public static byte[] GetLMv2Response(Type2Message type2, string domain, string user
, string password, byte[] clientChallenge)
{
if (type2 == null || domain == null || user == null || password == null || clientChallenge
== null)
{
return(null);
}
return(NtlmPasswordAuthentication.GetLMv2Response(domain, user, password, type2.GetChallenge
(), clientChallenge));
}
/// <summary>
/// Returns the default flags for a Type-3 message created in response
/// to the given Type-2 message in the current environment.
/// </summary>
/// <remarks>
/// Returns the default flags for a Type-3 message created in response
/// to the given Type-2 message in the current environment.
/// </remarks>
/// <returns>An <code>int</code> containing the default flags.</returns>
public static int GetDefaultFlags(Type2Message type2)
{
if (type2 == null)
{
return(DefaultFlags);
}
int flags = NtlmsspNegotiateNtlm;
flags |= ((type2.GetFlags() & NtlmsspNegotiateUnicode) != 0) ? NtlmsspNegotiateUnicode
: NtlmsspNegotiateOem;
return(flags);
}
public static byte[] GetNtlMv2Response(Type2Message type2, byte[] responseKeyNt,
byte[] clientChallenge)
{
if (type2 == null || responseKeyNt == null || clientChallenge == null)
{
return(null);
}
long nanos1601 = (Runtime.CurrentTimeMillis() + MillisecondsBetween1970And1601
) * 10000L;
return(NtlmPasswordAuthentication.GetNtlMv2Response(responseKeyNt, type2.GetChallenge
(), clientChallenge, nanos1601, type2.GetTargetInformation()));
}
/// <summary>
/// Creates a Type-3 message in response to the given Type-2 message
/// using default values from the current environment.
/// </summary>
/// <remarks>
/// Creates a Type-3 message in response to the given Type-2 message
/// using default values from the current environment.
/// </remarks>
/// <param name="type2">The Type-2 message which this represents a response to.</param>
public Type3Message(Type2Message type2)
{
SetFlags(GetDefaultFlags(type2));
SetWorkstation(GetDefaultWorkstation());
string domain = GetDefaultDomain();
SetDomain(domain);
string user = GetDefaultUser();
SetUser(user);
string password = GetDefaultPassword();
switch (LmCompatibility)
{
case 0:
case 1:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
case 2:
{
byte[] nt = GetNTResponse(type2, password);
SetLmResponse(nt);
SetNtResponse(nt);
break;
}
case 3:
case 4:
case 5:
{
byte[] clientChallenge = new byte[8];
//RANDOM.NextBytes(clientChallenge);
SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge));
break;
}
default:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
}
}
/// <summary>Creates a Type-3 message in response to the given Type-2 message.</summary>
/// <remarks>Creates a Type-3 message in response to the given Type-2 message.</remarks>
/// <param name="type2">The Type-2 message which this represents a response to.</param>
/// <param name="password">The password to use when constructing the response.</param>
/// <param name="domain">The domain in which the user has an account.</param>
/// <param name="user">The username for the authenticating user.</param>
/// <param name="workstation">
/// The workstation from which authentication is
/// taking place.
/// </param>
public Type3Message(Type2Message type2, string password, string domain, string user
, string workstation, int flags)
{
SetFlags(flags | GetDefaultFlags(type2));
if (workstation == null)
{
workstation = GetDefaultWorkstation();
}
SetWorkstation(workstation);
SetDomain(domain);
SetUser(user);
switch (LmCompatibility)
{
case 0:
case 1:
{
if ((GetFlags() & NtlmsspNegotiateNtlm2) == 0)
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
}
else
{
// NTLM2 Session Response
byte[] clientChallenge = new byte[24];
//RANDOM.NextBytes(clientChallenge);
Arrays.Fill(clientChallenge, 8, 24, unchecked ((byte)unchecked (0x00)));
// NTLMv1 w/ NTLM2 session sec and key exch all been verified with a debug build of smbclient
byte[] responseKeyNt = NtlmPasswordAuthentication.NtowFv1(password);
byte[] ntlm2Response = NtlmPasswordAuthentication.GetNtlm2Response(responseKeyNt,
type2.GetChallenge(), clientChallenge);
SetLmResponse(clientChallenge);
SetNtResponse(ntlm2Response);
if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign)
{
byte[] sessionNonce = new byte[16];
Array.Copy(type2.GetChallenge(), 0, sessionNonce, 0, 8);
Array.Copy(clientChallenge, 0, sessionNonce, 8, 8);
Md4 md4 = new Md4();
md4.Update(responseKeyNt);
byte[] userSessionKey = md4.Digest();
Hmact64 hmac = new Hmact64(userSessionKey);
hmac.Update(sessionNonce);
byte[] ntlm2SessionKey = hmac.Digest();
if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0)
{
_masterKey = new byte[16];
//RANDOM.NextBytes(masterKey);
byte[] exchangedKey = new byte[16];
Rc4 rc4 = new Rc4(ntlm2SessionKey);
rc4.Update(_masterKey, 0, 16, exchangedKey, 0);
SetSessionKey(exchangedKey);
}
else
{
_masterKey = ntlm2SessionKey;
SetSessionKey(_masterKey);
}
}
}
break;
}
case 2:
{
byte[] nt = GetNTResponse(type2, password);
SetLmResponse(nt);
SetNtResponse(nt);
break;
}
case 3:
case 4:
case 5:
{
byte[] responseKeyNt1 = NtlmPasswordAuthentication.NtowFv2(domain, user, password
);
byte[] clientChallenge1 = new byte[8];
//RANDOM.NextBytes(clientChallenge_1);
SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge1));
byte[] clientChallenge2 = new byte[8];
//RANDOM.NextBytes(clientChallenge2);
SetNtResponse(GetNtlMv2Response(type2, responseKeyNt1, clientChallenge2));
if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign)
{
Hmact64 hmac = new Hmact64(responseKeyNt1);
hmac.Update(_ntResponse, 0, 16);
// only first 16 bytes of ntResponse
byte[] userSessionKey = hmac.Digest();
if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0)
{
_masterKey = new byte[16];
//RANDOM.NextBytes(masterKey);
byte[] exchangedKey = new byte[16];
Rc4 rc4 = new Rc4(userSessionKey);
rc4.Update(_masterKey, 0, 16, exchangedKey, 0);
SetSessionKey(exchangedKey);
}
else
{
_masterKey = userSessionKey;
SetSessionKey(_masterKey);
}
}
break;
}
default:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
}
}
