Codebase list pysmb / 4e698d1
Remove dependency on pycrypto and use our own implementation of RC4 cipher Michael Teo 3 years ago
5 changed file(s) with 55 addition(s) and 13 deletion(s). Raw diff Collapse all Expand all
+2
-3
python2/smb/ntlm.py less more
00
11 import types, hmac, binascii, struct, random, string
2 from Crypto.Cipher import ARC4
2 from .utils.rc4 import RC4_encrypt
33 from utils.pyDes import des
44
55 try:
9494 # http://grutz.jingojango.net/exploits/davenport-ntlm.html
9595 session_key = session_signing_key = request_session_key
9696 if challenge_flags & NTLM_NegotiateKeyExchange:
97 cipher = ARC4.new(request_session_key)
9897 session_signing_key = "".join([ random.choice(string.digits+string.ascii_letters) for _ in range(16) ]).encode('ascii')
99 session_key = cipher.encrypt(session_signing_key)
98 session_key = RC4_encrypt(request_session_key, session_signing_key)
10099
101100 lm_response_length = len(lm_response)
102101 lm_response_offset = FORMAT_SIZE
+22
-0
python2/smb/utils/rc4.py less more
0
1 def RC4_encrypt(key, data):
2 S = list(range(256))
3 j = 0
4
5 key_len = len(key)
6 for i in list(range(256)):
7 j = (j + S[i] + ord(key[i % key_len])) % 256
8 S[i], S[j] = S[j], S[i]
9
10 j = 0
11 y = 0
12 out = []
13
14 for char in data:
15 j = (j + 1) % 256
16 y = (y + S[j]) % 256
17 S[j], S[y] = S[y], S[j]
18
19 out.append(chr(ord(char) ^ S[(S[j] + S[y]) % 256]))
20
21 return ''.join(out)
+7
-7
python3/smb/base.py less more
19041904 self.log.info('Performing NTLMv1 authentication (with extended security) with server challenge "%s"', binascii.hexlify(server_challenge))
19051905 nt_challenge_response, lm_challenge_response, session_key = ntlm.generateChallengeResponseV1(self.password, server_challenge, True)
19061906
1907 ntlm_data, signing_session_key = ntlm.generateAuthenticateMessage(server_flags,
1908 nt_challenge_response,
1909 lm_challenge_response,
1910 session_key,
1911 self.username,
1912 self.domain,
1913 self.my_name)
1907 ntlm_data, signing_session_key = ntlm.generateAuthenticateMessage(server_flags,
1908 nt_challenge_response,
1909 lm_challenge_response,
1910 session_key,
1911 self.username,
1912 self.domain,
1913 self.my_name)
19141914
19151915 if self.log.isEnabledFor(logging.DEBUG):
19161916 self.log.debug('NT challenge response is "%s" (%d bytes)', binascii.hexlify(nt_challenge_response), len(nt_challenge_response))
+2
-3
python3/smb/ntlm.py less more
00
11 import types, hmac, binascii, struct, random, string
2 from Crypto.Cipher import ARC4
2 from .utils.rc4 import RC4_encrypt
33 from .utils.pyDes import des
44
55 try:
9494 # http://grutz.jingojango.net/exploits/davenport-ntlm.html
9595 session_key = session_signing_key = request_session_key
9696 if challenge_flags & NTLM_NegotiateKeyExchange:
97 cipher = ARC4.new(request_session_key)
9897 session_signing_key = "".join([ random.choice(string.digits+string.ascii_letters) for _ in range(16) ]).encode('ascii')
99 session_key = cipher.encrypt(session_signing_key)
98 session_key = RC4_encrypt(request_session_key, session_signing_key)
10099
101100 lm_response_length = len(lm_response)
102101 lm_response_offset = FORMAT_SIZE
+22
-0
python3/smb/utils/rc4.py less more
0
1 def RC4_encrypt(key, data):
2 S = list(range(256))
3 j = 0
4
5 key_len = len(key)
6 for i in list(range(256)):
7 j = (j + S[i] + key[i % key_len]) % 256
8 S[i], S[j] = S[j], S[i]
9
10 j = 0
11 y = 0
12 out = []
13
14 for char in data:
15 j = (j + 1) % 256
16 y = (y + S[j]) % 256
17 S[j], S[y] = S[y], S[j]
18
19 out.append(char ^ S[(S[j] + S[y]) % 256])
20
21 return bytes(out)