public static byte[] GetLMv2Response(Type2Message type2, string domain, string user
, string password, byte[] clientChallenge)
{
if (type2 == null || domain == null || user == null || password == null || clientChallenge
== null)
{
return(null);
}
return(NtlmPasswordAuthentication.GetLMv2Response(domain, user, password, type2.GetChallenge
(), clientChallenge));
}
/// <summary>
/// Returns the default flags for a Type-3 message created in response
/// to the given Type-2 message in the current environment.
/// </summary>
/// <remarks>
/// Returns the default flags for a Type-3 message created in response
/// to the given Type-2 message in the current environment.
/// </remarks>
/// <returns>An <code>int</code> containing the default flags.</returns>
public static int GetDefaultFlags(Type2Message type2)
{
if (type2 == null)
{
return(DefaultFlags);
}
int flags = NtlmsspNegotiateNtlm;
flags |= ((type2.GetFlags() & NtlmsspNegotiateUnicode) != 0) ? NtlmsspNegotiateUnicode
: NtlmsspNegotiateOem;
return(flags);
}
public static byte[] GetNtlMv2Response(Type2Message type2, byte[] responseKeyNt,
byte[] clientChallenge)
{
if (type2 == null || responseKeyNt == null || clientChallenge == null)
{
return(null);
}
long nanos1601 = (Runtime.CurrentTimeMillis() + MillisecondsBetween1970And1601
) * 10000L;
return(NtlmPasswordAuthentication.GetNtlMv2Response(responseKeyNt, type2.GetChallenge
(), clientChallenge, nanos1601, type2.GetTargetInformation()));
}
/// <summary>
/// Creates a Type-3 message in response to the given Type-2 message
/// using default values from the current environment.
/// </summary>
/// <remarks>
/// Creates a Type-3 message in response to the given Type-2 message
/// using default values from the current environment.
/// </remarks>
/// <param name="type2">The Type-2 message which this represents a response to.</param>
public Type3Message(Type2Message type2)
{
SetFlags(GetDefaultFlags(type2));
SetWorkstation(GetDefaultWorkstation());
string domain = GetDefaultDomain();
SetDomain(domain);
string user = GetDefaultUser();
SetUser(user);
string password = GetDefaultPassword();
switch (LmCompatibility)
{
case 0:
case 1:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
case 2:
{
byte[] nt = GetNTResponse(type2, password);
SetLmResponse(nt);
SetNtResponse(nt);
break;
}
case 3:
case 4:
case 5:
{
byte[] clientChallenge = new byte[8];
//RANDOM.NextBytes(clientChallenge);
SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge));
break;
}
default:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
}
}
/// <summary>Creates a Type-3 message in response to the given Type-2 message.</summary>
/// <remarks>Creates a Type-3 message in response to the given Type-2 message.</remarks>
/// <param name="type2">The Type-2 message which this represents a response to.</param>
/// <param name="password">The password to use when constructing the response.</param>
/// <param name="domain">The domain in which the user has an account.</param>
/// <param name="user">The username for the authenticating user.</param>
/// <param name="workstation">
/// The workstation from which authentication is
/// taking place.
/// </param>
public Type3Message(Type2Message type2,
string password,
string domain,
string user,
string workstation,
int flags)
{
SetFlags(flags | GetDefaultFlags(type2));
if (workstation == null)
{
workstation = GetDefaultWorkstation();
}
SetWorkstation(workstation);
SetDomain(domain);
SetUser(user);
switch (LmCompatibility)
{
case 0:
case 1:
{
if ((GetFlags() & NtlmsspNegotiateNtlm2) == 0)
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
}
else
{
// NTLM2 Session Response
byte[] clientChallenge = new byte[24];
//RANDOM.NextBytes(clientChallenge);
Arrays.Fill(clientChallenge, 8, 24, unchecked ((byte)unchecked (0x00)));
// NTLMv1 w/ NTLM2 session sec and key exch all been verified with a debug build of smbclient
byte[] responseKeyNt
= NtlmPasswordAuthentication.NtowFv1(password);
byte[] ntlm2Response
= NtlmPasswordAuthentication.GetNtlm2Response(responseKeyNt,
type2.GetChallenge(),
clientChallenge);
SetLmResponse(clientChallenge);
SetNtResponse(ntlm2Response);
if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign)
{
byte[] sessionNonce = new byte[16];
Array.Copy(type2.GetChallenge(), 0, sessionNonce, 0, 8);
Array.Copy(clientChallenge, 0, sessionNonce, 8, 8);
Md4 md4 = new Md4();
md4.Update(responseKeyNt);
byte[] userSessionKey = md4.Digest();
Hmact64 hmac = new Hmact64(userSessionKey);
hmac.Update(sessionNonce);
byte[] ntlm2SessionKey = hmac.Digest();
if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0)
{
_masterKey = new byte[16];
//RANDOM.NextBytes(masterKey);
byte[] exchangedKey = new byte[16];
Rc4 rc4 = new Rc4(ntlm2SessionKey);
rc4.Update(_masterKey, 0, 16, exchangedKey, 0);
SetSessionKey(exchangedKey);
}
else
{
_masterKey = ntlm2SessionKey;
SetSessionKey(_masterKey);
}
}
}
break;
}
case 2:
{
byte[] nt = GetNTResponse(type2, password);
SetLmResponse(nt);
SetNtResponse(nt);
break;
}
case 3:
case 4:
case 5:
{
byte[] responseKeyNt1
= NtlmPasswordAuthentication.NtowFv2(domain, user, password);
byte[] clientChallenge1 = new byte[8];
//RANDOM.NextBytes(clientChallenge_1);
SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge1));
byte[] clientChallenge2 = new byte[8];
//RANDOM.NextBytes(clientChallenge2);
SetNtResponse(GetNtlMv2Response(type2, responseKeyNt1, clientChallenge2));
if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign)
{
Hmact64 hmac = new Hmact64(responseKeyNt1);
hmac.Update(_ntResponse, 0, 16);
// only first 16 bytes of ntResponse
byte[] userSessionKey = hmac.Digest();
if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0)
{
_masterKey = new byte[16];
//RANDOM.NextBytes(masterKey);
byte[] exchangedKey = new byte[16];
Rc4 rc4 = new Rc4(userSessionKey);
rc4.Update(_masterKey, 0, 16, exchangedKey, 0);
SetSessionKey(exchangedKey);
}
else
{
_masterKey = userSessionKey;
SetSessionKey(_masterKey);
}
}
break;
}
default:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
}
}
/// <exception cref="SharpCifs.Smb.SmbException"></exception>
public virtual byte[] InitSecContext(byte[] token, int offset, int len)
{
switch (State)
{
case 1:
{
Type1Message msg1 = new Type1Message(NtlmsspFlags, Auth.GetDomain(), Workstation);
token = msg1.ToByteArray();
if (Log.Level >= 4)
{
Log.WriteLine(msg1);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
State++;
break;
}
case 2:
{
try
{
Type2Message msg2 = new Type2Message(token);
if (Log.Level >= 4)
{
Log.WriteLine(msg2);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
ServerChallenge = msg2.GetChallenge();
NtlmsspFlags &= msg2.GetFlags();
// netbiosName = getNtlmsspListItem(token, 0x0001);
Type3Message msg3 = new Type3Message(msg2, Auth.GetPassword(), Auth.GetDomain(),
Auth.GetUsername(), Workstation, NtlmsspFlags);
token = msg3.ToByteArray();
if (Log.Level >= 4)
{
Log.WriteLine(msg3);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
if ((NtlmsspFlags & NtlmFlags.NtlmsspNegotiateSign) != 0)
{
SigningKey = msg3.GetMasterKey();
}
isEstablished = true;
State++;
break;
}
catch (Exception e)
{
throw new SmbException(e.Message, e);
}
}
default:
{
throw new SmbException("Invalid state");
}
}
return token;
}
/// <summary>
/// Constructs the NT response to the given Type-2 message using
/// the supplied password.
/// </summary>
/// <remarks>
/// Constructs the NT response to the given Type-2 message using
/// the supplied password.
/// </remarks>
/// <param name="type2">The Type-2 message.</param>
/// <param name="password">The password.</param>
/// <returns>A <code>byte[]</code> containing the NT response.</returns>
public static byte[] GetNTResponse(Type2Message type2, string password)
{
if (type2 == null || password == null)
{
return null;
}
return NtlmPasswordAuthentication.GetNtlmResponse(password, type2.GetChallenge());
}
public static byte[] GetNtlMv2Response(Type2Message type2, byte[] responseKeyNt,
byte[] clientChallenge)
{
if (type2 == null || responseKeyNt == null || clientChallenge == null)
{
return null;
}
long nanos1601 = (Runtime.CurrentTimeMillis() + MillisecondsBetween1970And1601
) * 10000L;
return NtlmPasswordAuthentication.GetNtlMv2Response(responseKeyNt, type2.GetChallenge
(), clientChallenge, nanos1601, type2.GetTargetInformation());
}
public static byte[] GetLMv2Response(Type2Message type2, string domain, string user
, string password, byte[] clientChallenge)
{
if (type2 == null || domain == null || user == null || password == null || clientChallenge
== null)
{
return null;
}
return NtlmPasswordAuthentication.GetLMv2Response(domain, user, password, type2.GetChallenge
(), clientChallenge);
}
/// <summary>
/// Returns the default flags for a Type-3 message created in response
/// to the given Type-2 message in the current environment.
/// </summary>
/// <remarks>
/// Returns the default flags for a Type-3 message created in response
/// to the given Type-2 message in the current environment.
/// </remarks>
/// <returns>An <code>int</code> containing the default flags.</returns>
public static int GetDefaultFlags(Type2Message type2)
{
if (type2 == null)
{
return DefaultFlags;
}
int flags = NtlmsspNegotiateNtlm;
flags |= ((type2.GetFlags() & NtlmsspNegotiateUnicode) != 0) ? NtlmsspNegotiateUnicode
: NtlmsspNegotiateOem;
return flags;
}
/// <summary>Creates a Type-3 message in response to the given Type-2 message.</summary>
/// <remarks>Creates a Type-3 message in response to the given Type-2 message.</remarks>
/// <param name="type2">The Type-2 message which this represents a response to.</param>
/// <param name="password">The password to use when constructing the response.</param>
/// <param name="domain">The domain in which the user has an account.</param>
/// <param name="user">The username for the authenticating user.</param>
/// <param name="workstation">
/// The workstation from which authentication is
/// taking place.
/// </param>
public Type3Message(Type2Message type2, string password, string domain, string user
, string workstation, int flags)
{
SetFlags(flags | GetDefaultFlags(type2));
if (workstation == null)
{
workstation = GetDefaultWorkstation();
}
SetWorkstation(workstation);
SetDomain(domain);
SetUser(user);
switch (LmCompatibility)
{
case 0:
case 1:
{
if ((GetFlags() & NtlmsspNegotiateNtlm2) == 0)
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
}
else
{
// NTLM2 Session Response
byte[] clientChallenge = new byte[24];
//RANDOM.NextBytes(clientChallenge);
Arrays.Fill(clientChallenge, 8, 24, unchecked((byte)unchecked(0x00)));
// NTLMv1 w/ NTLM2 session sec and key exch all been verified with a debug build of smbclient
byte[] responseKeyNt = NtlmPasswordAuthentication.NtowFv1(password);
byte[] ntlm2Response = NtlmPasswordAuthentication.GetNtlm2Response(responseKeyNt,
type2.GetChallenge(), clientChallenge);
SetLmResponse(clientChallenge);
SetNtResponse(ntlm2Response);
if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign)
{
byte[] sessionNonce = new byte[16];
Array.Copy(type2.GetChallenge(), 0, sessionNonce, 0, 8);
Array.Copy(clientChallenge, 0, sessionNonce, 8, 8);
Md4 md4 = new Md4();
md4.Update(responseKeyNt);
byte[] userSessionKey = md4.Digest();
Hmact64 hmac = new Hmact64(userSessionKey);
hmac.Update(sessionNonce);
byte[] ntlm2SessionKey = hmac.Digest();
if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0)
{
_masterKey = new byte[16];
//RANDOM.NextBytes(masterKey);
byte[] exchangedKey = new byte[16];
Rc4 rc4 = new Rc4(ntlm2SessionKey);
rc4.Update(_masterKey, 0, 16, exchangedKey, 0);
SetSessionKey(exchangedKey);
}
else
{
_masterKey = ntlm2SessionKey;
SetSessionKey(_masterKey);
}
}
}
break;
}
case 2:
{
byte[] nt = GetNTResponse(type2, password);
SetLmResponse(nt);
SetNtResponse(nt);
break;
}
case 3:
case 4:
case 5:
{
byte[] responseKeyNt1 = NtlmPasswordAuthentication.NtowFv2(domain, user, password
);
byte[] clientChallenge1 = new byte[8];
//RANDOM.NextBytes(clientChallenge_1);
SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge1));
byte[] clientChallenge2 = new byte[8];
//RANDOM.NextBytes(clientChallenge2);
SetNtResponse(GetNtlMv2Response(type2, responseKeyNt1, clientChallenge2));
if ((GetFlags() & NtlmsspNegotiateSign) == NtlmsspNegotiateSign)
{
Hmact64 hmac = new Hmact64(responseKeyNt1);
hmac.Update(_ntResponse, 0, 16);
// only first 16 bytes of ntResponse
byte[] userSessionKey = hmac.Digest();
if ((GetFlags() & NtlmsspNegotiateKeyExch) != 0)
{
_masterKey = new byte[16];
//RANDOM.NextBytes(masterKey);
byte[] exchangedKey = new byte[16];
Rc4 rc4 = new Rc4(userSessionKey);
rc4.Update(_masterKey, 0, 16, exchangedKey, 0);
SetSessionKey(exchangedKey);
}
else
{
_masterKey = userSessionKey;
SetSessionKey(_masterKey);
}
}
break;
}
default:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
}
}
/// <summary>
/// Creates a Type-3 message in response to the given Type-2 message
/// using default values from the current environment.
/// </summary>
/// <remarks>
/// Creates a Type-3 message in response to the given Type-2 message
/// using default values from the current environment.
/// </remarks>
/// <param name="type2">The Type-2 message which this represents a response to.</param>
public Type3Message(Type2Message type2)
{
SetFlags(GetDefaultFlags(type2));
SetWorkstation(GetDefaultWorkstation());
string domain = GetDefaultDomain();
SetDomain(domain);
string user = GetDefaultUser();
SetUser(user);
string password = GetDefaultPassword();
switch (LmCompatibility)
{
case 0:
case 1:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
case 2:
{
byte[] nt = GetNTResponse(type2, password);
SetLmResponse(nt);
SetNtResponse(nt);
break;
}
case 3:
case 4:
case 5:
{
byte[] clientChallenge = new byte[8];
//RANDOM.NextBytes(clientChallenge);
SetLmResponse(GetLMv2Response(type2, domain, user, password, clientChallenge));
break;
}
default:
{
SetLmResponse(GetLMResponse(type2, password));
SetNtResponse(GetNTResponse(type2, password));
break;
}
}
}