当前位置: 首页>>代码示例>>Python>>正文


Python spnego.SPNEGO_NegTokenResp方法代码示例

本文整理汇总了Python中impacket.spnego.SPNEGO_NegTokenResp方法的典型用法代码示例。如果您正苦于以下问题:Python spnego.SPNEGO_NegTokenResp方法的具体用法?Python spnego.SPNEGO_NegTokenResp怎么用?Python spnego.SPNEGO_NegTokenResp使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在impacket.spnego的用法示例。


在下文中一共展示了spnego.SPNEGO_NegTokenResp方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: do_ntlm_auth

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
        #The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
        respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
        token = respToken2['ResponseToken']
        clientResponse = None
        if self.target[0] == 'SMB':
            clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage)
        if self.target[0] == 'MSSQL':
            #This client needs a proper response code
            try:
                result = client.sendAuth(token)
                if result: #This contains a boolean
                    errorCode = STATUS_SUCCESS
                else:
                    errorCode = STATUS_ACCESS_DENIED
            except Exception, e:
                logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
                logging.error(str(e))
                errorCode = STATUS_ACCESS_DENIED 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:21,代码来源:smbrelayserver.py

示例2: do_ntlm_auth

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,token,authenticateMessage):
			#For some attacks it is important to know the authenticated username, so we store it
			self.authUser = authenticateMessage['user_name']
		
			#TODO: What is this 127.0.0.1 doing here? Maybe document specific use case
			if authenticateMessage['user_name'] != '' or self.target[1] == '127.0.0.1':
				respToken2 = SPNEGO_NegTokenResp()
				respToken2['ResponseToken'] = str(token)

				if self.target[0] == 'HTTP' or self.target[0] == 'HTTPS':
				    try:
				        result = self.client.sendAuth(token) #Result is a boolean
				        if result:
				            return True
				        else:
				            logging.error("HTTP NTLM auth against %s as %s FAILED" % (self.target[1],self.authUser))
				            return False
				    except Exception, e:
				        logging.error("HTTP NTLM Message type 3 against %s FAILED" % self.target[1])
				        logging.error(str(e))
				        return False 
开发者ID:Arno0x,项目名称:NtlmRelayToEWS,代码行数:23,代码来源:httprelayserver.py

示例3: do_ntlm_auth

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
        #The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
        respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
        token = respToken2['ResponseToken']
        clientResponse = None

        if self.target[0] == 'HTTP' or self.target[0] == 'HTTPS':
            try:
                result = client.sendAuth(token) #Result is a boolean
                if result:
                    errorCode = STATUS_SUCCESS
                else:
                    logging.error("HTTP NTLM auth against %s as %s FAILED" % (self.target[1],self.authUser))
                    errorCode = STATUS_ACCESS_DENIED
            except Exception, e:
                logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
                logging.error(str(e))
                errorCode = STATUS_ACCESS_DENIED 
开发者ID:Arno0x,项目名称:NtlmRelayToEWS,代码行数:20,代码来源:smbrelayserver.py

示例4: do_ntlm_auth

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,token,authenticateMessage):
            #For some attacks it is important to know the authenticated username, so we store it
            self.authUser = authenticateMessage['user_name']
            
            #TODO: What is this 127.0.0.1 doing here? Maybe document specific use case
            if authenticateMessage['user_name'] != '' or self.target[1] == '127.0.0.1':
                respToken2 = SPNEGO_NegTokenResp()
                respToken2['ResponseToken'] = str(token)
                if self.target[0] == 'SMB':
                    clientResponse, errorCode = self.client.sendAuth(respToken2.getData(),self.challengeMessage['challenge'])
                if self.target[0] == 'MSSQL':
                    try:
                        result = self.client.sendAuth(token)
                        return result #This contains a boolean
                    except Exception, e:
                        logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
                        logging.error(str(e))
                        return False

                if self.target[0] == 'LDAP' or self.target[0] == 'LDAPS':
                    try:
                        result = self.client.sendAuth(token) #Result dict
                        if result['result'] == 0 and result['description'] == 'success':
                            return True
                        else:
                            logging.error("LDAP bind against %s as %s FAILED" % (self.target[1],self.authUser))
                            logging.error('Error: %s. Message: %s' % (result['description'],str(result['message'])))
                            return False
                        #Failed example:
                        #{'dn': u'', 'saslCreds': None, 'referrals': None, 'description': 'invalidCredentials', 'result': 49, 'message': u'8009030C: LdapErr: DSID-0C0905FE, comment: AcceptSecurityContext error, data 52e, v23f0\x00', 'type': 'bindResponse'}
                        #Ok example:
                        #{'dn': u'', 'saslCreds': None, 'referrals': None, 'description': 'success', 'result': 0, 'message': u'', 'type': 'bindResponse'}
                    except Exception, e:
                        logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
                        logging.error(str(e))
                        return False 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:38,代码来源:httprelayserver.py

示例5: getKerberosType3

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def getKerberosType3(cipher, sessionKey, auth_data):
    negTokenResp = SPNEGO_NegTokenResp(auth_data)
    # If DCE_STYLE = FALSE
    #ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
    try:
        krbError = KerberosError(packet = decoder.decode(negTokenResp['ResponseToken'][15:], asn1Spec = KRB_ERROR())[0])
    except Exception, e:
        pass 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:10,代码来源:kerberosv5.py

示例6: sendNegotiate

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def sendNegotiate(self, negotiateMessage):
        smb = NewSMBPacket()
        smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
        smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY 
        # Are we required to sign SMB? If so we do it, if not we skip it
        if self._SignatureRequired: 
           smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
          

        sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
        sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
        sessionSetup['Data']       = SMBSessionSetupAndX_Extended_Data()

        sessionSetup['Parameters']['MaxBufferSize']        = 65535
        sessionSetup['Parameters']['MaxMpxCount']          = 2
        sessionSetup['Parameters']['VcNumber']             = 1
        sessionSetup['Parameters']['SessionKey']           = 0
        sessionSetup['Parameters']['Capabilities']         = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE

        # Let's build a NegTokenInit with the NTLMSSP
        # TODO: In the future we should be able to choose different providers

        blob = SPNEGO_NegTokenInit() 

        # NTLMSSP
        blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
        blob['MechToken'] = str(negotiateMessage)

        sessionSetup['Parameters']['SecurityBlobLength']  = len(blob)
        sessionSetup['Parameters'].getData()
        sessionSetup['Data']['SecurityBlob']       = blob.getData()

        # Fake Data here, don't want to get us fingerprinted
        sessionSetup['Data']['NativeOS']      = 'Unix'
        sessionSetup['Data']['NativeLanMan']  = 'Samba'

        smb.addCommand(sessionSetup)
        self.sendSMB(smb)
        smb = self.recvSMB()

        try:
            smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
        except Exception:
            logging.error("SessionSetup Error!")
            raise
        else:
            # We will need to use this uid field for all future requests/responses
            self._uid = smb['Uid']

            # Now we have to extract the blob to continue the auth process
            sessionResponse   = SMBCommand(smb['Data'][0])
            sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
            sessionData       = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
            sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
            sessionData.fromString(sessionResponse['Data'])
            respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])

            return respToken['ResponseToken'] 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:60,代码来源:smbrelayclient.py

示例7: sendNegotiate

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def sendNegotiate(self, negotiateMessage):
        smb = NewSMBPacket()
        smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
        smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY 
        # Are we required to sign SMB? If so we do it, if not we skip it
        if self._SignatureRequired: 
           smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
          

        sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
        sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
        sessionSetup['Data']       = SMBSessionSetupAndX_Extended_Data()

        sessionSetup['Parameters']['MaxBufferSize']        = 65535
        sessionSetup['Parameters']['MaxMpxCount']          = 2
        sessionSetup['Parameters']['VcNumber']             = 1
        sessionSetup['Parameters']['SessionKey']           = 0
        sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE

        # Let's build a NegTokenInit with the NTLMSSP
        # TODO: In the future we should be able to choose different providers

        blob = SPNEGO_NegTokenInit() 

        # NTLMSSP
        blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
        blob['MechToken'] = negotiateMessage

        sessionSetup['Parameters']['SecurityBlobLength']  = len(blob)
        sessionSetup['Parameters'].getData()
        sessionSetup['Data']['SecurityBlob']       = blob.getData()

        # Fake Data here, don't want to get us fingerprinted
        sessionSetup['Data']['NativeOS']      = 'Unix'
        sessionSetup['Data']['NativeLanMan']  = 'Samba'

        smb.addCommand(sessionSetup)
        self.sendSMB(smb)
        smb = self.recvSMB()

        try:
            smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
        except Exception:
            logging.error("SessionSetup Error!")
            raise
        else:
            # We will need to use this uid field for all future requests/responses
            self._uid = smb['Uid']

            # Now we have to extract the blob to continue the auth process
            sessionResponse   = SMBCommand(smb['Data'][0])
            sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
            sessionData       = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
            sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
            sessionData.fromString(sessionResponse['Data'])
            respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])

            return respToken['ResponseToken'] 
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:60,代码来源:smbrelayx.py

示例8: getKerberosType3

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def getKerberosType3(cipher, sessionKey, auth_data):
    negTokenResp = SPNEGO_NegTokenResp(auth_data)
    # If DCE_STYLE = FALSE
    #ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
    try:
        krbError = KerberosError(packet = decoder.decode(negTokenResp['ResponseToken'][15:], asn1Spec = KRB_ERROR())[0])
    except Exception:
        pass
    else:
        raise krbError

    ap_rep = decoder.decode(negTokenResp['ResponseToken'], asn1Spec=AP_REP())[0]

    cipherText = ap_rep['enc-part']['cipher']

    # Key Usage 12
    # AP-REP encrypted part (includes application session
    # subkey), encrypted with the application session key
    # (Section 5.5.2)
    plainText = cipher.decrypt(sessionKey, 12, cipherText)

    encAPRepPart = decoder.decode(plainText, asn1Spec = EncAPRepPart())[0]

    cipher = _enctype_table[int(encAPRepPart['subkey']['keytype'])]()
    sessionKey2 = Key(cipher.enctype, encAPRepPart['subkey']['keyvalue'].asOctets())

    sequenceNumber = int(encAPRepPart['seq-number'])

    encAPRepPart['subkey'].clear()
    encAPRepPart = encAPRepPart.clone()

    now = datetime.datetime.utcnow()
    encAPRepPart['cusec'] = now.microsecond
    encAPRepPart['ctime'] = KerberosTime.to_asn1(now)
    encAPRepPart['seq-number'] = sequenceNumber
    encodedAuthenticator = encoder.encode(encAPRepPart)

    encryptedEncodedAuthenticator = cipher.encrypt(sessionKey, 12, encodedAuthenticator, None)

    ap_rep['enc-part'].clear()
    ap_rep['enc-part']['etype'] = cipher.enctype
    ap_rep['enc-part']['cipher'] = encryptedEncodedAuthenticator

    resp = SPNEGO_NegTokenResp()
    resp['ResponseToken'] = encoder.encode(ap_rep)

    return cipher, sessionKey2, resp.getData() 
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:49,代码来源:kerberosv5.py

示例9: sendNegotiate

# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def sendNegotiate(self, negotiateMessage):
        smb = NewSMBPacket()
        smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
        smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY 
        # Are we required to sign SMB? If so we do it, if not we skip it
        if self._SignatureRequired: 
           smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
          

        sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
        sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
        sessionSetup['Data']       = SMBSessionSetupAndX_Extended_Data()

        sessionSetup['Parameters']['MaxBufferSize']        = 65535
        sessionSetup['Parameters']['MaxMpxCount']          = 2
        sessionSetup['Parameters']['VcNumber']             = 1
        sessionSetup['Parameters']['SessionKey']           = 0
        sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE

        # Let's build a NegTokenInit with the NTLMSSP
        # TODO: In the future we should be able to choose different providers

        blob = SPNEGO_NegTokenInit() 

        # NTLMSSP
        blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
        blob['MechToken'] = str(negotiateMessage)

        sessionSetup['Parameters']['SecurityBlobLength']  = len(blob)
        sessionSetup['Parameters'].getData()
        sessionSetup['Data']['SecurityBlob']       = blob.getData()

        # Fake Data here, don't want to get us fingerprinted
        sessionSetup['Data']['NativeOS']      = 'Unix'
        sessionSetup['Data']['NativeLanMan']  = 'Samba'

        smb.addCommand(sessionSetup)
        self.sendSMB(smb)
        smb = self.recvSMB()

        try:
            smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
        except Exception:
            logging.error("SessionSetup Error!")
            raise
        else:
            # We will need to use this uid field for all future requests/responses
            self._uid = smb['Uid']

            # Now we have to extract the blob to continue the auth process
            sessionResponse   = SMBCommand(smb['Data'][0])
            sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
            sessionData       = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
            sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
            sessionData.fromString(sessionResponse['Data'])
            respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])

            return respToken['ResponseToken'] 
开发者ID:tholum,项目名称:PiBunny,代码行数:60,代码来源:smbrelayx.py


注:本文中的impacket.spnego.SPNEGO_NegTokenResp方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。