dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This adds pass-the-hash support from grutz. 

git-svn-id: file:///home/svn/framework3/trunk@4890 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
HD Moore 2007-05-09 12:39:29 +00:00
parent f92b7dd466
commit e8c5c53e4b
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/rex/proto/smb/client.rb
View File

@ -568,8 +568,13 @@ EVADE = Rex::Proto::SMB::Evasions
raise XCEPT::NTLM1MissingChallenge if not self.challenge_key raise XCEPT::NTLM1MissingChallenge if not self.challenge_key
hash_lm = pass.length > 0 ? CRYPT.lanman_des(pass, self.challenge_key) : '' if (pass.length == 65)
hash_nt = pass.length > 0 ? CRYPT.ntlm_md4(pass, self.challenge_key) : '' hash_lm = CRYPT.e_p24( [ pass.upcase()[0,32] ].pack('H42'), self.challenge_key)
hash_nt = CRPYT.e_p24( [ pass.upcase()[33,65] ].pack('H42'), self.challenge_key)
else
hash_lm = pass.length > 0 ? CRYPT.lanman_des(pass, self.challenge_key) : ''
hash_nt = pass.length > 0 ? CRYPT.ntlm_md4(pass, self.challenge_key) : ''
end
data = '' data = ''
data << hash_lm data << hash_lm
@ -690,7 +695,11 @@ EVADE = Rex::Proto::SMB::Evasions
nonce = CRYPT.md5_hash(self.challenge_key + client_challenge) nonce = CRYPT.md5_hash(self.challenge_key + client_challenge)
# Generate the NTLM hash # Generate the NTLM hash
resp_ntlm = CRYPT.ntlm_md4(pass, nonce[0, 8]) if (pass.length == 65)
resp_ntlm = CRYPT.e_p24( [ pass.upcase()[33,65] ].pack('H42'), nonce[0, 8])
else
resp_ntlm = CRYPT.ntlm_md4(pass, nonce[0, 8])
end
# Generate the fake LANMAN hash # Generate the fake LANMAN hash
resp_lmv2 = client_challenge + ("\x00" * 16) resp_lmv2 = client_challenge + ("\x00" * 16)