hashing

package

v0.0.0-...-8ceafa1 Latest Latest Go to latest Published: Mar 9, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ILightThings/AttackParseToolkit

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GenLMOWFv2(user string, domain string, password string, ntlmhash []byte) ([]byte, error)
func GenNTOWFv2(user string, domain string, password string, ntlmhash []byte) ([]byte, error)
func GenerateNTLMv2ChallengeProof(challenge []byte, password string, ntlmhash []byte, username string, ...) ([]byte, error)
func PrintNTLMSSPStruc(a interface{})
func ToNTHash(in string) []byte
func ToNTHashString(password string) string
type AVID
- func (a *AVID) Readable()
type NTLMMessageType
type NTLMSSP_Auth
- func ParseNTLMSSP_Auth(NTLMSSP_Auth_Bytes []byte) (NTLMSSP_Auth, error)
- func (a *NTLMSSP_Auth) Readable()
type NTLMSSP_Challenge
- func ParseNTLMSSP_Challenge(NTLMSSP_Challenge_Bytes []byte) (NTLMSSP_Challenge, error)
- func (a *NTLMSSP_Challenge) Readable()
type NTLMv2_CLIENT_CHALLENGE
- func (a *NTLMv2_CLIENT_CHALLENGE) Readable()
type NTLMv2_Responce
- func (a *NTLMv2_Responce) Readable()
type VersionStruct
- func (v *VersionStruct) HumanString() string

Constants ¶

View Source

const (
	NEGOTIATE_MESSAGE = iota + 1
	CHALLENGE_MESSAGE
	AUTHENTICATE_MESSAGE
)

Variables ¶

This section is empty.

Functions ¶

func GenLMOWFv2 ¶

func GenLMOWFv2(user string, domain string, password string, ntlmhash []byte) ([]byte, error)

LOL I know its the same as GenNTOWFv2 but shutup https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/5e550938-91d4-459f-b67d-75d70009e3f3

func GenNTOWFv2 ¶

func GenNTOWFv2(user string, domain string, password string, ntlmhash []byte) ([]byte, error)

func GenerateNTLMv2ChallengeProof ¶

func GenerateNTLMv2ChallengeProof(challenge []byte, password string, ntlmhash []byte, username string, domain string, blob []byte) ([]byte, error)

ntProofStr Hash or Password

func PrintNTLMSSPStruc ¶

func PrintNTLMSSPStruc(a interface{})

func ToNTHash ¶

func ToNTHash(in string) []byte

ToNTHash will turn a string into a byte slice representation of a NTLM hash

func ToNTHashString ¶

func ToNTHashString(password string) string

ToNTHash will turn a string into a hex string representation of a NTLM hash. Useful for pass the hash attacks

Types ¶

type AVID ¶

type AVID struct {
	MsvAvEOL             []byte `ntlmssp:"void"`          // 0x0000 Signify end of AVID
	MsvAvNbComputerName  []byte `ntlmssp:"utf16lestring"` // 0x0001
	MsvAvNbDomainName    []byte `ntlmssp:"utf16lestring"` // 0x0002
	MsvAvDnsComputerName []byte `ntlmssp:"utf16lestring"` // 0x0003
	MsvAvDnsDomainName   []byte `ntlmssp:"utf16lestring"` // 0x0004
	MsvAvDnsTreeName     []byte `ntlmssp:"utf16lestring"` // 0x0005
	MsvAvFlags           []byte `ntlmssp:"avFlags"`       // 0x0006
	MsvAvTimestamp       []byte `ntlmssp:"time"`          // 0x0007
	MsvAvSingleHost      []byte `ntlmssp:"tbd"`           // 0x0008
	MsvAvTargetName      []byte `ntlmssp:"utf16lestring"` // 0x0009 CIFS/Targetname
	MsvAvChannelBindings []byte `ntlmssp:"tbd"`           // 0x000A

}

func (*AVID) Readable ¶

func (a *AVID) Readable()

type NTLMMessageType ¶

type NTLMMessageType uint32

type NTLMSSP_Auth ¶

type NTLMSSP_Auth struct {
	Signature                 []byte `ntlmssp:"identifyer"`     // 8 bytes, offset 0
	MessageType               []byte `ntlmssp:"MessageType"`    // 4 bytes, offset 8
	LmChallengeResponse       []byte `ntlmssp:"hexstring"`      // 8 bytes, offset 12
	NtChallengeResponse       []byte `ntlmssp:"hexstring"`      // 8 bytes, offset 20
	DomainName                []byte `ntlmssp:"utf16lestring"`  // 8 bytes, offset 28
	UserName                  []byte `ntlmssp:"utf16lestring"`  // 8 bytes, offset 36
	Workstation               []byte `ntlmssp:"utf16lestring"`  // 8 bytes, offset 44
	EncryptedRandomSessionKey []byte `ntlmssp:"hexstring"`      // 8 bytes, offset 52
	NegotiateFlags            []byte `ntlmssp:"NegotiateFlags"` // 4 bytes, offset 60
	Version                   []byte `ntlmssp:"version"`        // 8 bytes, Variable Offset //that SHOULD be populated only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field
	MIC                       []byte `ntlmssp:"hexstring"`      // 8 bytes, Variable Offset
}

func ParseNTLMSSP_Auth ¶

func ParseNTLMSSP_Auth(NTLMSSP_Auth_Bytes []byte) (NTLMSSP_Auth, error)

func (*NTLMSSP_Auth) Readable ¶

func (a *NTLMSSP_Auth) Readable()

type NTLMSSP_Challenge ¶

type NTLMSSP_Challenge struct {
	Signature       []byte `ntlmssp:"identifyer"`     // 8 bytes offset 0
	MessageType     []byte `ntlmssp:"MessageType"`    // 4 bytes, offset 8
	TargetName      []byte `ntlmssp:"utf16lestring"`  // 8 bytes, offset 12
	NegotiateFlags  []byte `ntlmssp:"NegotiateFlags"` // 4 bytes, offset 20
	ServerChallenge []byte `ntlmssp:"hexstring"`      // 8 bytes, offset 24
	Reserved        []byte `ntlmssp:"hexstring"`      // 8 bytes, offset 32
	TargetInfo      []byte `ntlmssp:"AV_Pair"`        // 8 bytes, offset 40 //AVID
	Version         []byte `ntlmssp:"version"`        // 8 bytes, offset 48
}

Rename these to follow the offical whitepaper name

func ParseNTLMSSP_Challenge ¶

func ParseNTLMSSP_Challenge(NTLMSSP_Challenge_Bytes []byte) (NTLMSSP_Challenge, error)

Parses the NTLMSSP_Challenge to a NTLMSSP_Challenge struct

func (*NTLMSSP_Challenge) Readable ¶

func (a *NTLMSSP_Challenge) Readable()

Prints a human readble verson of the NTLMSSP_Challenge to the console

type NTLMv2_CLIENT_CHALLENGE ¶

type NTLMv2_CLIENT_CHALLENGE struct {
	RespType            []byte `ntlmssp:"hexstring"` // 1 bytes, offset 0
	HiRespType          []byte `ntlmssp:"hexstring"` // 1 bytes, offset 1
	Reserved1           []byte `ntlmssp:"hexstring"` // 2 bytes, offset 2 // Needs to be 00 00
	Reserved2           []byte `ntlmssp:"hexstring"` // 4 bytes, offset 4 // Needs to be 00 00 00 00
	TimeStamp           []byte `ntlmssp:"time"`      // 8 bytes offset 8
	ChallengeFromClient []byte `ntlmssp:"hexstring"` // 8 bytes offset 16
	Reserved3           []byte `ntlmssp:"hexstring"` // 4 bytes offset 24 // Needs to be 00 00 00 00
	AvPairs             []byte `ntlmssp:"hexstring"` // Variable bytes, offset 28
}

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/aee311d6-21a7-4470-92a5-c4ecb022a87b?source=recommendations

func (*NTLMv2_CLIENT_CHALLENGE) Readable ¶

func (a *NTLMv2_CLIENT_CHALLENGE) Readable()

type NTLMv2_Responce ¶

type NTLMv2_Responce struct {
	Responce  []byte `ntlmssp:"hexstring"` // 16 bytes, offset 0  // Result of GenerateNTLMv2ChallengeProof
	Challenge []byte `ntlmssp:"hexstring"` // Variable, offset 16 // Direct copy from NTLMv2_CLIENT_CHALLENGE
}

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/d43e2224-6fc3-449d-9f37-b90b55a29c80

func (*NTLMv2_Responce) Readable ¶

func (a *NTLMv2_Responce) Readable()

type VersionStruct ¶

type VersionStruct struct {
	ProductMajor byte   //1 bytes, offset 0
	ProductMinor byte   //1 bytes, offset 1
	ProductBuild []byte //2 bytes, offset 2
	Reserved     []byte //3 bytes, offset 4
	NTLMVersion  byte   //1 bytes, offset 7 ?
}

func (*VersionStruct) HumanString ¶

func (v *VersionStruct) HumanString() string

Move this to the PrintNTLMSSPStruc Returns a version string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL