zydronium/SMBLibrary
1
0
Fork 0
mirror of https://github.com/TalAloni/SMBLibrary.git synced 2025-07-03 00:03:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

IndependentNTLMAuthenticationProvider: Compute and store SessionKey

Browse source
This commit is contained in:
Tal Aloni 2017-03-02 13:03:42 +02:00
parent 1d756498f1
commit f1d65fedd2
1 changed files with 35 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

36
SMBLibrary/Authentication/NTLM/IndependentNTLMAuthenticationProvider.cs
View file

@ -6,6 +6,7 @@
*/
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using SMBLibrary.Authentication.GSSAPI;
using Utilities;
@ -125,7 +126,6 @@ namespace SMBLibrary.Authentication.NTLM
}
authContext.UserName = message.UserName;
authContext.SessionKey = message.EncryptedRandomSessionKey;
if ((message.NegotiateFlags & NegotiateFlags.Anonymous) > 0)
{
if (this.EnableGuestLogin)
@ -155,26 +155,60 @@ namespace SMBLibrary.Authentication.NTLM
bool success;
byte[] serverChallenge = authContext.ServerChallenge;
byte[] sessionBaseKey;
byte[] keyExchangeKey = null;
if ((message.NegotiateFlags & NegotiateFlags.ExtendedSessionSecurity) > 0)
{
if (AuthenticationMessageUtils.IsNTLMv1ExtendedSecurity(message.LmChallengeResponse))
{
// NTLM v1 Extended Security:
success = AuthenticateV1Extended(password, serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
if (success)
{
// https://msdn.microsoft.com/en-us/library/cc236699.aspx
sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password));
byte[] lmowf = NTLMCryptography.LMOWFv1(password);
keyExchangeKey = NTLMCryptography.KXKey(sessionBaseKey, message.NegotiateFlags, message.LmChallengeResponse, serverChallenge, lmowf);
}
}
else
{
// NTLM v2:
success = AuthenticateV2(message.DomainName, message.UserName, password, serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
if (success)
{
// https://msdn.microsoft.com/en-us/library/cc236700.aspx
byte[] responseKeyNT = NTLMCryptography.NTOWFv2(password, message.UserName, message.DomainName);
byte[] ntProofStr = ByteReader.ReadBytes(message.NtChallengeResponse, 0, 16);
sessionBaseKey = new HMACMD5(responseKeyNT).ComputeHash(ntProofStr);
keyExchangeKey = sessionBaseKey;
}
}
}
else
{
success = AuthenticateV1(password, serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
if (success)
{
// https://msdn.microsoft.com/en-us/library/cc236699.aspx
sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password));
byte[] lmowf = NTLMCryptography.LMOWFv1(password);
keyExchangeKey = NTLMCryptography.KXKey(sessionBaseKey, message.NegotiateFlags, message.LmChallengeResponse, serverChallenge, lmowf);
}
}
if (success)
{
// https://msdn.microsoft.com/en-us/library/cc236676.aspx
// https://blogs.msdn.microsoft.com/openspecification/2010/04/19/ntlm-keys-and-sundry-stuff/
if ((message.NegotiateFlags & NegotiateFlags.KeyExchange) > 0)
{
authContext.SessionKey = RC4.Decrypt(keyExchangeKey, message.EncryptedRandomSessionKey);
}
else
{
authContext.SessionKey = keyExchangeKey;
}
return NTStatus.STATUS_SUCCESS;
}
else