本文整理汇总了Python中impacket.spnego.SPNEGO_NegTokenResp方法的典型用法代码示例。如果您正苦于以下问题:Python spnego.SPNEGO_NegTokenResp方法的具体用法?Python spnego.SPNEGO_NegTokenResp怎么用?Python spnego.SPNEGO_NegTokenResp使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.spnego的用法示例。
在下文中一共展示了spnego.SPNEGO_NegTokenResp方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: do_ntlm_auth
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
#The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
token = respToken2['ResponseToken']
clientResponse = None
if self.target[0] == 'SMB':
clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage)
if self.target[0] == 'MSSQL':
#This client needs a proper response code
try:
result = client.sendAuth(token)
if result: #This contains a boolean
errorCode = STATUS_SUCCESS
else:
errorCode = STATUS_ACCESS_DENIED
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
errorCode = STATUS_ACCESS_DENIED 示例2: do_ntlm_auth
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,token,authenticateMessage):
#For some attacks it is important to know the authenticated username, so we store it
self.authUser = authenticateMessage['user_name']
#TODO: What is this 127.0.0.1 doing here? Maybe document specific use case
if authenticateMessage['user_name'] != '' or self.target[1] == '127.0.0.1':
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = str(token)
if self.target[0] == 'HTTP' or self.target[0] == 'HTTPS':
try:
result = self.client.sendAuth(token) #Result is a boolean
if result:
return True
else:
logging.error("HTTP NTLM auth against %s as %s FAILED" % (self.target[1],self.authUser))
return False
except Exception, e:
logging.error("HTTP NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
return False 示例3: do_ntlm_auth
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
#The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
token = respToken2['ResponseToken']
clientResponse = None
if self.target[0] == 'HTTP' or self.target[0] == 'HTTPS':
try:
result = client.sendAuth(token) #Result is a boolean
if result:
errorCode = STATUS_SUCCESS
else:
logging.error("HTTP NTLM auth against %s as %s FAILED" % (self.target[1],self.authUser))
errorCode = STATUS_ACCESS_DENIED
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
errorCode = STATUS_ACCESS_DENIED 示例4: do_ntlm_auth
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def do_ntlm_auth(self,token,authenticateMessage):
#For some attacks it is important to know the authenticated username, so we store it
self.authUser = authenticateMessage['user_name']
#TODO: What is this 127.0.0.1 doing here? Maybe document specific use case
if authenticateMessage['user_name'] != '' or self.target[1] == '127.0.0.1':
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = str(token)
if self.target[0] == 'SMB':
clientResponse, errorCode = self.client.sendAuth(respToken2.getData(),self.challengeMessage['challenge'])
if self.target[0] == 'MSSQL':
try:
result = self.client.sendAuth(token)
return result #This contains a boolean
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
return False
if self.target[0] == 'LDAP' or self.target[0] == 'LDAPS':
try:
result = self.client.sendAuth(token) #Result dict
if result['result'] == 0 and result['description'] == 'success':
return True
else:
logging.error("LDAP bind against %s as %s FAILED" % (self.target[1],self.authUser))
logging.error('Error: %s. Message: %s' % (result['description'],str(result['message'])))
return False
#Failed example:
#{'dn': u'', 'saslCreds': None, 'referrals': None, 'description': 'invalidCredentials', 'result': 49, 'message': u'8009030C: LdapErr: DSID-0C0905FE, comment: AcceptSecurityContext error, data 52e, v23f0\x00', 'type': 'bindResponse'}
#Ok example:
#{'dn': u'', 'saslCreds': None, 'referrals': None, 'description': 'success', 'result': 0, 'message': u'', 'type': 'bindResponse'}
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
return False 示例5: getKerberosType3
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def getKerberosType3(cipher, sessionKey, auth_data):
negTokenResp = SPNEGO_NegTokenResp(auth_data)
# If DCE_STYLE = FALSE
#ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
try:
krbError = KerberosError(packet = decoder.decode(negTokenResp['ResponseToken'][15:], asn1Spec = KRB_ERROR())[0])
except Exception, e:
pass 示例6: sendNegotiate
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def sendNegotiate(self, negotiateMessage):
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if self._SignatureRequired:
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Let's build a NegTokenInit with the NTLMSSP
# TODO: In the future we should be able to choose different providers
blob = SPNEGO_NegTokenInit()
# NTLMSSP
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
blob['MechToken'] = str(negotiateMessage)
sessionSetup['Parameters']['SecurityBlobLength'] = len(blob)
sessionSetup['Parameters'].getData()
sessionSetup['Data']['SecurityBlob'] = blob.getData()
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
self.sendSMB(smb)
smb = self.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except Exception:
logging.error("SessionSetup Error!")
raise
else:
# We will need to use this uid field for all future requests/responses
self._uid = smb['Uid']
# Now we have to extract the blob to continue the auth process
sessionResponse = SMBCommand(smb['Data'][0])
sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
sessionData.fromString(sessionResponse['Data'])
respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])
return respToken['ResponseToken'] 示例7: sendNegotiate
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def sendNegotiate(self, negotiateMessage):
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if self._SignatureRequired:
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Let's build a NegTokenInit with the NTLMSSP
# TODO: In the future we should be able to choose different providers
blob = SPNEGO_NegTokenInit()
# NTLMSSP
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
blob['MechToken'] = negotiateMessage
sessionSetup['Parameters']['SecurityBlobLength'] = len(blob)
sessionSetup['Parameters'].getData()
sessionSetup['Data']['SecurityBlob'] = blob.getData()
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
self.sendSMB(smb)
smb = self.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except Exception:
logging.error("SessionSetup Error!")
raise
else:
# We will need to use this uid field for all future requests/responses
self._uid = smb['Uid']
# Now we have to extract the blob to continue the auth process
sessionResponse = SMBCommand(smb['Data'][0])
sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
sessionData.fromString(sessionResponse['Data'])
respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])
return respToken['ResponseToken'] 示例8: getKerberosType3
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def getKerberosType3(cipher, sessionKey, auth_data):
negTokenResp = SPNEGO_NegTokenResp(auth_data)
# If DCE_STYLE = FALSE
#ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
try:
krbError = KerberosError(packet = decoder.decode(negTokenResp['ResponseToken'][15:], asn1Spec = KRB_ERROR())[0])
except Exception:
pass
else:
raise krbError
ap_rep = decoder.decode(negTokenResp['ResponseToken'], asn1Spec=AP_REP())[0]
cipherText = ap_rep['enc-part']['cipher']
# Key Usage 12
# AP-REP encrypted part (includes application session
# subkey), encrypted with the application session key
# (Section 5.5.2)
plainText = cipher.decrypt(sessionKey, 12, cipherText)
encAPRepPart = decoder.decode(plainText, asn1Spec = EncAPRepPart())[0]
cipher = _enctype_table[int(encAPRepPart['subkey']['keytype'])]()
sessionKey2 = Key(cipher.enctype, encAPRepPart['subkey']['keyvalue'].asOctets())
sequenceNumber = int(encAPRepPart['seq-number'])
encAPRepPart['subkey'].clear()
encAPRepPart = encAPRepPart.clone()
now = datetime.datetime.utcnow()
encAPRepPart['cusec'] = now.microsecond
encAPRepPart['ctime'] = KerberosTime.to_asn1(now)
encAPRepPart['seq-number'] = sequenceNumber
encodedAuthenticator = encoder.encode(encAPRepPart)
encryptedEncodedAuthenticator = cipher.encrypt(sessionKey, 12, encodedAuthenticator, None)
ap_rep['enc-part'].clear()
ap_rep['enc-part']['etype'] = cipher.enctype
ap_rep['enc-part']['cipher'] = encryptedEncodedAuthenticator
resp = SPNEGO_NegTokenResp()
resp['ResponseToken'] = encoder.encode(ap_rep)
return cipher, sessionKey2, resp.getData() 示例9: sendNegotiate
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import SPNEGO_NegTokenResp [as 别名]
def sendNegotiate(self, negotiateMessage):
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if self._SignatureRequired:
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Let's build a NegTokenInit with the NTLMSSP
# TODO: In the future we should be able to choose different providers
blob = SPNEGO_NegTokenInit()
# NTLMSSP
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
blob['MechToken'] = str(negotiateMessage)
sessionSetup['Parameters']['SecurityBlobLength'] = len(blob)
sessionSetup['Parameters'].getData()
sessionSetup['Data']['SecurityBlob'] = blob.getData()
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
self.sendSMB(smb)
smb = self.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except Exception:
logging.error("SessionSetup Error!")
raise
else:
# We will need to use this uid field for all future requests/responses
self._uid = smb['Uid']
# Now we have to extract the blob to continue the auth process
sessionResponse = SMBCommand(smb['Data'][0])
sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
sessionData.fromString(sessionResponse['Data'])
respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])
return respToken['ResponseToken']