public override byte[] Encode() { var target = EncodeString(Domain); var user = EncodeString(Username); var host = EncodeString(Host); var payloadOffset = 64; bool negotiateVersion; byte[] lm, ntlm; ChallengeResponse2.Compute(type2, Level, Username, Password, Domain, out lm, out ntlm); if (negotiateVersion = (type2.Flags & NtlmFlags.NegotiateVersion) != 0 && OSVersion != null) { payloadOffset += 8; } var lmResponseLength = lm != null ? lm.Length : 0; var ntResponseLength = ntlm != null ? ntlm.Length : 0; var message = PrepareMessage(payloadOffset + target.Length + user.Length + host.Length + lmResponseLength + ntResponseLength); // LM response short lmResponseOffset = (short)(payloadOffset + target.Length + user.Length + host.Length); message[12] = (byte)lmResponseLength; message[13] = (byte)0x00; message[14] = message[12]; message[15] = message[13]; message[16] = (byte)lmResponseOffset; message[17] = (byte)(lmResponseOffset >> 8); // NT response short ntResponseOffset = (short)(lmResponseOffset + lmResponseLength); message[20] = (byte)ntResponseLength; message[21] = (byte)(ntResponseLength >> 8); message[22] = message[20]; message[23] = message[21]; message[24] = (byte)ntResponseOffset; message[25] = (byte)(ntResponseOffset >> 8); // target short domainLength = (short)target.Length; short domainOffset = (short)payloadOffset; message[28] = (byte)domainLength; message[29] = (byte)(domainLength >> 8); message[30] = message[28]; message[31] = message[29]; message[32] = (byte)domainOffset; message[33] = (byte)(domainOffset >> 8); // username short userLength = (short)user.Length; short userOffset = (short)(domainOffset + domainLength); message[36] = (byte)userLength; message[37] = (byte)(userLength >> 8); message[38] = message[36]; message[39] = message[37]; message[40] = (byte)userOffset; message[41] = (byte)(userOffset >> 8); // host short hostLength = (short)host.Length; short hostOffset = (short)(userOffset + userLength); message[44] = (byte)hostLength; message[45] = (byte)(hostLength >> 8); message[46] = message[44]; message[47] = message[45]; message[48] = (byte)hostOffset; message[49] = (byte)(hostOffset >> 8); // message length short messageLength = (short)message.Length; message[56] = (byte)messageLength; message[57] = (byte)(messageLength >> 8); // options flags message[60] = (byte)Flags; message[61] = (byte)((uint)Flags >> 8); message[62] = (byte)((uint)Flags >> 16); message[63] = (byte)((uint)Flags >> 24); if (negotiateVersion) { message[64] = (byte)OSVersion.Major; message[65] = (byte)OSVersion.Minor; message[66] = (byte)OSVersion.Build; message[67] = (byte)(OSVersion.Build >> 8); message[68] = 0x00; message[69] = 0x00; message[70] = 0x00; message[71] = 0x0f; } Buffer.BlockCopy(target, 0, message, domainOffset, target.Length); Buffer.BlockCopy(user, 0, message, userOffset, user.Length); Buffer.BlockCopy(host, 0, message, hostOffset, host.Length); if (lm != null) { Buffer.BlockCopy(lm, 0, message, lmResponseOffset, lm.Length); Array.Clear(lm, 0, lm.Length); } if (ntlm != null) { Buffer.BlockCopy(ntlm, 0, message, ntResponseOffset, ntlm.Length); Array.Clear(ntlm, 0, ntlm.Length); } return(message); }
public override byte[] Encode() { var target = EncodeString(Domain); var user = EncodeString(Username); var host = EncodeString(Host); var payloadOffset = 64; bool reqVersion; byte[] lm, ntlm; ChallengeResponse2.Compute(type2, Level, Username, Password, Domain, out lm, out ntlm); if (reqVersion = (type2.Flags & NtlmFlags.NegotiateVersion) != 0) { payloadOffset += 8; } var lmResponseLength = lm != null ? lm.Length : 0; var ntResponseLength = ntlm != null ? ntlm.Length : 0; var data = PrepareMessage(payloadOffset + target.Length + user.Length + host.Length + lmResponseLength + ntResponseLength); // LM response short lmResponseOffset = (short)(payloadOffset + target.Length + user.Length + host.Length); data[12] = (byte)lmResponseLength; data[13] = (byte)0x00; data[14] = data[12]; data[15] = data[13]; data[16] = (byte)lmResponseOffset; data[17] = (byte)(lmResponseOffset >> 8); // NT response short ntResponseOffset = (short)(lmResponseOffset + lmResponseLength); data[20] = (byte)ntResponseLength; data[21] = (byte)(ntResponseLength >> 8); data[22] = data[20]; data[23] = data[21]; data[24] = (byte)ntResponseOffset; data[25] = (byte)(ntResponseOffset >> 8); // target short domainLength = (short)target.Length; short domainOffset = (short)payloadOffset; data[28] = (byte)domainLength; data[29] = (byte)(domainLength >> 8); data[30] = data[28]; data[31] = data[29]; data[32] = (byte)domainOffset; data[33] = (byte)(domainOffset >> 8); // username short userLength = (short)user.Length; short userOffset = (short)(domainOffset + domainLength); data[36] = (byte)userLength; data[37] = (byte)(userLength >> 8); data[38] = data[36]; data[39] = data[37]; data[40] = (byte)userOffset; data[41] = (byte)(userOffset >> 8); // host short hostLength = (short)host.Length; short hostOffset = (short)(userOffset + userLength); data[44] = (byte)hostLength; data[45] = (byte)(hostLength >> 8); data[46] = data[44]; data[47] = data[45]; data[48] = (byte)hostOffset; data[49] = (byte)(hostOffset >> 8); // message length short messageLength = (short)data.Length; data[56] = (byte)messageLength; data[57] = (byte)(messageLength >> 8); // options flags data[60] = (byte)Flags; data[61] = (byte)((uint)Flags >> 8); data[62] = (byte)((uint)Flags >> 16); data[63] = (byte)((uint)Flags >> 24); if (reqVersion) { // encode the Windows version as Windows 10.0 data[64] = 0x0A; data[65] = 0x0; // encode the ProductBuild version data[66] = (byte)(10586 & 0xff); data[67] = (byte)(10586 >> 8); // next 3 bytes are reserved and should remain 0 // encode the NTLMRevisionCurrent version data[71] = 0x0F; } Buffer.BlockCopy(target, 0, data, domainOffset, target.Length); Buffer.BlockCopy(user, 0, data, userOffset, user.Length); Buffer.BlockCopy(host, 0, data, hostOffset, host.Length); if (lm != null) { Buffer.BlockCopy(lm, 0, data, lmResponseOffset, lm.Length); Array.Clear(lm, 0, lm.Length); } if (ntlm != null) { Buffer.BlockCopy(ntlm, 0, data, ntResponseOffset, ntlm.Length); Array.Clear(ntlm, 0, ntlm.Length); } return(data); }
public override byte[] Encode() { var target = EncodeString(domain); var user = EncodeString(Username); var hostName = EncodeString(host); var payloadOffset = 64; bool reqVersion; byte[] lm, ntlm; if (type2 == null) { if (Level != NtlmAuthLevel.LM_and_NTLM) { throw new InvalidOperationException("Refusing to use legacy-mode LM/NTLM authentication unless explicitly enabled using NtlmSettings.DefaultAuthLevel."); } using (var legacy = new ChallengeResponse(Password, challenge)) { lm = legacy.LM; ntlm = legacy.NT; } reqVersion = false; } else { ChallengeResponse2.Compute(type2, Level, Username, Password, domain, out lm, out ntlm); if ((reqVersion = (type2.Flags & NtlmFlags.NegotiateVersion) != 0)) { payloadOffset += 8; } } var lmResponseLength = lm != null ? lm.Length : 0; var ntResponseLength = ntlm != null ? ntlm.Length : 0; var data = PrepareMessage(payloadOffset + target.Length + user.Length + hostName.Length + lmResponseLength + ntResponseLength); // LM response short lmResponseOffset = (short)(payloadOffset + target.Length + user.Length + hostName.Length); data[12] = (byte)lmResponseLength; data[13] = (byte)0x00; data[14] = data[12]; data[15] = data[13]; data[16] = (byte)lmResponseOffset; data[17] = (byte)(lmResponseOffset >> 8); // NT response short ntResponseOffset = (short)(lmResponseOffset + lmResponseLength); data[20] = (byte)ntResponseLength; data[21] = (byte)(ntResponseLength >> 8); data[22] = data[20]; data[23] = data[21]; data[24] = (byte)ntResponseOffset; data[25] = (byte)(ntResponseOffset >> 8); // target short domainLength = (short)target.Length; short domainOffset = (short)payloadOffset; data[28] = (byte)domainLength; data[29] = (byte)(domainLength >> 8); data[30] = data[28]; data[31] = data[29]; data[32] = (byte)domainOffset; data[33] = (byte)(domainOffset >> 8); // username short userLength = (short)user.Length; short userOffset = (short)(domainOffset + domainLength); data[36] = (byte)userLength; data[37] = (byte)(userLength >> 8); data[38] = data[36]; data[39] = data[37]; data[40] = (byte)userOffset; data[41] = (byte)(userOffset >> 8); // host short hostLength = (short)hostName.Length; short hostOffset = (short)(userOffset + userLength); data[44] = (byte)hostLength; data[45] = (byte)(hostLength >> 8); data[46] = data[44]; data[47] = data[45]; data[48] = (byte)hostOffset; data[49] = (byte)(hostOffset >> 8); // message length short messageLength = (short)data.Length; data[56] = (byte)messageLength; data[57] = (byte)(messageLength >> 8); // options flags data[60] = (byte)Flags; data[61] = (byte)((uint)Flags >> 8); data[62] = (byte)((uint)Flags >> 16); data[63] = (byte)((uint)Flags >> 24); if (reqVersion) { // encode the Windows version as Windows 10.0 data[64] = 0x0A; data[65] = 0x0; // encode the ProductBuild version data[66] = (byte)(10586 & 0xff); data[67] = (byte)(10586 >> 8); // next 3 bytes are reserved and should remain 0 // encode the NTLMRevisionCurrent version data[71] = 0x0F; } Buffer.BlockCopy(target, 0, data, domainOffset, target.Length); Buffer.BlockCopy(user, 0, data, userOffset, user.Length); Buffer.BlockCopy(hostName, 0, data, hostOffset, hostName.Length); if (lm != null) { Buffer.BlockCopy(lm, 0, data, lmResponseOffset, lm.Length); Array.Clear(lm, 0, lm.Length); } if (ntlm != null) { Buffer.BlockCopy(ntlm, 0, data, ntResponseOffset, ntlm.Length); Array.Clear(ntlm, 0, ntlm.Length); } return(data); }
public override byte[] Encode() { var target = EncodeString(domain); var user = EncodeString(Username); var hostName = EncodeString(host); byte[] lm, ntlm; if (type2 == null) { if (Level != NtlmAuthLevel.LM_and_NTLM) { throw new InvalidOperationException("Refusing to use legacy-mode LM/NTLM authentication unless explicitly enabled using NtlmSettings.DefaultAuthLevel."); } using (var legacy = new ChallengeResponse(Password, challenge)) { lm = legacy.LM; ntlm = legacy.NT; } } else { ChallengeResponse2.Compute(type2, Level, Username, Password, domain, out lm, out ntlm); } var lmResponseLength = lm != null ? lm.Length : 0; var ntResponseLength = ntlm != null ? ntlm.Length : 0; var data = PrepareMessage(64 + target.Length + user.Length + hostName.Length + lmResponseLength + ntResponseLength); // LM response short lmResponseOffset = (short)(64 + target.Length + user.Length + hostName.Length); data[12] = (byte)lmResponseLength; data[13] = (byte)0x00; data[14] = data[12]; data[15] = data[13]; data[16] = (byte)lmResponseOffset; data[17] = (byte)(lmResponseOffset >> 8); // NT response short ntResponseOffset = (short)(lmResponseOffset + lmResponseLength); data[20] = (byte)ntResponseLength; data[21] = (byte)(ntResponseLength >> 8); data[22] = data[20]; data[23] = data[21]; data[24] = (byte)ntResponseOffset; data[25] = (byte)(ntResponseOffset >> 8); // target short domainLength = (short)target.Length; const short domainOffset = 64; data[28] = (byte)domainLength; data[29] = (byte)(domainLength >> 8); data[30] = data[28]; data[31] = data[29]; data[32] = (byte)domainOffset; data[33] = (byte)(domainOffset >> 8); // username short userLength = (short)user.Length; short userOffset = (short)(domainOffset + domainLength); data[36] = (byte)userLength; data[37] = (byte)(userLength >> 8); data[38] = data[36]; data[39] = data[37]; data[40] = (byte)userOffset; data[41] = (byte)(userOffset >> 8); // host short hostLength = (short)hostName.Length; short hostOffset = (short)(userOffset + userLength); data[44] = (byte)hostLength; data[45] = (byte)(hostLength >> 8); data[46] = data[44]; data[47] = data[45]; data[48] = (byte)hostOffset; data[49] = (byte)(hostOffset >> 8); // message length short messageLength = (short)data.Length; data[56] = (byte)messageLength; data[57] = (byte)(messageLength >> 8); // options flags data [60] = (byte)Flags; data [61] = (byte)((uint)Flags >> 8); data [62] = (byte)((uint)Flags >> 16); data [63] = (byte)((uint)Flags >> 24); Buffer.BlockCopy(target, 0, data, domainOffset, target.Length); Buffer.BlockCopy(user, 0, data, userOffset, user.Length); Buffer.BlockCopy(hostName, 0, data, hostOffset, hostName.Length); if (lm != null) { Buffer.BlockCopy(lm, 0, data, lmResponseOffset, lm.Length); Array.Clear(lm, 0, lm.Length); } if (ntlm != null) { Buffer.BlockCopy(ntlm, 0, data, ntResponseOffset, ntlm.Length); Array.Clear(ntlm, 0, ntlm.Length); } return(data); }