytes = Encoding.Unicode.GetBytes(sDomainName);
byte[] buffer = Encoding.Unicode.GetBytes(sUser);
byte[] buffer3 = Encoding.Unicode.GetBytes(sWorkstation);
int num4 = num3;
int num5 = num4 + bytes.Length;
int num6 = num5 + buffer.Length;
int num7 = num6 + buffer3.Length;
int num8 = num7 + lmChallengeResponse.Length;
int num9 = num8 + ntChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length);
packet.WriteLittleEndian16((ushort)lmChallengeResponse.Length);
packet.WriteLittleEndian32(num7);
num3 += lmChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length);
packet.WriteLittleEndian16((ushort)ntChallengeResponse.Length);
packet.WriteLittleEndian32(num8);
num3 += ntChallengeResponse.Length;
packet.WriteLittleEndian16((ushort)bytes.Length);
packet.WriteLittleEndian16((ushort)bytes.Length);
packet.WriteLittleEndian32(num4);
num3 += bytes.Length;
packet.WriteLittleEndian16((ushort)buffer.Length);
packet.WriteLittleEndian16((ushort)buffer.Length);
packet.WriteLittleEndian32(num5);
num3 += buffer.Length;
packet.WriteLittleEndian16((ushort)buffer3.Length);
packet.WriteLittleEndian16((ushort)buffer3.Length);
packet.WriteLittleEndian32(num6);
num3 += buffer3.Length;
packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length);
packet.WriteLittleEndian16((ushort)EncryptedRandomSessionKey.Length);
packet.WriteLittleEndian32(num9);
num3 += EncryptedRandomSessionKey.Length;
packet.WriteLittleEndian32(flags);
if ((flags & 0x2000000) != 0)
{
this.WriteVersion(packet);
}
long num10 = packet.Position;
if (bGenerateMIC)
{
packet.WritePadding(0x10);
}
packet.Write(bytes, 0, bytes.Length);
packet.Write(buffer, 0, buffer.Length);
packet.Write(buffer3, 0, buffer3.Length);
packet.Write(lmChallengeResponse, 0, lmChallengeResponse.Length);
packet.Write(ntChallengeResponse, 0, ntChallengeResponse.Length);
packet.Write(EncryptedRandomSessionKey, 0, EncryptedRandomSessionKey.Length);
if (bGenerateMIC)
{
packet.Position = 0L;
byte[] buffer4 = new byte[packet.Length];
packet.Read(buffer4, 0, buffer4.Length);
HMACT64 hmact = new HMACT64(ExportedSessionKey);
hmact.update(this.m_NegotiateMsg);
hmact.update(this.m_ChallengeMsg);
hmact.update(buffer4);
byte[] buffer5 = hmact.digest();
packet.Position = num10;
packet.Write(buffer5, 0, buffer5.Length);
}
packet.Position = 0L;
byte[] buffer6 = new byte[packet.Length];
packet.Read(buffer6, 0, buffer6.Length);
return(buffer6);
}
