204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
# File 'lib/rex/proto/ntlm/message.rb', line 204
def response(arg, opt = {})
usr = arg[:user]
pwd = arg[:password]
if usr.nil? or pwd.nil?
raise ArgumentError, "user and password have to be supplied"
end
if opt[:workstation]
ws = opt[:workstation]
else
ws = ""
end
if opt[:client_challenge]
cc = opt[:client_challenge]
else
cc = rand(CONST::MAX64)
end
cc = Rex::Text::pack_int64le(cc) if cc.is_a?(Integer)
opt[:client_challenge] = cc
if has_flag?(:OEM) and opt[:unicode]
usr = Rex::Text::to_ascii(usr,'utf-16le')
pwd = Rex::Text::to_ascii(pwd,'utf-16le')
ws = Rex::Text::to_ascii(ws,'utf-16le')
opt[:unicode] = false
end
if has_flag?(:UNICODE) and !opt[:unicode]
usr = Rex::Text::to_unicode(usr,'utf-16le')
pwd = Rex::Text::to_unicode(pwd,'utf-16le')
ws = Rex::Text::to_unicode(ws,'utf-16le')
opt[:unicode] = true
end
tgt = self.target_name
ti = self.target_info
chal = self[:challenge].serialize
if opt[:ntlmv2]
ar = { :ntlmv2_hash => CRYPT::ntlmv2_hash(usr, pwd, tgt, opt),
:challenge => chal, :target_info => ti}
lm_res = CRYPT::lmv2_response(ar, opt)
ntlm_res = CRYPT::ntlmv2_response(ar, opt)
elsif has_flag?(:NTLM2_KEY)
ar = {:ntlm_hash => CRYPT::ntlm_hash(pwd, opt), :challenge => chal}
lm_res, ntlm_res = CRYPT::ntlm2_session(ar, opt)
else
lm_res = CRYPT::lm_response(pwd, chal)
ntlm_res = CRYPT::ntlm_response(pwd, chal)
end
Type3.create({
:lm_response => lm_res,
:ntlm_response => ntlm_res,
:domain => tgt,
:user => usr,
:workstation => ws,
:flag => self.flag
})
end
|