>OOfNdZddlmZmZddlmZmZddlmZddl m Z ddl Z ddl Z ddl Z ddl mZ ddlmZeZd d lmZd Zd Zd ZdZdZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)d Z*d!Z+d Z,d Z-dZ.eeeeeeee e!e"e#e$e%e&e'e(e)e*e+e,e-e.gZ/dZ0d Z1d Z2dZ3d!Z4d Z5dZ6dZ7d"Z8dZ9d#Z:e0e1e2e3e4e5e6e7e8e9e:g Z;dZegZ?d(d$Z@d%ZAGd&d'eBZCy#e$rd ZYwxYw)) )packunpack)systemversion) gethostname)timeN)urandom)getpreferredencodingzutf-8)format_ad_timestampsNTLMSSP  c|rbtjdk(r@ tjd\}}}t |}t |}t |}n d}d}d}nd}d}d}t d|t d|zt d|zt ddzt ddzt ddzt dd zS#t $r d}d}d}YkwxYw) Nwindows.r!ri( r> y ( 6=iooc6J3 }e #M 2 #M 2 E  MME   m $ m $ % e   a=  a=   a=   b>    ! !  s>CCCc ^t|dk7r tdtturFt d|ddt d|ddt d|dddt d|d dfSt |dt |dt t d|dddt |d fS) Nr#z"version field must be 8 bytes longr(rrr)r r"r)len ValueErrorstrbytesrr,)version_messages r2unpack_windows_versionr:s ?q =>> e|t_Q/03t_Q/03t_Qq1215t_Q/035 5 OA&'OA&'F41!56q9:OA&') )ceZdZdZdZdZdZdZdZdZ dZ d Z d Z e d Ze d Ze d Ze dZe dZdZdZy) NtlmClientczd|_d|_d|_||_||_d|_d|_g|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_||_d|_d|_d|_d|_d|_d|_d|_d|_ d|_!d|_"d|_#d|_$d|_%d|_&d|_'d|_(d|_)d|_*d|_+d|_,y)NrF)-client_config_flagsexported_session_keynegotiated_flags user_name user_domainno_lm_response_ntlm_v1client_blockedclient_block_exceptions!client_require_128_bit_encryption max_life_timeclient_signing_keyclient_sealing_keysequence_numberserver_sealing_keyserver_signing_key integrity replay_detectsequence_detectconfidentialitydatagramidentityclient_supplied_target_nameclient_channel_binding_unhashedunverified_target_name _passwordserver_challengeserver_target_nameserver_target_infoserver_versionserver_av_netbios_computer_nameserver_av_netbios_domain_nameserver_av_dns_computer_nameserver_av_dns_domain_nameserver_av_dns_forest_nameserver_av_target_nameserver_av_flagsserver_av_timestampserver_av_single_host_dataserver_av_channel_bindingsserver_av_flag_constrainedserver_av_flag_integrity#server_av_flag_target_spn_untrustedcurrent_encodingclient_challengeserver_target_info_raw)selfdomainrBpasswords r2__init__zNtlmClient.__init__se#$ $(! $"!&*##')$15.!"&"&#"&"&"$$  +/(/3,&*#! $"&"&"/3,-1*+/()-&)-&%)"##' *.'*.'*.'(,%370 $ $&*#r;cn|jsy|tvr|jd|zzrdSdStd)NFrT invalid flag)r? FLAG_TYPESr6rlflags r2get_client_flagzNtlmClient.get_client_flags='' : 33qDyA4 Lu L((r;cn|jsy|tvr td|jd|zzrdSdS)NFrqrT)rArrr6rss r2get_negotiated_flagzNtlmClient.get_negotiated_flags=$$ z !^, ,,,T :tEEr;cn|jsy|tvr td|jd|zzrdSdS)NFzinvalid AV flagrT)rb AV_FLAG_TYPESr6rss r2get_server_av_flagzNtlmClient.get_server_av_flags>## } $./ /++qDy9tDuDr;ct|tk(r|g}|D]-}|tvr|xjd|zzc_$t dyNrrqtyper,rrr?r6rlflagsrts r2set_client_flagzNtlmClient.set_client_flagsL ;# GE 1Dz!((Q$Y7( 00  1r;cd|_y)Nr)r?)rls r2reset_client_flagszNtlmClient.reset_client_flagss #$ r;ct|tk(r|g}|D].}|tvr|xjd|zzc_%t dyr|r}rs r2unset_client_flagzNtlmClient.unset_client_flagsN ;# GE 1Dz!((a4iL8( 00  1r;c |j|jtttt t tttgt}|tdtz }|td|jz }||jddz }|jt r|t#dz }|S|t#dz }|S)z+ Microsoft MS-NLMP 2.2.1.1 ??4d66774??2r**    6 7 +D1 1G +E2 2Gr;ct|dkry|ddtk7ryttd|dddtk7ry|j |dd\}}}td|ddd|_|jtrd nt|_ |dd |_ |j |d d \}}}t|d d|_ |jtr(|r&||||zj|j|_|jt"r|r||||z|_|j'|j$|_|j(D]|\}}|t*k(r|jd |_'|t.k(r|jd |_G|t2k(r|jd |_g|t6k(r|jd |_|t:k(r|jd |_|t>k(rW|jAtBrd |_"|jAtFrd |_$|jAtJsd |_&|tNk(rtQtd|d|_)/|tTk(r ||_+A|tXk(r|jd |_-b|t\k(r ||_/ttadyyy)z+ Microsoft MS-NLMP 2.2.1.2 8Frr#rrr utf-16-le r0T ) vdGAbM*1- .2R R151B1B72b>1R.. &tWR^ 1R..4WR^D  # #$7 8_&-.@BTWfBf&g&n&n%%''D #  # #$> ?O*12DFX[jFj*kD '&*&9&9$:U:U&VD #$($;$; 8 5 88;@<< ;TD8"889>k9RD6"667<||K7PD4"445:\\+5ND2"225:\\+5ND2(*../BC:>7../@A8<5../KLCG@,./B6$PUCVWXCY/ZD,"556;D3.016k1JD."556;D3$%6777 8ET ?r;c8|js |jsy|jtr|j tsy|j r |j s |jryt}|tdtz }d}|jrd}nd}||j||z }|t|z }|j}||j||z }|t|z }|jj!|j"}||j||z }|t|z }|j$j!|j"}||j||z }|t|z }|j t&s|j t(r$t+j!|j"}nd}||j||z }|t|z }d}||j||z }|t|z }|td|jz }|j t(r|t-dz }n |t-z }|tddz }|tddz }||z }||z }||z }||z }||z }||z }|S)z+ Microsoft MS-NLMP 2.2.1.3 FrXr;Trr)r?rArurrwr\r]rgrr#NTLM_MESSAGE_TYPE_NTLM_AUTHENTICATErZrr5compute_nt_responserCencoderirB'FLAG_NEGOTIATE_OEM_WORKSTATION_SUPPLIEDrrr3) rlrposlm_challenge_responsent_challenge_response domain_namerB workstationencrypted_random_session_keys r2create_authenticate_messagez&NtlmClient.create_authenticate_message_s ''0E0E    2 3D> s()) $ 8 8 :4??#8#>> s())&&--d.C.CD 4??;44 s;NN))$*?*?@ 4??9c22 s9~  # #$K LPTPhPh&Q(%-..t/D/DEKK4??;44 s;'*$4??#?EE s/004d3344  # #$: ; +D1 1G +- -G4a= 4a= ((((;9;//r;cBtdt|t||S)Nz? ?dM!A./2dM!A./2dM!A./23 3r;c.|rt}d}d}|sxtd|||dzd}|tvr tdtd||dz|dzd}||dz|dz|z}||dzz }|tk(rd}n|j ||f|sx|StS)NFrr)r rr"T)listrAV_TYPESr6AV_END_OF_LISTappend)infoavsdonerav_typeav_lenav_values r2rzNtlmClient.unpack_av_infos &CDC tCq'9:1=(*$%677d37C!G&<=a@aq6)9:vz!n,DJJ23 6Mr;cd}|D]A\}}|dtk(r|td|z }|tdt|z }||z }C|tdtz }|tddz }|S)Nr;rr))rrr5)rrrrs r2 pack_av_infozNtlmClient.pack_av_infos!$  GXqz^+ Dw' 'D Ds8}- -D H D   T>** T1  r;cHtdttdzdzS)Nrl!l i)rr,r r;r2pack_windows_timestampz!NtlmClient.pack_windows_timestampsD3tv;4@AAr;c|js |jsytd|_d}|t ddz }|t ddz }|t ddz }|t ddz }||j z }||jz }|t ddz }||j z }|t ddz }|j}tj||j|ztjj}||z}|S) Nr;r#r(rr)rr digestmod)rBrWr rjrrrkntowf_v2hmacnewrXhashlibmd5digest)rltempresponse_key_nt nt_proof_strrs r2rzNtlmClient.compute_nt_responses~~dnn '  T1  T1  T1  T1  ++-- %%% T1  +++ T1 --/xx1F1F1MY`YdYdelln ,t 3$$r;c|jjd}t|dk(r;t|ddk(r*t|ddk(rtj|d}n> t j d|jjdj}tj ||jj|j zjdt j" jS#t$rY} ddl m }|j |jjdj}n#t$r|wxYwYd}~d}~wwxYw) N:r rrrMD4r)rr)rWr+r5binascii unhexlifyrrrrr6 Crypto.Hashr ImportErrorrrBupperrCr)rl passpartspassword_digesters r2rzNtlmClient.ntowf_v2s5NN((- y>Q 3y|#4#:s9QO ")++eT^^5J5J;5W"X"_"_"axx$..*>*>*@4CSCS*S)[)[\g)ht{ttAHHJ J /&)ggdnn.C.CK.P&Q&X&X&ZO"G$ s*&=D E->EE( E  E((E-N)__name__ __module__ __qualname__rorurwrzrrrrrr staticmethodrrrrrrrrr;r2r=r=s-+^)FE1%1068p>@<<33* BB%(Jr;r=)F)D__doc__structrrplatformrrsocketrr rrrosr localer rr-protocol.formatters.formattersr rrrrrFLAG_NEGOTIATE_KEY_EXCHrrrFLAG_REQUEST_NOT_NT_SESSION_KEYFLAG_NEGOTIATE_IDENTIFYrFLAG_TARGET_TYPE_SERVERFLAG_TARGET_TYPE_DOMAINrr"FLAG_NEGOTIATE_OEM_DOMAIN_SUPPLIEDFLAG_NEGOTIATE_ANONYMOUSrFLAG_NEGOTIATE_LM_KEYFLAG_NEGOTIATE_DATAGRAMFLAG_NEGOTIATE_SEALFLAG_NEGOTIATE_SIGNrrrrrrrrrrrrrrrrrrrrryr3r:objectr=rr;r2r s6 $ +')LA#$ #$ &'#"$*,'*,'%'"% $(-%5%%(50&!#%!!! $+& .    $ "        ! $"-/ < ) JJJJOLs CCC