本文整理汇总了Python中impacket.spnego.TypesMech方法的典型用法代码示例。如果您正苦于以下问题:Python spnego.TypesMech方法的具体用法?Python spnego.TypesMech怎么用?Python spnego.TypesMech使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.spnego的用法示例。
在下文中一共展示了spnego.TypesMech方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: negotiateResp_authDowngrade
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def negotiateResp_authDowngrade(self, packet):
try:
# Try to downgrade them to NTLM
resp = SMB2Negotiate_Response(packet['Data'])
securityBlob = SPNEGO_NegTokenInit(data = resp['Buffer'])
if TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider'] not in securityBlob['MechTypes']:
self.logger.info("Server does not support NTLM - auth mechanism downgrade will not work")
return packet
self.logger.info("Server supports NTLM auth - Attempting to downgrade....")
securityBlob['MechTypes'] = [TypesMech['NEGOEX - SPNEGO Extended Negotiation Security Mechanism'], TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
resp['Buffer'] = securityBlob.getData()
resp['SecurityBufferLength'] = len(resp['Buffer'])
packet['Data'] = str(resp)
except:
pass
return packet
# <NTLMV2 AUTHENTICATION CAPTURE>#
# NTLM Negotiate 示例2: sendNegotiatev2
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def sendNegotiatev2(self, negotiateMessage):
v2client = self.session.getSMBServer()
sessionSetup = SMB2SessionSetup()
sessionSetup['Flags'] = 0
# Let's build a NegTokenInit with the NTLMSSP
blob = SPNEGO_NegTokenInit()
# NTLMSSP
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
blob['MechToken'] = negotiateMessage
sessionSetup['SecurityBufferLength'] = len(blob)
sessionSetup['Buffer'] = blob.getData()
packet = v2client.SMB_PACKET()
packet['Command'] = SMB2_SESSION_SETUP
packet['Data'] = sessionSetup
packetID = v2client.sendSMB(packet)
ans = v2client.recvSMB(packetID)
if ans.isValidAnswer(STATUS_MORE_PROCESSING_REQUIRED):
v2client._Session['SessionID'] = ans['SessionID']
sessionSetupResponse = SMB2SessionSetup_Response(ans['Data'])
respToken = SPNEGO_NegTokenResp(sessionSetupResponse['Buffer'])
return respToken['ResponseToken']
return False 示例3: negotiateResp_track
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def negotiateResp_track(self, packet):
resp = SMB2Negotiate_Response(packet['Data'])
# https://msdn.microsoft.com/en-us/library/cc246563.aspx
if(resp['SecurityMode'] == 1):
self.SERVER_INFO.SIGNATURES_ENABLED = True
self.SERVER_INFO.SIGNATURES_REQUIRED = False
if(resp['SecurityMode'] == 2):
self.SERVER_INFO.SIGNATURES_ENABLED = False
self.SERVER_INFO.SIGNATURES_REQUIRED = True
if(resp['SecurityMode'] == 3):
self.SERVER_INFO.SIGNATURES_ENABLED = True
self.SERVER_INFO.SIGNATURES_REQUIRED = True
# Server decides dialect
self.SESSION_DIALECT = resp['DialectRevision']
# NTLM_SUPPORTED
resp = SMB2Negotiate_Response(packet['Data'])
securityBlob = SPNEGO_NegTokenInit(data = resp['Buffer'])
if TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider'] not in securityBlob['MechTypes']:
self.SERVER_INFO.NTLM_SUPPORTED = False
else:
self.SERVER_INFO.NTLM_SUPPORTED = True
# Encryption (If client and server put the 'support' flag, encryption will be used)
if (resp['Capabilities'] & SMB2_GLOBAL_CAP_ENCRYPTION) == SMB2_GLOBAL_CAP_ENCRYPTION:
self.SERVER_INFO.ENCRYPTION_ENABLED = True
else:
self.SERVER_INFO.ENCRYPTION_ENABLED = False 示例4: sessionSetupReq_NTLMv2_Neg
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def sessionSetupReq_NTLMv2_Neg(self, packet):
try:
req = SMB2SessionSetup(packet['Data'])
securityBlob = SPNEGO_NegTokenInit(data = req['Buffer'])
if TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider'] not in securityBlob['MechTypes']:
return
newHash = NTLMV2_Struct()
newHash.NEGOTIATE_INFO.fromString(securityBlob['Payload'][securityBlob['Payload'].find("NTLMSSP"):])
self.NTLMV2_DATASTORE.append(newHash)
except:
pass
return packet
# NTLM Challenge 示例5: sendNegotiatev2
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def sendNegotiatev2(self, negotiateMessage):
v2client = self.session.getSMBServer()
sessionSetup = SMB2SessionSetup()
sessionSetup['Flags'] = 0
# Let's build a NegTokenInit with the NTLMSSP
blob = SPNEGO_NegTokenInit()
# NTLMSSP
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
blob['MechToken'] = str(negotiateMessage)
sessionSetup['SecurityBufferLength'] = len(blob)
sessionSetup['Buffer'] = blob.getData()
packet = v2client.SMB_PACKET()
packet['Command'] = SMB2_SESSION_SETUP
packet['Data'] = sessionSetup
packetID = v2client.sendSMB(packet)
ans = v2client.recvSMB(packetID)
if ans.isValidAnswer(STATUS_MORE_PROCESSING_REQUIRED):
v2client._Session['SessionID'] = ans['SessionID']
sessionSetupResponse = SMB2SessionSetup_Response(ans['Data'])
respToken = SPNEGO_NegTokenResp(sessionSetupResponse['Buffer'])
return respToken['ResponseToken']
return False 示例6: sendNegotiate
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def sendNegotiate(self, negotiateMessage):
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if self._SignatureRequired:
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Let's build a NegTokenInit with the NTLMSSP
# TODO: In the future we should be able to choose different providers
blob = SPNEGO_NegTokenInit()
# NTLMSSP
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
blob['MechToken'] = str(negotiateMessage)
sessionSetup['Parameters']['SecurityBlobLength'] = len(blob)
sessionSetup['Parameters'].getData()
sessionSetup['Data']['SecurityBlob'] = blob.getData()
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
self.sendSMB(smb)
smb = self.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except Exception:
logging.error("SessionSetup Error!")
raise
else:
# We will need to use this uid field for all future requests/responses
self._uid = smb['Uid']
# Now we have to extract the blob to continue the auth process
sessionResponse = SMBCommand(smb['Data'][0])
sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
sessionData.fromString(sessionResponse['Data'])
respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])
return respToken['ResponseToken'] 示例7: getNegoAnswer
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def getNegoAnswer(recvPacket):
smbCommand = SMBCommand(recvPacket['Data'][0])
respSMBCommand = SMBCommand(SMB.SMB_COM_NEGOTIATE)
resp = NewSMBPacket()
resp['Flags1'] = SMB.FLAGS1_REPLY
resp['Pid'] = recvPacket['Pid']
resp['Tid'] = recvPacket['Tid']
resp['Mid'] = recvPacket['Mid']
dialects = smbCommand['Data'].split('\x02')
index = dialects.index('NT LM 0.12\x00') - 1
# Let's fill the data for NTLM
if recvPacket['Flags2'] & SMB.FLAGS2_EXTENDED_SECURITY:
resp['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_UNICODE
_dialects_data = SMBExtended_Security_Data()
_dialects_data['ServerGUID'] = 'A' * 16
blob = SPNEGO_NegTokenInit()
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
_dialects_data['SecurityBlob'] = blob.getData()
_dialects_parameters = SMBExtended_Security_Parameters()
_dialects_parameters[
'Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_NT_SMBS | SMB.CAP_UNICODE
_dialects_parameters['ChallengeLength'] = 0
else:
resp['Flags2'] = SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_UNICODE
_dialects_parameters = SMBNTLMDialect_Parameters()
_dialects_data = SMBNTLMDialect_Data()
_dialects_data['Payload'] = ''
_dialects_data['Challenge'] = '\x11\x22\x33\x44\x55\x66\x77\x88'
_dialects_parameters['ChallengeLength'] = 8
_dialects_parameters['Capabilities'] = SMB.CAP_USE_NT_ERRORS | SMB.CAP_NT_SMBS
_dialects_parameters['Capabilities'] |= SMB.CAP_RPC_REMOTE_APIS
_dialects_parameters['DialectIndex'] = index
_dialects_parameters['SecurityMode'] = SMB.SECURITY_AUTH_ENCRYPTED | SMB.SECURITY_SHARE_USER
_dialects_parameters['MaxMpxCount'] = 1
_dialects_parameters['MaxNumberVcs'] = 1
_dialects_parameters['MaxBufferSize'] = 64000
_dialects_parameters['MaxRawSize'] = 65536
_dialects_parameters['SessionKey'] = 0
_dialects_parameters['LowDateTime'] = 0
_dialects_parameters['HighDateTime'] = 0
_dialects_parameters['ServerTimeZone'] = 0
respSMBCommand['Data'] = _dialects_data
respSMBCommand['Parameters'] = _dialects_parameters
resp.addCommand(respSMBCommand)
return resp 示例8: sendNegotiatev1
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def sendNegotiatev1(self, negotiateMessage):
v1client = self.session.getSMBServer()
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if v1client.is_signing_required():
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Let's build a NegTokenInit with the NTLMSSP
# TODO: In the future we should be able to choose different providers
blob = SPNEGO_NegTokenInit()
# NTLMSSP
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
blob['MechToken'] = str(negotiateMessage)
sessionSetup['Parameters']['SecurityBlobLength'] = len(blob)
sessionSetup['Parameters'].getData()
sessionSetup['Data']['SecurityBlob'] = blob.getData()
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
v1client.sendSMB(smb)
smb = v1client.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except Exception:
LOG.error("SessionSetup Error!")
raise
else:
# We will need to use this uid field for all future requests/responses
v1client.set_uid(smb['Uid'])
# Now we have to extract the blob to continue the auth process
sessionResponse = SMBCommand(smb['Data'][0])
sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
sessionData.fromString(sessionResponse['Data'])
respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])
return respToken['ResponseToken'] 示例9: ldap_kerberos
# 需要导入模块: from impacket import spnego [as 别名]
# 或者: from impacket.spnego import TypesMech [as 别名]
def ldap_kerberos(domain, kdc, tgt, username, ldapconnection, hostname):
# Hackery to authenticate with ldap3 using impacket Kerberos stack
# I originally wrote this for BloodHound.py, but it works fine (tm) here too
username = Principal(username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
servername = Principal('ldap/%s' % hostname, type=constants.PrincipalNameType.NT_SRV_INST.value)
tgs, cipher, _, sessionkey = getKerberosTGS(servername, domain, kdc,
tgt['KDC_REP'], tgt['cipher'], tgt['sessionKey'])
# Let's build a NegTokenInit with a Kerberos AP_REQ
blob = SPNEGO_NegTokenInit()
# Kerberos
blob['MechTypes'] = [TypesMech['MS KRB5 - Microsoft Kerberos 5']]
# Let's extract the ticket from the TGS
tgs = decoder.decode(tgs, asn1Spec=TGS_REP())[0]
ticket = Ticket()
ticket.from_asn1(tgs['ticket'])
# Now let's build the AP_REQ
apReq = AP_REQ()
apReq['pvno'] = 5
apReq['msg-type'] = int(constants.ApplicationTagNumbers.AP_REQ.value)
opts = []
apReq['ap-options'] = constants.encodeFlags(opts)
seq_set(apReq, 'ticket', ticket.to_asn1)
authenticator = Authenticator()
authenticator['authenticator-vno'] = 5
authenticator['crealm'] = domain
seq_set(authenticator, 'cname', username.components_to_asn1)
now = datetime.datetime.utcnow()
authenticator['cusec'] = now.microsecond
authenticator['ctime'] = KerberosTime.to_asn1(now)
encodedAuthenticator = encoder.encode(authenticator)
# Key Usage 11
# AP-REQ Authenticator (includes application authenticator
# subkey), encrypted with the application session key
# (Section 5.5.1)
encryptedEncodedAuthenticator = cipher.encrypt(sessionkey, 11, encodedAuthenticator, None)
apReq['authenticator'] = noValue
apReq['authenticator']['etype'] = cipher.enctype
apReq['authenticator']['cipher'] = encryptedEncodedAuthenticator
blob['MechToken'] = encoder.encode(apReq)
# From here back to ldap3
ldapconnection.open(read_server_info=False)
request = bind_operation(ldapconnection.version, SASL, None, None, ldapconnection.sasl_mechanism, blob.getData())
response = ldapconnection.post_send_single_response(ldapconnection.send('bindRequest', request, None))[0]
ldapconnection.result = response
if response['result'] == 0:
ldapconnection.bound = True
ldapconnection.refresh_server_info()
return response['result'] == 0