public static byte[] GetLMv2Response(Type2Message type2, string domain, string user , string password, byte[] clientChallenge) { if (type2 == null || domain == null || user == null || password == null || clientChallenge == null) { return(null); } return(NtlmPasswordAuthentication.GetLMv2Response(domain, user, password, type2.GetChallenge (), clientChallenge)); }
/// <summary> /// Returns the default flags for a Type-3 message created in response /// to the given Type-2 message in the current environment. /// </summary> /// <remarks> /// Returns the default flags for a Type-3 message created in response /// to the given Type-2 message in the current environment. /// </remarks> /// <returns>An <code>int</code> containing the default flags.</returns> public static int GetDefaultFlags(Type2Message type2) { if (type2 == null) { return(DefaultFlags); } int flags = NtlmsspNegotiateNtlm; flags |= ((type2.GetFlags() & NtlmsspNegotiateUnicode) != 0) ? NtlmsspNegotiateUnicode : NtlmsspNegotiateOem; return(flags); }
public static byte[] GetNtlMv2Response(Type2Message type2, byte[] responseKeyNt, byte[] clientChallenge) { if (type2 == null || responseKeyNt == null || clientChallenge == null) { return(null); } long nanos1601 = (Runtime.CurrentTimeMillis() + MillisecondsBetween1970And1601 ) * 10000L; return(NtlmPasswordAuthentication.GetNtlMv2Response(responseKeyNt, type2.GetChallenge (), clientChallenge, nanos1601, type2.GetTargetInformation())); }
/// <summary> /// Creates a Type-3 message in response to the given Type-2 message /// using default values from the current environment. /// </summary> /// <remarks> /// Creates a Type-3 message in response to the given Type-2 message /// using default values from the current environment. /// </remarks> /// <param name="type2">The Type-2 message which this represents a response to.</param> public Type3Message(Type2Message type2) { SetFlags(GetDefaultFlags(type2)); SetWorkstation(GetDefaultWorkstation()); string domain = GetDefaultDomain(); SetDomain(domain); string user = GetDefaultUser(); SetUser(user); string password = GetDefaultPassword(); switch (LmCompatibility) { case 0: case 1: { SetLmResponse(GetLMResponse(type2, password)); SetNtResponse(GetNTResponse(type2, password)); break; } case 2: { byte[] nt = GetNTResponse(type2, password); SetLmResponse(nt); SetNtResponse(nt); break; } case 3: case 4: case 5: { byte[] clientChallenge = new byte[8]; //RANDOM.NextBytes(clientChallenge); SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge)); break; } default: { SetLmResponse(GetLMResponse(type2, password)); SetNtResponse(GetNTResponse(type2, password)); break; } } }
/// <summary>Creates a Type-3 message in response to the given Type-2 message.</summary> /// <remarks>Creates a Type-3 message in response to the given Type-2 message.</remarks> /// <param name="type2">The Type-2 message which this represents a response to.</param> /// <param name="password">The password to use when constructing the response.</param> /// <param name="domain">The domain in which the user has an account.</param> /// <param name="user">The username for the authenticating user.</param> /// <param name="workstation"> /// The workstation from which authentication is /// taking place. /// </param> public Type3Message(Type2Message type2, string password, string domain, string user , string workstation, int flags) { SetFlags(flags | GetDefaultFlags(type2)); if (workstation == null) { workstation = GetDefaultWorkstation(); } SetWorkstation(workstation); SetDomain(domain); SetUser(user); switch (LmCompatibility) { case 0: case 1: { if ((GetFlags() & NtlmsspNegotiateNtlm2) == 0) { SetLmResponse(GetLMResponse(type2, password)); SetNtResponse(GetNTResponse(type2, password)); } else { // NTLM2 Session Response byte[] clientChallenge = new byte[24]; //RANDOM.NextBytes(clientChallenge); Arrays.Fill(clientChallenge, 8, 24, unchecked ((byte)unchecked (0x00))); // NTLMv1 w/ NTLM2 session sec and key exch all been verified with a debug build of smbclient byte[] responseKeyNt = NtlmPasswordAuthentication.NtowFv1(password); byte[] ntlm2Response = NtlmPasswordAuthentication.GetNtlm2Response(responseKeyNt, type2.GetChallenge(), clientChallenge); SetLmResponse(clientChallenge); SetNtResponse(ntlm2Response); if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign) { byte[] sessionNonce = new byte[16]; Array.Copy(type2.GetChallenge(), 0, sessionNonce, 0, 8); Array.Copy(clientChallenge, 0, sessionNonce, 8, 8); Md4 md4 = new Md4(); md4.Update(responseKeyNt); byte[] userSessionKey = md4.Digest(); Hmact64 hmac = new Hmact64(userSessionKey); hmac.Update(sessionNonce); byte[] ntlm2SessionKey = hmac.Digest(); if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0) { _masterKey = new byte[16]; //RANDOM.NextBytes(masterKey); byte[] exchangedKey = new byte[16]; Rc4 rc4 = new Rc4(ntlm2SessionKey); rc4.Update(_masterKey, 0, 16, exchangedKey, 0); SetSessionKey(exchangedKey); } else { _masterKey = ntlm2SessionKey; SetSessionKey(_masterKey); } } } break; } case 2: { byte[] nt = GetNTResponse(type2, password); SetLmResponse(nt); SetNtResponse(nt); break; } case 3: case 4: case 5: { byte[] responseKeyNt1 = NtlmPasswordAuthentication.NtowFv2(domain, user, password ); byte[] clientChallenge1 = new byte[8]; //RANDOM.NextBytes(clientChallenge_1); SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge1)); byte[] clientChallenge2 = new byte[8]; //RANDOM.NextBytes(clientChallenge2); SetNtResponse(GetNtlMv2Response(type2, responseKeyNt1, clientChallenge2)); if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign) { Hmact64 hmac = new Hmact64(responseKeyNt1); hmac.Update(_ntResponse, 0, 16); // only first 16 bytes of ntResponse byte[] userSessionKey = hmac.Digest(); if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0) { _masterKey = new byte[16]; //RANDOM.NextBytes(masterKey); byte[] exchangedKey = new byte[16]; Rc4 rc4 = new Rc4(userSessionKey); rc4.Update(_masterKey, 0, 16, exchangedKey, 0); SetSessionKey(exchangedKey); } else { _masterKey = userSessionKey; SetSessionKey(_masterKey); } } break; } default: { SetLmResponse(GetLMResponse(type2, password)); SetNtResponse(GetNTResponse(type2, password)); break; } } }