This adds pass-the-hash support from grutz.
git-svn-id: file:///home/svn/framework3/trunk@4890 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
f92b7dd466
commit
e8c5c53e4b
|
@ -568,8 +568,13 @@ EVADE = Rex::Proto::SMB::Evasions
|
||||||
|
|
||||||
raise XCEPT::NTLM1MissingChallenge if not self.challenge_key
|
raise XCEPT::NTLM1MissingChallenge if not self.challenge_key
|
||||||
|
|
||||||
hash_lm = pass.length > 0 ? CRYPT.lanman_des(pass, self.challenge_key) : ''
|
if (pass.length == 65)
|
||||||
hash_nt = pass.length > 0 ? CRYPT.ntlm_md4(pass, self.challenge_key) : ''
|
hash_lm = CRYPT.e_p24( [ pass.upcase()[0,32] ].pack('H42'), self.challenge_key)
|
||||||
|
hash_nt = CRPYT.e_p24( [ pass.upcase()[33,65] ].pack('H42'), self.challenge_key)
|
||||||
|
else
|
||||||
|
hash_lm = pass.length > 0 ? CRYPT.lanman_des(pass, self.challenge_key) : ''
|
||||||
|
hash_nt = pass.length > 0 ? CRYPT.ntlm_md4(pass, self.challenge_key) : ''
|
||||||
|
end
|
||||||
|
|
||||||
data = ''
|
data = ''
|
||||||
data << hash_lm
|
data << hash_lm
|
||||||
|
@ -690,7 +695,11 @@ EVADE = Rex::Proto::SMB::Evasions
|
||||||
nonce = CRYPT.md5_hash(self.challenge_key + client_challenge)
|
nonce = CRYPT.md5_hash(self.challenge_key + client_challenge)
|
||||||
|
|
||||||
# Generate the NTLM hash
|
# Generate the NTLM hash
|
||||||
resp_ntlm = CRYPT.ntlm_md4(pass, nonce[0, 8])
|
if (pass.length == 65)
|
||||||
|
resp_ntlm = CRYPT.e_p24( [ pass.upcase()[33,65] ].pack('H42'), nonce[0, 8])
|
||||||
|
else
|
||||||
|
resp_ntlm = CRYPT.ntlm_md4(pass, nonce[0, 8])
|
||||||
|
end
|
||||||
|
|
||||||
# Generate the fake LANMAN hash
|
# Generate the fake LANMAN hash
|
||||||
resp_lmv2 = client_challenge + ("\x00" * 16)
|
resp_lmv2 = client_challenge + ("\x00" * 16)
|
||||||
|
|
Loading…
Reference in New Issue