ntlmssp

package module
v1.2.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2021 License: MPL-2.0 Imports: 16 Imported by: 0

README

NTLMSSP

Windows NTLMSSP library written in Go.

This library has very few wrapper and error handling. Read source code and make sure you understand the Windows NTLM before using this library.

Usage

Parse binary
bs, _ := base64.StdEncoding.DecodeString("TlRMTVNTUAADAAAAGAAYAFAAAAAwADAAaAAAAAYABgBKAAAACgAKAEAAAAAAAAAAAAAAAAAAAAAAAAAABTCJoGEAZABtAGkAbgBMAEEAQgDKWtAQahWyLGUi6N0I3Y89TQ//e2QL4SPYLBXpg00OEIk5edtauBUdAQEAAAAAAAArN+A/oD/WAQRU5zwV4quKAAAAAAAAAAA=")
type3 := ntlmssp.NewAuthenticateMsg(bs)
type3.Display()

OUTPUT:

Authenticate Message (type3)
Signature: [78 84 76 77 83 83 80 0] (NTLMSSP)
MessageType: 3
Response Version: NTLMv2
LmChallengeResponse: ca5ad0106a15b22c6522e8dd08dd8f3d4d0fff7b640be123
    (Len: 24  Offset: 80)
NtChallengeResponse: d82c15e9834d0e10893979db5ab8151d01010000000000002b37e03fa03fd6010454e73c15e2ab8a0000000000000000
    (Len: 48  offset: 104)
    Response: d82c15e9834d0e10893979db5ab8151d
    NTLMv2ClientChallenge:
      ChallengeFromClient: 0454e73c15e2ab8a
      RespType: 1
      HiRespType: 1
      TimeStamp: 132363196552984363
      AVPair:
DomainName: LAB
    (Len: 6  Offset: 74)
UserName: admin
    (Len: 10  Offset: 64)
Workstation:
    (Len: 0  Offset: 0)
EncryptedRandomSessionKey: []
    (Len: 0  Offset: 0)
1... .... .... .... .... .... .... ....   NEGOTIATE_56BIT_ENCRYPTION: Set
.0.. .... .... .... .... .... .... ....   NEGOTIATE_EXPLICIT_KEY_EXCHANGE: Not set
..1. .... .... .... .... .... .... ....   NEGOTIATE_128BIT_SESSION_KEY: Set
...0 .... .... .... .... .... .... ....   NEGOTIATE_R1_UNUSED: Not set
.... 0... .... .... .... .... .... ....   NEGOTIATE_R2_UNUSED: Not set
.... .0.. .... .... .... .... .... ....   NEGOTIATE_R3_UNUSED: Not set
.... ..0. .... .... .... .... .... ....   NEGOTIATE_VERSION: Not set
.... ...0 .... .... .... .... .... ....   NEGOTIATE_R4_UNUSED: Not set
.... .... 1... .... .... .... .... ....   NEGOTIATE_REQUEST_TARGET_INFO: Set
.... .... .0.. .... .... .... .... ....   NEGOTIATE_REQUEST_NON_NT_SESSION_KEY: Not set
.... .... ..0. .... .... .... .... ....   NEGOTIATE_R5_UNUSED: Not set
.... .... ...0 .... .... .... .... ....   NEGOTIATE_IDENTITY_LEVEL_TOKEN: Not set
.... .... .... 1... .... .... .... ....   NEGOTIATE_EXTENDED_SESSION_SECURITY: Set
.... .... .... .0.. .... .... .... ....   NEGOTIATE_R6_UNUSED: Not set
.... .... .... ..0. .... .... .... ....   NEGOTIATE_TARGET_TYPE_SERVER: Not set
.... .... .... ...1 .... .... .... ....   NEGOTIATE_TARGET_TYPE_DOMAIN: Set
.... .... .... .... 0... .... .... ....   NEGOTIATE_ALWAYS_SIGN: Not set
.... .... .... .... .0.. .... .... ....   NEGOTIATE_R7_UNUSED: Not set
.... .... .... .... ..1. .... .... ....   NEGOTIATE_OEM_WORKSTATION_SUPPLIED: Set
.... .... .... .... ...1 .... .... ....   NEGOTIATE_OEM_DOMAIN_SUPPLIED: Set
.... .... .... .... .... 0... .... ....   NEGOTIATE_ANONYMOUS: Not set
.... .... .... .... .... .0.. .... ....   NEGOTIATE_R8_UNUSED: Not set
.... .... .... .... .... ..0. .... ....   NEGOTIATE_NTLM: Not set
.... .... .... .... .... ...0 .... ....   NEGOTIATE_R9_UNUSED: Not set
.... .... .... .... .... .... 0... ....   NEGOTIATE_LM_SESSION_KEY: Not set
.... .... .... .... .... .... .0.. ....   NEGOTIATE_DATAGRAM_CONNECTIONLESS: Not set
.... .... .... .... .... .... ..0. ....   NEGOTIATE_SEAL: Not set
.... .... .... .... .... .... ...0 ....   NEGOTIATE_SIGN: Not set
.... .... .... .... .... .... .... 0...   NEGOTIATE_R10_UNUSED: Not set
.... .... .... .... .... .... .... .1..   NEGOTIATE_REQUEST_TARGET_NAME: Set
.... .... .... .... .... .... .... ..0.   NEGOTIATE_OEM_CHARSET: Not set
.... .... .... .... .... .... .... ...1   NEGOTIATE_UNICODE_CHARSET: Set
Generate NTLM message
type2 := ntlmssp.NewChallengeMsg(nil)
type2.NegotiateFlags |= ntlmssp.NEGOTIATE_56BIT_ENCRYPTION |
    ntlmssp.NEGOTIATE_128BIT_SESSION_KEY |
    ntlmssp.NEGOTIATE_EXTENDED_SESSION_SECURITY |
    ntlmssp.NEGOTIATE_UNICODE_CHARSET
type2.SetTargetName([]byte("SMB"))
type2.SetServerChallenge([]byte("\x00\x11\x22\x33\x44\x55\x66\x77"))
type2.SetTargetInfo(map[string]interface{}{
    "MsvAvNbComputerName":  "WIN-123456",
    "MsvAvNbDomainName":    "XYZ.LAB",
    "MsvAvDnsComputerName": "DC$",
    "MsvAvDnsDomainName":   "XYZ.LAB",
})
fmt.Println(type2.Marshal('<'))

OUTPUT:

[78 84 76 77 83 83 80 0 2 0 0 0 6 0 6 0 48 0 0 0 1 0 136 160 0 17 34 51 68 85 102 119 0 0 0 0 0 0 0 0 74 0 74 0 54 0 0 0 83 0 77 0 66 0 1 0 20 0 87 0 73 0 78 0 45 0 49 0 50 0 51 0 52 0 53 0 54 0 2 0 14 0 88 0 89 0 90 0 46 0 76 0 65 0 66 0 3 0 6 0 68 0 67 0 36 0 4 0 14 0 88 0 89 0 90 0 46 0 76 0 65 0 66 0 0 0 0 0]

Example

Reference documents

Documentation

Overview

https://github.com/abourget/go-ntlm/blob/a646d3be748182fe82483c3c76c1b566f3927d37/ntlm/version.go#L19

Index

Constants

View Source 
const (
	NEGOTIATE_56BIT_ENCRYPTION           = 0x80000000
	NEGOTIATE_EXPLICIT_KEY_EXCHANGE      = 0x40000000
	NEGOTIATE_128BIT_SESSION_KEY         = 0x20000000
	NEGOTIATE_R1_UNUSED                  = 0x10000000
	NEGOTIATE_R2_UNUSED                  = 0x8000000
	NEGOTIATE_R3_UNUSED                  = 0x4000000
	NEGOTIATE_VERSION                    = 0x2000000
	NEGOTIATE_R4_UNUSED                  = 0x1000000
	NEGOTIATE_TARGET_INFO                = 0x800000
	NEGOTIATE_REQUEST_NON_NT_SESSION_KEY = 0x400000
	NEGOTIATE_R5_UNUSED                  = 0x200000
	NEGOTIATE_IDENTITY_LEVEL_TOKEN       = 0x100000
	NEGOTIATE_EXTENDED_SESSION_SECURITY  = 0x80000
	NEGOTIATE_R6_UNUSED                  = 0x40000
	NEGOTIATE_TARGET_TYPE_SERVER         = 0x20000
	NEGOTIATE_TARGET_TYPE_DOMAIN         = 0x10000
	NEGOTIATE_ALWAYS_SIGN                = 0x8000
	NEGOTIATE_R7_UNUSED                  = 0x4000
	NEGOTIATE_OEM_WORKSTATION_SUPPLIED   = 0x2000
	NEGOTIATE_OEM_DOMAIN_SUPPLIED        = 0x1000
	NEGOTIATE_ANONYMOUS                  = 0x800
	NEGOTIATE_R8_UNUSED                  = 0x400
	NEGOTIATE_NTLM                       = 0x200
	NEGOTIATE_R9_UNUSED                  = 0x100
	NEGOTIATE_LM_SESSION_KEY             = 0x80
	NEGOTIATE_DATAGRAM_CONNECTIONLESS    = 0x40
	NEGOTIATE_SEAL                       = 0x20
	NEGOTIATE_SIGN                       = 0x10
	NEGOTIATE_R10_UNUSED                 = 0x8
	NEGOTIATE_REQUEST_TARGET_NAME        = 0x4
	NEGOTIATE_OEM_CHARSET                = 0x2
	NEGOTIATE_UNICODE_CHARSET            = 0x1
)
View Source 
const AuthenticateMsgPayloadOffset = 64
View Source 
const ChallengeMsgPayloadOffset = 48
View Source 
const (
	LmSalt = "KGS!@#$%"
)
View Source 
const NegotiateMsgPayloadOffset = 32

Variables

This section is empty.

Functions

func ComputeLMResponse 

func ComputeLMResponse(challenge []byte, lmhash []byte) []byte

func ComputeLMv2Response 

func ComputeLMv2Response(challenge []byte, usernameWithDomainOrServer []byte, nthash []byte, clientNonce []byte) []byte

func ComputeNTLMv1Response 

func ComputeNTLMv1Response(challenge []byte, nthash []byte) []byte

func ComputeNTLMv2Response 

func ComputeNTLMv2Response(challenge []byte, usernameWithDomainOrServer []byte, nthash []byte, clientChallenge []byte) []byte

func ComputeNTLMv2SessionResponse 

func ComputeNTLMv2SessionResponse(challenge []byte, clientNonce []byte, nthash []byte) []byte

func DisplayNegotiateFlags 

func DisplayNegotiateFlags(ui uint32)

func LmHash 

func LmHash(pwd []byte) []byte

func NtHash 

func NtHash(pwd []byte) []byte

func ParseAVPair 

func ParseAVPair(bs []byte) map[string]interface{}

func ParseNegotiateFlags 

func ParseNegotiateFlags(ui uint32) *[32][2]string

Types

type AVPair 

type AVPair struct {
	AvId  uint16
	AvLen uint16
}

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/83f5e789-660d-4781-8491-5f8c6641f75e

type AnonymousResponse 

type AnonymousResponse struct {
}

type AuthenticateMsg 

type AuthenticateMsg struct {
	Signature   [8]byte
	MessageType uint32

	LmChallengeResponseLen          uint16
	LmChallengeResponseMaxLen       uint16
	LmChallengeResponseBufferOffset uint32

	NtChallengeResponseLen          uint16
	NtChallengeResponseMaxLen       uint16
	NtChallengeResponseBufferOffset uint32

	DomainNameLen          uint16
	DomainNameMaxLen       uint16
	DomainNameBufferOffset uint32

	UserNameLen          uint16
	UserNameMaxLen       uint16
	UserNameBufferOffset uint32

	WorkstationLen          uint16
	WorkstationMaxLen       uint16
	WorkstationBufferOffset uint32

	EncryptedRandomSessionKeyLen          uint16
	EncryptedRandomSessionKeyMaxLen       uint16
	EncryptedRandomSessionKeyBufferOffset uint32

	NegotiateFlags uint32

	// The MIC field is omitted in Windows NT, Windows 2000, Windows XP, and Windows Server 2003.
	// MIC     [16]byte
	Payload []byte
	// contains filtered or unexported fields
}

func NewAuthenticateMsg 

func NewAuthenticateMsg(bs []byte) *AuthenticateMsg

func (AuthenticateMsg) Display 

func (am AuthenticateMsg) Display()

func (AuthenticateMsg) DomainName 

func (am AuthenticateMsg) DomainName() string

func (AuthenticateMsg) DomainNameBytes 

func (am AuthenticateMsg) DomainNameBytes() []byte

func (AuthenticateMsg) EncryptedRandomSessionKey 

func (am AuthenticateMsg) EncryptedRandomSessionKey() []byte

func (AuthenticateMsg) LmChallengeResponse 

func (am AuthenticateMsg) LmChallengeResponse() []byte

func (AuthenticateMsg) Marshal 

func (am AuthenticateMsg) Marshal(endian byte) []byte

func (AuthenticateMsg) NtChallengeResponse 

func (am AuthenticateMsg) NtChallengeResponse() interface{}

func (AuthenticateMsg) NtChallengeResponseBytes 

func (am AuthenticateMsg) NtChallengeResponseBytes() []byte

func (*AuthenticateMsg) Reset 

func (am *AuthenticateMsg) Reset()

func (*AuthenticateMsg) SetDomainName 

func (am *AuthenticateMsg) SetDomainName(dname []byte)

func (*AuthenticateMsg) SetLmResponse 

func (am *AuthenticateMsg) SetLmResponse(version int, challenge []byte, pwd []byte)

func (*AuthenticateMsg) SetNTLMResponse 

func (am *AuthenticateMsg) SetNTLMResponse(version int, challenge []byte, pwd []byte)

func (*AuthenticateMsg) SetNtResponse 

func (am *AuthenticateMsg) SetNtResponse(version int, challenge []byte, pwd []byte)

func (*AuthenticateMsg) SetUserName 

func (am *AuthenticateMsg) SetUserName(uname []byte)

func (*AuthenticateMsg) SetWorkstation 

func (am *AuthenticateMsg) SetWorkstation(ws []byte)

func (*AuthenticateMsg) UnMarshal 

func (am *AuthenticateMsg) UnMarshal(bs []byte)

func (AuthenticateMsg) UserName 

func (am AuthenticateMsg) UserName() string

func (AuthenticateMsg) UserNameBytes 

func (am AuthenticateMsg) UserNameBytes() []byte

func (AuthenticateMsg) Version 

func (am AuthenticateMsg) Version() []byte

func (AuthenticateMsg) Workstation 

func (am AuthenticateMsg) Workstation() string

func (AuthenticateMsg) WorkstationBytes 

func (am AuthenticateMsg) WorkstationBytes() []byte

type AvPair 

type AvPair struct {
	AvId  AvPairType
	AvLen uint16
	Value []byte
}

AvPair as described by MS-NLMP

func ReadAvPair 

func ReadAvPair(data []byte, offset int) *AvPair

func (*AvPair) Bytes 

func (a *AvPair) Bytes() (result []byte)

func (*AvPair) String 

func (a *AvPair) String() string

func (*AvPair) UnicodeStringValue 

func (a *AvPair) UnicodeStringValue() string

type AvPairType 

type AvPairType uint16
const (
	// Indicates that this is the last AV_PAIR in the list. AvLen MUST be 0. This type of information MUST be present in the AV pair list.
	MsvAvEOL AvPairType = iota
	// The server's NetBIOS computer name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
	MsvAvNbComputerName
	// The server's NetBIOS domain name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
	MsvAvNbDomainName
	// The fully qualified domain name (FQDN (1)) of the computer. The name MUST be in Unicode, and is not null-terminated.
	MsvAvDnsComputerName
	// The FQDN (2) of the domain. The name MUST be in Unicode, and is not null-terminate.
	MsvAvDnsDomainName
	// The FQDN (2) of the forest. The name MUST be in Unicode, and is not null-terminated.<11>
	MsvAvDnsTreeName
	// A 32-bit value indicating server or client configuration.
	// 0x00000001: indicates to the client that the account authentication is constrained.
	// 0x00000002: indicates that the client is providing message integrity in the MIC field (section 2.2.1.3) in the AUTHENTICATE_MESSAGE.<12>
	// 0x00000004: indicates that the client is providing a target SPN generated from an untrusted source.<13>
	MsvAvFlags
	// A FILETIME structure ([MS-DTYP] section 2.3.1) in little-endian byte order that contains the server local time.<14>
	MsvAvTimestamp
	//A Restriction_Encoding (section 2.2.2.2) structure. The Value field contains a structure representing the integrity level of the security principal, as well as a MachineID created at computer startup to identify the calling machine.<15>
	MsAvRestrictions
	// The SPN of the target server. The name MUST be in Unicode and is not null-terminated.<16>
	MsvAvTargetName
	// annel bindings hash. The Value field contains an MD5 hash ([RFC4121] section 4.1.1.2) of a gss_channel_bindings_struct ([RFC2744] section 3.11).
	// An all-zero value of the hash is used to indicate absence of channel bindings.<17>
	MsvChannelBindings
)

MS-NLMP - 2.2.2.1 AV_PAIR

type AvPairs 

type AvPairs struct {
	List []AvPair
}

Helper struct that contains a list of AvPairs with helper methods for running through them

func ReadAvPairs 

func ReadAvPairs(data []byte) *AvPairs

func (*AvPairs) AddAvPair 

func (p *AvPairs) AddAvPair(avId AvPairType, bytes []byte)

func (*AvPairs) ByteValue 

func (p *AvPairs) ByteValue(avType AvPairType) (result []byte)

func (*AvPairs) Bytes 

func (p *AvPairs) Bytes() (result []byte)

func (*AvPairs) Find 

func (p *AvPairs) Find(avType AvPairType) (result *AvPair)

func (*AvPairs) String 

func (p *AvPairs) String() string

func (*AvPairs) StringValue 

func (p *AvPairs) StringValue(avType AvPairType) (result string)

type ChallengeMsg 

type ChallengeMsg struct {
	Signature   [8]byte
	MessageType uint32

	TargetNameLen          uint16
	TargetNameMaxLen       uint16
	TargetNameBufferOffset uint32

	NegotiateFlags  uint32
	ServerChallenge [8]byte
	Reserved        [8]byte

	TargetInfoLen          uint16
	TargetInfoMaxLen       uint16
	TargetInfoBufferOffset uint32

	// Version is variable, saved in Payload field
	// Version [8]byte
	Payload []byte
	// contains filtered or unexported fields
}

func NewChallengeMsg 

func NewChallengeMsg(bs []byte) *ChallengeMsg

func (ChallengeMsg) Display 

func (cm ChallengeMsg) Display()

func (ChallengeMsg) Marshal 

func (cm ChallengeMsg) Marshal(endian byte) []byte

func (*ChallengeMsg) Reset 

func (cm *ChallengeMsg) Reset()

func (*ChallengeMsg) SetServerChallenge 

func (cm *ChallengeMsg) SetServerChallenge(challenge []byte)

func (*ChallengeMsg) SetTargetInfo 

func (cm *ChallengeMsg) SetTargetInfo(tinfo map[string]interface{})

func (*ChallengeMsg) SetTargetName 

func (cm *ChallengeMsg) SetTargetName(tname []byte)

func (*ChallengeMsg) String 

func (cm *ChallengeMsg) String(bs []byte) string

func (ChallengeMsg) TargetInfo 

func (cm ChallengeMsg) TargetInfo() []byte

func (ChallengeMsg) TargetName 

func (cm ChallengeMsg) TargetName() string

func (*ChallengeMsg) UnMarshal 

func (cm *ChallengeMsg) UnMarshal(bs []byte)

func (ChallengeMsg) Version 

func (cm ChallengeMsg) Version() []byte

type LMResponse 

type LMResponse struct {
	Response [24]byte
}

type LMv2Response 

type LMv2Response struct {
	Response            [16]byte
	ChallengeFromClient [8]byte
}

type NTLMResponse 

type NTLMResponse struct {
	Response [24]byte
}

type NTLMv2ClientChallenge 

type NTLMv2ClientChallenge struct {
	RespType            byte
	HiRespType          byte
	Reserved1           uint16
	Reserved2           uint32
	TimeStamp           uint64
	ChallengeFromClient [8]byte
	Reserved3           uint32
	AVPair              map[string]interface{}
}

func (NTLMv2ClientChallenge) Marshal 

func (cc NTLMv2ClientChallenge) Marshal() []byte

type NTLMv2Response 

type NTLMv2Response struct {
	Response        [16]byte
	ClientChallenge NTLMv2ClientChallenge
}

func ParseNTLMv2Response 

func ParseNTLMv2Response(bs []byte) *NTLMv2Response

type NTLMv2SessionResponse 

type NTLMv2SessionResponse struct {
	Response [24]byte
}

type NegotiateMsg 

type NegotiateMsg struct {
	Signature      [8]byte
	MessageType    uint32
	NegotiateFlags uint32

	DomainNameLen          uint16
	DomainNameMaxLen       uint16
	DomainNameBufferOffset uint32

	WorkstationLen          uint16
	WorkstationMaxLen       uint16
	WorkstationBufferOffset uint32

	// Version is variable, saved in Payload field
	// Version [8]byte
	Payload []byte
	// contains filtered or unexported fields
}

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/

func NewNegotiateMsg 

func NewNegotiateMsg(bs []byte) *NegotiateMsg

func (NegotiateMsg) Display 

func (nm NegotiateMsg) Display()

func (NegotiateMsg) DomainName 

func (nm NegotiateMsg) DomainName() string

Must be OEM charset

func (NegotiateMsg) Marshal 

func (nm NegotiateMsg) Marshal(endian byte) []byte

func (*NegotiateMsg) Reset 

func (nm *NegotiateMsg) Reset()

func (*NegotiateMsg) SetDomainName 

func (nm *NegotiateMsg) SetDomainName(dname []byte)

func (*NegotiateMsg) SetWorkstation 

func (nm *NegotiateMsg) SetWorkstation(ws []byte)

func (*NegotiateMsg) UnMarshal 

func (nm *NegotiateMsg) UnMarshal(bs []byte)

func (NegotiateMsg) Version 

func (nm NegotiateMsg) Version() []byte

func (NegotiateMsg) Workstation 

func (nm NegotiateMsg) Workstation() string

Must be OEM charset

type VersionStruct 

type VersionStruct struct {
	ProductMajorVersion uint8
	ProductMinorVersion uint8
	ProductBuild        uint16
	Reserved            []byte
	NTLMRevisionCurrent uint8
}

func ReadVersionStruct 

func ReadVersionStruct(structSource []byte) (*VersionStruct, error)

func (*VersionStruct) Bytes 

func (v *VersionStruct) Bytes() []byte

func (*VersionStruct) String 

func (v *VersionStruct) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.