From 98494d0e73234bba231f1c130f039040963b9508 Mon Sep 17 00:00:00 2001
From: speyrefitte <citronneur@gmail.com>
Date: Tue, 3 Mar 2015 18:27:45 +0100
Subject: [PATCH] try to understand key in ntlm

---
 rdpy/protocol/rdp/nla/cssp.py |  12 +-
 rdpy/protocol/rdp/nla/ntlm.py | 264 ++++++++++++++++++++++++++++++----
 2 files changed, 241 insertions(+), 35 deletions(-)

diff --git a/rdpy/protocol/rdp/nla/cssp.py b/rdpy/protocol/rdp/nla/cssp.py
index c3fa547..b893071 100644
--- a/rdpy/protocol/rdp/nla/cssp.py
+++ b/rdpy/protocol/rdp/nla/cssp.py
@@ -123,11 +123,13 @@ def encodeDERTRequest(negoTypes):
 def decodeDERTRequest(s):
     """
     @summary: Decode the stream as 
-    @param s: {Stream}
+    @param s: ([{Stream}], {str} pubKeyAuth)
     """
-    tRequest = decoder.decode(s.getvalue(), asn1Spec=TSRequest())[0]
+    return decoder.decode(s.getvalue(), asn1Spec=TSRequest())[0]
+
+def getNegoTokens(tRequest):
     negoData = tRequest.getComponentByName("negoTokens")
+    return [Stream(negoData.getComponentByPosition(i).getComponentByPosition(0).asOctets()) for i in range(len(negoData))]
     
-    result = [Stream(negoData.getComponentByPosition(i).getComponentByPosition(0).asOctets()) for i in range(len(negoData))]
-    
-    return result
\ No newline at end of file
+def getPubKeyAuth(tRequest):
+    return tRequest.getComponentByName("pubKeyAuth").asOctets()
\ No newline at end of file
diff --git a/rdpy/protocol/rdp/nla/ntlm.py b/rdpy/protocol/rdp/nla/ntlm.py
index bc93422..4ec42d5 100644
--- a/rdpy/protocol/rdp/nla/ntlm.py
+++ b/rdpy/protocol/rdp/nla/ntlm.py
@@ -24,6 +24,7 @@
 
 import hashlib, hmac
 import rdpy.security.pyDes as pyDes
+import rdpy.security.rc4 as rc4
 from rdpy.security.rsa_wrapper import random
 from rdpy.core.type import CompositeType, CallableValue, String, UInt8, UInt16Le, UInt24Le, UInt32Le, sizeof
 
@@ -76,6 +77,14 @@ class Negotiate(object):
     NTLMSSP_REQUEST_TARGET = 0x00000004
     NTLM_NEGOTIATE_OEM = 0x00000002
     NTLMSSP_NEGOTIATE_UNICODE = 0x00000001
+    
+def getPayLoadField(message, length, bufferOffset):
+        if length == 0:
+            return None
+        offset = sizeof(message) - sizeof(message.Payload)
+        start = bufferOffset - offset
+        end = start + length
+        return message.Payload.value[start:end]
 
 class Version(CompositeType):
     """
@@ -150,20 +159,10 @@ class ChallengeMessage(CompositeType):
         self.Payload = String()
         
     def getTargetName(self):
-        if self.TargetNameLen.value == 0:
-            return None
-        offset = sizeof(self) - sizeof(self.Payload)
-        start = self.TargetNameBufferOffset.value - offset
-        end = start + self.TargetNameLen.value
-        return self.Payload.value[start:end]
+        return getPayLoadField(self, self.TargetNameLen.value, self.TargetNameBufferOffset.value)
     
     def getTargetInfo(self):
-        if self.TargetInfoLen.value == 0:
-            return None
-        offset = sizeof(self) - sizeof(self.Payload)
-        start = self.TargetInfoBufferOffset.value - offset
-        end = start + self.TargetInfoLen.value - 4
-        return self.Payload.value[start:end]
+        return getPayLoadField(self, self.TargetInfoLen.value - 4, self.TargetInfoBufferOffset.value)
         
 class AuthenticateMessage(CompositeType):
     """
@@ -206,20 +205,19 @@ class AuthenticateMessage(CompositeType):
         self.Payload = String()
         
     def getUserName(self):
-        if self.UserNameLen.value == 0:
-            return None
-        offset = sizeof(self) - sizeof(self.Payload)
-        start = self.UserNameBufferOffset.value - offset
-        end = start + self.UserNameLen.value
-        return self.Payload.value[start:end]
+        return getPayLoadField(self, self.UserNameLen.value, self.UserNameBufferOffset.value)
     
     def getDomainName(self):
-        if self.DomainNameLen.value == 0:
-            return None
-        offset = sizeof(self) - sizeof(self.Payload)
-        start = self.DomainNameBufferOffset.value - offset
-        end = start + self.DomainNameLen.value
-        return self.Payload.value[start:end]
+        return getPayLoadField(self, self.DomainNameLen.value, self.DomainNameBufferOffset.value)
+    
+    def getLmChallengeResponse(self):
+        return getPayLoadField(self, self.LmChallengeResponseLen.value, self.LmChallengeResponseBufferOffset.value)
+    
+    def getNtChallengeResponse(self):
+        return getPayLoadField(self, self.NtChallengeResponseLen.value, self.NtChallengeResponseBufferOffset.value)
+    
+    def getEncryptedRandomSession(self):
+        return getPayLoadField(self, self.EncryptedRandomSessionLen.value, self.EncryptedRandomSessionBufferOffset.value)
 
 def expandDesKey(key):
     """
@@ -281,6 +279,25 @@ def Z(m):
     @return: \x00 * m 
     """
     return "\x00" * m
+
+def RC4K(key, plaintext):
+    """
+    @summary: Context free of rc4 encoding
+    @param key: {str} key
+    @param plaintext: {str} plaintext
+    @return {str} encrypted text
+    """
+    return rc4.crypt(rc4.RC4Key(key), plaintext)
+
+def KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge):
+    """
+    @summary: Key eXchange Key
+    @param SessionBaseKey: {str} computed by NTLMv1Anthentication or NTLMv2Authenticate function
+    @param LmChallengeResponse : {str} computed by NTLMv1Anthentication or NTLMv2Authenticate function
+    @param ServerChallenge : {str} Server chanllenge come from ChallengeMessage
+    @see: https://msdn.microsoft.com/en-us/library/cc236710.aspx
+    """
+    return HMAC_MD5(SessionBaseKey, ServerChallenge + LmChallengeResponse[:8])
    
 def NTOWFv1(Passwd, User, UserDom):
     """
@@ -328,7 +345,7 @@ def NTOWFv2(Passwd, User, UserDom):
 def LMOWFv2(Passwd, User, UserDom):
     return NTOWFv2(Passwd, User, UserDom)
 
-def NTLMv2Authenticate(negFlag, domain, user, password, serverChallenge, serverName):
+def NTLMv2Authenticate(negFlag, domain, user, password, serverChallenge, serverName, Time = "\x00" * 8, ClientChallenge = None):
     """
     @summary: process NTLMv2 Authenticate hash
     @see: https://msdn.microsoft.com/en-us/library/cc236700.aspx
@@ -336,10 +353,11 @@ def NTLMv2Authenticate(negFlag, domain, user, password, serverChallenge, serverN
     ResponseKeyNT = NTOWFv2(password, user, domain)
     ResponseKeyLM = LMOWFv2(password, user, domain)
     
-    Responserversion = "\0x01"
-    HiResponserversion = "0x01"
-    Time = "\x00" * 8
-    ClientChallenge = random(64)
+    Responserversion = "\x01"
+    HiResponserversion = "\x01"
+    #Time = "\x00" * 8
+    if ClientChallenge is None:
+        ClientChallenge = random(64)
 
     temp = Responserversion + HiResponserversion + Z(6) + Time + ClientChallenge + Z(4) + serverName + Z(4)
     NTProofStr = HMAC_MD5(ResponseKeyNT, serverChallenge + temp)
@@ -392,4 +410,190 @@ def createAuthenticationMessage(method, challengeResponse, domain, user, passwor
     message.Payload.value += SessionBaseKey
     offset += len(SessionBaseKey)
     
-    return message
\ No newline at end of file
+    return message
+
+
+cssp_1 = [
+0x30, 0x2f, 0xa0, 0x03, 0x02, 0x01, 0x02, 0xa1, 
+0x28, 0x30, 0x26, 0x30, 0x24, 0xa0, 0x22, 0x04, 
+0x20, 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 
+0x00, 0x01, 0x00, 0x00, 0x00, 0x35, 0x82, 0x08, 
+0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+0x00 ]
+cssp_2 = [
+0x30, 0x82, 0x01, 0x09, 0xa0, 0x03, 0x02, 0x01, 
+0x02, 0xa1, 0x82, 0x01, 0x00, 0x30, 0x81, 0xfd, 
+0x30, 0x81, 0xfa, 0xa0, 0x81, 0xf7, 0x04, 0x81, 
+0xf4, 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 
+0x00, 0x02, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 
+0x00, 0x38, 0x00, 0x00, 0x00, 0x35, 0x82, 0x89, 
+0x62, 0x73, 0xc7, 0x43, 0xa9, 0xe7, 0xfc, 0xbb, 
+0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+0x00, 0xae, 0x00, 0xae, 0x00, 0x46, 0x00, 0x00, 
+0x00, 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 
+0x0f, 0x53, 0x00, 0x49, 0x00, 0x52, 0x00, 0x41, 
+0x00, 0x44, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x02, 
+0x00, 0x0e, 0x00, 0x53, 0x00, 0x49, 0x00, 0x52, 
+0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 0x00, 0x4c, 
+0x00, 0x01, 0x00, 0x16, 0x00, 0x57, 0x00, 0x41, 
+0x00, 0x56, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x4c, 
+0x00, 0x57, 0x00, 0x2d, 0x00, 0x30, 0x00, 0x30, 
+0x00, 0x39, 0x00, 0x04, 0x00, 0x1a, 0x00, 0x53, 
+0x00, 0x69, 0x00, 0x72, 0x00, 0x61, 0x00, 0x64, 
+0x00, 0x65, 0x00, 0x6c, 0x00, 0x2e, 0x00, 0x6c, 
+0x00, 0x6f, 0x00, 0x63, 0x00, 0x61, 0x00, 0x6c, 
+0x00, 0x03, 0x00, 0x32, 0x00, 0x77, 0x00, 0x61, 
+0x00, 0x76, 0x00, 0x2d, 0x00, 0x67, 0x00, 0x6c, 
+0x00, 0x77, 0x00, 0x2d, 0x00, 0x30, 0x00, 0x30, 
+0x00, 0x39, 0x00, 0x2e, 0x00, 0x53, 0x00, 0x69, 
+0x00, 0x72, 0x00, 0x61, 0x00, 0x64, 0x00, 0x65, 
+0x00, 0x6c, 0x00, 0x2e, 0x00, 0x6c, 0x00, 0x6f, 
+0x00, 0x63, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x05, 
+0x00, 0x1a, 0x00, 0x53, 0x00, 0x69, 0x00, 0x72, 
+0x00, 0x61, 0x00, 0x64, 0x00, 0x65, 0x00, 0x6c, 
+0x00, 0x2e, 0x00, 0x6c, 0x00, 0x6f, 0x00, 0x63, 
+0x00, 0x61, 0x00, 0x6c, 0x00, 0x07, 0x00, 0x08, 
+0x00, 0x56, 0x93, 0x34, 0x32, 0xc7, 0x55, 0xd0, 
+0x01, 0x00, 0x00, 0x00, 0x00 ]
+cssp_3 = [
+0x30, 0x82, 0x02, 0x0f, 0xa0, 0x03, 0x02, 0x01, 
+0x02, 0xa1, 0x82, 0x01, 0x62, 0x30, 0x82, 0x01, 
+0x5e, 0x30, 0x82, 0x01, 0x5a, 0xa0, 0x82, 0x01, 
+0x56, 0x04, 0x82, 0x01, 0x52, 0x4e, 0x54, 0x4c, 
+0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 
+0x00, 0x18, 0x00, 0x18, 0x00, 0x50, 0x00, 0x00, 
+0x00, 0xda, 0x00, 0xda, 0x00, 0x68, 0x00, 0x00, 
+0x00, 0x08, 0x00, 0x08, 0x00, 0x40, 0x00, 0x00, 
+0x00, 0x08, 0x00, 0x08, 0x00, 0x48, 0x00, 0x00, 
+0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 
+0x00, 0x10, 0x00, 0x10, 0x00, 0x42, 0x01, 0x00, 
+0x00, 0x35, 0x82, 0x08, 0x60, 0x63, 0x00, 0x6f, 
+0x00, 0x63, 0x00, 0x6f, 0x00, 0x74, 0x00, 0x6f, 
+0x00, 0x74, 0x00, 0x6f, 0x00, 0x1a, 0x8a, 0xc2, 
+0xbc, 0x64, 0xda, 0xc0, 0x28, 0x9b, 0xa8, 0x14, 
+0x08, 0x51, 0x6d, 0xd6, 0xb8, 0x29, 0x09, 0xd2, 
+0x99, 0x19, 0x33, 0x70, 0x9e, 0x51, 0xa0, 0x6e, 
+0xc5, 0x39, 0x47, 0xf3, 0x9e, 0x96, 0x6a, 0xc3, 
+0xfc, 0xb2, 0xeb, 0xc7, 0xe0, 0x01, 0x01, 0x00, 
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x45, 0x08, 
+0x32, 0xc7, 0x55, 0xd0, 0x01, 0x29, 0x09, 0xd2, 
+0x99, 0x19, 0x33, 0x70, 0x9e, 0x00, 0x00, 0x00, 
+0x00, 0x02, 0x00, 0x0e, 0x00, 0x53, 0x00, 0x49, 
+0x00, 0x52, 0x00, 0x41, 0x00, 0x44, 0x00, 0x45, 
+0x00, 0x4c, 0x00, 0x01, 0x00, 0x16, 0x00, 0x57, 
+0x00, 0x41, 0x00, 0x56, 0x00, 0x2d, 0x00, 0x47, 
+0x00, 0x4c, 0x00, 0x57, 0x00, 0x2d, 0x00, 0x30, 
+0x00, 0x30, 0x00, 0x39, 0x00, 0x04, 0x00, 0x1a, 
+0x00, 0x53, 0x00, 0x69, 0x00, 0x72, 0x00, 0x61, 
+0x00, 0x64, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x2e, 
+0x00, 0x6c, 0x00, 0x6f, 0x00, 0x63, 0x00, 0x61, 
+0x00, 0x6c, 0x00, 0x03, 0x00, 0x32, 0x00, 0x77, 
+0x00, 0x61, 0x00, 0x76, 0x00, 0x2d, 0x00, 0x67, 
+0x00, 0x6c, 0x00, 0x77, 0x00, 0x2d, 0x00, 0x30, 
+0x00, 0x30, 0x00, 0x39, 0x00, 0x2e, 0x00, 0x53, 
+0x00, 0x69, 0x00, 0x72, 0x00, 0x61, 0x00, 0x64, 
+0x00, 0x65, 0x00, 0x6c, 0x00, 0x2e, 0x00, 0x6c, 
+0x00, 0x6f, 0x00, 0x63, 0x00, 0x61, 0x00, 0x6c, 
+0x00, 0x05, 0x00, 0x1a, 0x00, 0x53, 0x00, 0x69, 
+0x00, 0x72, 0x00, 0x61, 0x00, 0x64, 0x00, 0x65, 
+0x00, 0x6c, 0x00, 0x2e, 0x00, 0x6c, 0x00, 0x6f, 
+0x00, 0x63, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x07, 
+0x00, 0x08, 0x00, 0x56, 0x93, 0x34, 0x32, 0xc7, 
+0x55, 0xd0, 0x01, 0x00, 0x00, 0x00, 0x00, 0xbf, 
+0xec, 0xf5, 0xf6, 0x69, 0x01, 0x3a, 0xef, 0x5b, 
+0xd0, 0xab, 0xfe, 0x3f, 0xdf, 0x75, 0x30, 0xa3, 
+0x82, 0x00, 0xa0, 0x04, 0x82, 0x00, 0x9c, 0x01, 
+0x00, 0x00, 0x00, 0xc4, 0x0e, 0xcd, 0x96, 0x8f, 
+0x67, 0xc0, 0xdd, 0x00, 0x00, 0x00, 0x00, 0xcf, 
+0x88, 0xbd, 0x30, 0xe2, 0x53, 0x4a, 0x4b, 0x8d, 
+0x49, 0xd4, 0xe9, 0xa3, 0x63, 0x1f, 0xe8, 0x19, 
+0x59, 0xe6, 0x88, 0x96, 0xaa, 0x50, 0x35, 0x81, 
+0x02, 0x9a, 0x91, 0x25, 0x8b, 0x1c, 0x0f, 0x8f, 
+0xc6, 0x91, 0x44, 0x55, 0x5f, 0x4e, 0xd9, 0x1b, 
+0xc3, 0xae, 0x94, 0xde, 0x09, 0xa8, 0xdd, 0x80, 
+0x64, 0x52, 0x85, 0x4a, 0xf2, 0xd7, 0xc7, 0x11, 
+0x29, 0x22, 0xbe, 0xe5, 0xad, 0x57, 0x6b, 0x4f, 
+0xdc, 0xa1, 0xae, 0x00, 0x5b, 0xff, 0xe8, 0x6c, 
+0xdb, 0x15, 0x84, 0x18, 0x94, 0x0e, 0xeb, 0xcd, 
+0x9d, 0x41, 0xc3, 0x4e, 0xf6, 0xa6, 0xcf, 0x2c, 
+0xf5, 0xc5, 0x9e, 0xa0, 0xd9, 0x80, 0x5f, 0xaa, 
+0x22, 0x66, 0x61, 0x56, 0xde, 0x3e, 0xcb, 0x5f, 
+0x7c, 0x64, 0xaf, 0xbf, 0xa7, 0x26, 0x83, 0xa8, 
+0x5c, 0x88, 0xf3, 0xbe, 0x8a, 0xe6, 0xe6, 0x4c, 
+0xf7, 0x95, 0xd0, 0xa8, 0xf0, 0x8c, 0x21, 0xf8, 
+0x86, 0x77, 0x49, 0x29, 0xe3, 0xd3, 0xf8, 0x78, 
+0x1f, 0x51, 0x91 ]
+
+pubKey = "\x30\x81\x89\x02\x81\x81\x00\x9e\x95\xb5\x41\x03\xc5\x33\xea\x29\x65\x2b\x65\xef\x30\x71\xdd\x73\xbb\x30\x3b\xec\xca\x72\xcf\xbd\xe0\xf8\x21\xff\xa6\x97\x76\xa1\x08\xb5\xd2\xc6\x95\x81\xd2\xba\x71\x10\x4a\xac\x25\x34\x37\xa0\xc3\x57\xf0\xea\x1f\x8c\x84\xeb\x7b\xe6\x6c\x50\x26\x1f\xb7\x41\x0a\x58\xd3\x80\x87\x3d\x0b\x41\xd9\xbc\x54\x3a\x0f\x77\x14\x79\xf5\xb9\xa4\x38\xeb\x13\x08\x35\xae\xbf\xb3\x17\x5a\xe2\x58\x89\x39\xc4\x22\x7f\x16\x57\x90\x08\xaf\x91\x3b\x95\xc8\x53\xd0\xc0\x8e\x19\x8a\xf3\x10\xbc\xc8\xc7\x42\xfb\x12\xde\x2d\x5e\x83\x02\x03\x01\x00\x01"
+
+if __name__ == "__main__":
+    import cssp, hexdump
+    from rdpy.core.type import Stream
+    
+    negotiate_data_request = cssp.decodeDERTRequest(Stream("".join([chr(i) for i in cssp_1])))
+    challenge_data_request = cssp.decodeDERTRequest(Stream("".join([chr(i) for i in cssp_2])))
+    authenticate_data_request = cssp.decodeDERTRequest(Stream("".join([chr(i) for i in cssp_3])))
+    
+    negotiate_data = cssp.getNegoTokens(negotiate_data_request)[0]
+    challenge_data = cssp.getNegoTokens(challenge_data_request)[0]
+    authenticate_data = cssp.getNegoTokens(authenticate_data_request)[0]
+    
+    negotiate = NegotiateMessage()
+    negotiate_data.readType(negotiate)
+    
+    challenge = ChallengeMessage()
+    challenge_data.readType(challenge)
+    
+    ServerChallenge = challenge.ServerChallenge.value
+    ServerName = challenge.getTargetInfo()
+    
+    authenticate = AuthenticateMessage()
+    authenticate_data.readType(authenticate)
+    
+    NtChallengeResponse = authenticate.getNtChallengeResponse()
+    NTProofStr = NtChallengeResponse[:16]
+    temp = NtChallengeResponse[16:]
+    Time = temp[8:16]
+    ClientChallenge = temp[16:24]
+    ServerName2 = temp[28:-4]
+    
+    LmChallengeResponse = authenticate.getLmChallengeResponse()
+    SessionBaseKey = authenticate.getEncryptedRandomSession()
+    encryptedPubKey = cssp.getPubKeyAuth(authenticate_data_request)
+    
+    NtChallengeResponse2, LmChallengeResponse2, SessionBaseKey2 = NTLMv2Authenticate(None, "coco", "toto", "lolo", ServerChallenge, ServerName, Time, ClientChallenge)
+    
+    KeyExchangeKey = HMAC_MD5(SessionBaseKey2, ServerChallenge + LmChallengeResponse[:7])
+    ExportedSessionKey = RC4K(KeyExchangeKey, SessionBaseKey)
+    sealingKey = MD5(ExportedSessionKey + "session key to client-to-server sealing key magic constant")
+    #sealingKey = MD5(sealingKey + "\x00" + "\x00" * 3)
+    
+    encryptedPubKey2 = RC4K(sealingKey, pubKey)
+    
+    hexdump.hexdump(encryptedPubKey)
+    print "\n"
+    hexdump.hexdump(encryptedPubKey2)
+    print "-"*40
+    print "NtChallengeResponse"
+    print "\n"
+    hexdump.hexdump(NtChallengeResponse)
+    print "\n"
+    hexdump.hexdump(NtChallengeResponse2)
+    print "-"*40
+     
+    print "-"*40
+    print "LmChallengeResponse"
+    print "\n"
+    hexdump.hexdump(LmChallengeResponse)
+    print "\n"
+    hexdump.hexdump(LmChallengeResponse2)
+    print "-"*40
+     
+    print "-"*40
+    print "SessionBaseKey"
+    print "\n"
+    hexdump.hexdump(SessionBaseKey)
+    print "\n"
+    hexdump.hexdump(SessionBaseKey2)
+    print "-"*40
\ No newline at end of file