From 1e2f284e97f31b4f7bab12c74531b9b1441c0f34 Mon Sep 17 00:00:00 2001 From: citronneur Date: Tue, 24 Feb 2015 22:35:16 +0100 Subject: [PATCH] Parse chanllenge response from server --- rdpy/core/layer.py | 2 +- rdpy/protocol/rdp/nla/cssp.py | 8 ++++++-- rdpy/protocol/rdp/nla/ntlm.py | 5 +++-- rdpy/protocol/rdp/tpkt.py | 6 +++++- rdpy/security/x509.py | 7 ++----- 5 files changed, 17 insertions(+), 11 deletions(-) diff --git a/rdpy/core/layer.py b/rdpy/core/layer.py index 6331d8d..bc0cf5f 100644 --- a/rdpy/core/layer.py +++ b/rdpy/core/layer.py @@ -137,7 +137,7 @@ class RawLayerClientFactory(protocol.ClientFactory): """ raise CallPureVirtualFuntion("%s:%s defined by interface %s"%(self.__class__, "connectionLost", "RawLayerClientFactory")) -class RawLayerServerFactory(protocol.ClientFactory): +class RawLayerServerFactory(protocol.ServerFactory): """ @summary: Abstract class for Raw layer server factory """ diff --git a/rdpy/protocol/rdp/nla/cssp.py b/rdpy/protocol/rdp/nla/cssp.py index be2aa9c..c3fa547 100644 --- a/rdpy/protocol/rdp/nla/cssp.py +++ b/rdpy/protocol/rdp/nla/cssp.py @@ -125,5 +125,9 @@ def decodeDERTRequest(s): @summary: Decode the stream as @param s: {Stream} """ - tRequest = decoder.decode(s.getvalue(), asn1Spec=TSRequest()) - print tRequest \ No newline at end of file + tRequest = decoder.decode(s.getvalue(), asn1Spec=TSRequest())[0] + negoData = tRequest.getComponentByName("negoTokens") + + result = [Stream(negoData.getComponentByPosition(i).getComponentByPosition(0).asOctets()) for i in range(len(negoData))] + + return result \ No newline at end of file diff --git a/rdpy/protocol/rdp/nla/ntlm.py b/rdpy/protocol/rdp/nla/ntlm.py index 759fb0f..832b2a8 100644 --- a/rdpy/protocol/rdp/nla/ntlm.py +++ b/rdpy/protocol/rdp/nla/ntlm.py @@ -94,7 +94,7 @@ class NegotiateMessage(CompositeType): """ def __init__(self): CompositeType.__init__(self) - self.Signature = String("NTLMSSP\x00", constant = True) + self.Signature = String("NTLMSSP\x00", readLen = CallableValue(8), constant = True) self.MessageType = UInt32Le(0x00000001, constant = True) self.NegotiateFlags = UInt32Le(Negotiate.NTLMSSP_NEGOTIATE_KEY_EXCH | @@ -105,6 +105,7 @@ class NegotiateMessage(CompositeType): Negotiate.NTLMSSP_NEGOTIATE_SIGN | Negotiate.NTLMSSP_NEGOTIATE_SEAL | Negotiate.NTLMSSP_REQUEST_TARGET | + Negotiate.NTLMSSP_NEGOTIATE_VERSION | Negotiate.NTLMSSP_NEGOTIATE_UNICODE) self.DomainNameLen = UInt16Le() @@ -126,7 +127,7 @@ class ChallengeMessage(CompositeType): """ def __init__(self): CompositeType.__init__(self) - self.Signature = String("NTLMSSP\x00", constant = True) + self.Signature = String("NTLMSSP\x00", readLen = CallableValue(8), constant = True) self.MessageType = UInt32Le(0x00000002, constant = True) self.TargetNameLen = UInt16Le() diff --git a/rdpy/protocol/rdp/tpkt.py b/rdpy/protocol/rdp/tpkt.py index 25355cd..1777ae6 100644 --- a/rdpy/protocol/rdp/tpkt.py +++ b/rdpy/protocol/rdp/tpkt.py @@ -230,5 +230,9 @@ class TPKT(RawLayer, IFastPathSender): def readNTLMChallenge(self, data): """ @summary: server NTLM challenge + @param data: {Stream} """ - print "toto" \ No newline at end of file + s = cssp.decodeDERTRequest(data) + challenge = ntlm.ChallengeMessage() + s[0].readType(challenge) + print challenge.ServerChallenge.value \ No newline at end of file diff --git a/rdpy/security/x509.py b/rdpy/security/x509.py index b8a0239..881bc67 100644 --- a/rdpy/security/x509.py +++ b/rdpy/security/x509.py @@ -148,11 +148,8 @@ def extractRSAKey(certificate): """ #http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html - #extract binary data - l = 0L - for b in certificate.getComponentByName('tbsCertificate').getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey'): - l = (l << 1) | b - + binaryTuple = certificate.getComponentByName('tbsCertificate').getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey') + l = int("".join([str(i) for i in binaryTuple]), 2) rsaKey = decoder.decode(hex(l)[2:-1].decode('hex'), asn1Spec=RSAPublicKey())[0] return rsaKey.getComponentByName('modulus')._value , rsaKey.getComponentByName('publicExponent')._value