/// <summary> /// [MS-NLMP] 3.4.5.1 - KXKEY - NTLM v1 /// </summary> /// <remarks> /// If NTLM v2 is used, KeyExchangeKey MUST be set to the value of SessionBaseKey. /// </remarks> public static byte[] KXKey(byte[] sessionBaseKey, NegotiateFlags negotiateFlags, byte[] lmChallengeResponse, byte[] serverChallenge, byte[] lmowf) { if ((negotiateFlags & NegotiateFlags.ExtendedSessionSecurity) == 0) { if ((negotiateFlags & NegotiateFlags.LanManagerSessionKey) > 0) { byte[] k1 = ByteReader.ReadBytes(lmowf, 0, 7); byte[] k2 = ByteUtils.Concatenate(ByteReader.ReadBytes(lmowf, 7, 1), new byte[] { 0xBD, 0xBD, 0xBD, 0xBD, 0xBD, 0xBD }); byte[] temp1 = DesEncrypt(ExtendDESKey(k1), ByteReader.ReadBytes(lmChallengeResponse, 0, 8)); byte[] temp2 = DesEncrypt(ExtendDESKey(k2), ByteReader.ReadBytes(lmChallengeResponse, 0, 8)); byte[] keyExchangeKey = ByteUtils.Concatenate(temp1, temp2); return(keyExchangeKey); } else { if ((negotiateFlags & NegotiateFlags.RequestLMSessionKey) > 0) { byte[] keyExchangeKey = ByteUtils.Concatenate(ByteReader.ReadBytes(lmowf, 0, 8), new byte[8]); return(keyExchangeKey); } else { return(sessionBaseKey); } } } else { byte[] buffer = ByteUtils.Concatenate(serverChallenge, ByteReader.ReadBytes(lmChallengeResponse, 0, 8)); byte[] keyExchangeKey = new HMACMD5(sessionBaseKey).ComputeHash(buffer); return(keyExchangeKey); } }
public ChallengeMessage(byte[] cm) { if (cm.Length < 56) { throw new ArgumentOutOfRangeException(); } if (!Signature.CompareArray(cm, 0, 8))//0-8 { throw new Exception("ChallengeMessage Signature Error"); } if (MessageType != BitConverter.ToUInt32(cm, 8))//8-4 { throw new Exception("ChallengeMessage MessageType Error"); } TargetNameField = new MetaDataPayloadString(cm, 12); //12-8 NegotiateFlag = (NegotiateFlags)BitConverter.ToUInt32(cm, 20); //20-4 Array.Copy(cm, 24, ServerChallenge, 0, 8); //24-8 if (!Reserved.CompareArray(cm, 32, 8)) //32-8 { throw new Exception("ChallengeMessage Reserved Error"); } TargetInfoField = new MetaDataVariableTargetInfos(cm, 40); //40-8 Version = new Versions(cm, 48); //48-8 }
public NegotiateMessage(byte[] buffer) { Signature = ByteReader.ReadAnsiString(buffer, 0, 8); MessageType = (MessageTypeName)LittleEndianConverter.ToUInt32(buffer, 8); NegotiateFlags = (NegotiateFlags)LittleEndianConverter.ToUInt32(buffer, 12); DomainName = AuthenticationMessageUtils.ReadAnsiStringBufferPointer(buffer, 16); Workstation = AuthenticationMessageUtils.ReadAnsiStringBufferPointer(buffer, 24); if ((NegotiateFlags & NegotiateFlags.Version) > 0) { Version = new NTLMVersion(buffer, 32); } }
public ChallengeMessage(byte[] buffer) { Signature = ByteReader.ReadAnsiString(buffer, 0, 8); MessageType = (MessageTypeName)LittleEndianConverter.ToUInt32(buffer, 8); TargetName = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 12); NegotiateFlags = (NegotiateFlags)LittleEndianConverter.ToUInt32(buffer, 20); ServerChallenge = ByteReader.ReadBytes(buffer, 24, 8); // Reserved TargetInfo = AuthenticationMessageUtils.ReadBufferPointer(buffer, 40); if ((NegotiateFlags & NegotiateFlags.Version) > 0) { Version = new NTLMVersion(buffer, 48); } }
protected override void InitMessageFromData(byte[] data) { this._messageData = data; this.Signature = Encoding.ASCII.GetString(this._messageData, 0, 7); this.MessageType = BitConverter.ToInt32(this._messageData, 8); this.SetLmChallengeResponse(); this.SetNtChallengeResponse(); this.DomainName = this.ConvertNtlmMessageByteArrayToString(28); this.UserName = this.ConvertNtlmMessageByteArrayToString(36); this.Workstation = this.ConvertNtlmMessageByteArrayToString(44); this.SetEncryptedRandomSessionKey(); this.NegotiateFlags = (NegotiateFlags)BitConverter.ToUInt32(this._messageData, 60); this.SetVersion(); this.SetMic(); }
public static bool HasFlag(this NegotiateFlags t, NegotiateFlags negotiateFlags) { if (negotiateFlags == 0) { throw new ArgumentException("Can't be Zero"); } if ((t & negotiateFlags) == negotiateFlags) { return(true); } else { return(false); } }
public AuthenticateMessage(byte[] buffer) { Signature = ByteReader.ReadAnsiString(buffer, 0, 8); MessageType = (MessageTypeName)LittleEndianConverter.ToUInt32(buffer, 8); LmChallengeResponse = AuthenticationMessageUtils.ReadBufferPointer(buffer, 12); NtChallengeResponse = AuthenticationMessageUtils.ReadBufferPointer(buffer, 20); DomainName = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 28); UserName = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 36); WorkStation = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 44); EncryptedRandomSessionKey = AuthenticationMessageUtils.ReadBufferPointer(buffer, 52); NegotiateFlags = (NegotiateFlags)LittleEndianConverter.ToUInt32(buffer, 60); if ((NegotiateFlags & NegotiateFlags.Version) > 0) { Version = new NTLMVersion(buffer, 64); } }
public AuthenticateMessage( MetaDataPayloadHex lmChallengeResponseField, NtChallengeResponseFields ntChallengeResponseField, MetaDataPayloadString domainNameField, MetaDataPayloadString userNameField, MetaDataPayloadString workstationField, MetaDataPayloadString encryptedRandomSessionKeyField, NegotiateFlags negotiateFlag, Versions version ) { LmChallengeResponseField = lmChallengeResponseField; NtChallengeResponseField = ntChallengeResponseField; DomainNameField = domainNameField; UserNameField = userNameField; WorkstationField = workstationField; EncryptedRandomSessionKeyField = encryptedRandomSessionKeyField; NegotiateFlag = negotiateFlag; Version = version; }
public static byte[] GetBytes(this NegotiateFlags t) { return(BitConverter.GetBytes((uint)t)); }