ntlm

package
v1.0.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 21, 2018 License: GPL-3.0, BSD-4-Clause Imports: 16 Imported by: 0

Documentation

Overview

Package NTLM implements the interfaces used for interacting with NTLMv1 and NTLMv2. To create NTLM v1 or v2 sessions you would use CreateClientSession and create ClientServerSession.

Index

Constants

View Source
const (
	NEGOTIATE_FLAG_REQUEST_NTLMv1           = 0x00000200
	NEGOTIATE_FLAG_REQUEST_NTLM2_SESSION    = 0x00080000
	NEGOTIATE_FLAG_REQUEST_VERSION          = 0x02000000
	NEGOTIATE_FLAG_REQUEST_ALWAYS_SIGN      = 0x00008000
	NEGOTIATE_FLAG_REQUEST_128BIT_KEY_EXCH  = 0x20000000
	NEGOTIATE_FLAG_REQUEST_56BIT_ENCRYPTION = 0x80000000
	NEGOTIATE_FLAG_REQUEST_UNICODE_ENCODING = 0x00000001
)

Supported negotiate flags

View Source
const (
	UnicodeStringPayload = iota
	OemStringPayload
	BytesPayload
)

Variables

This section is empty.

Functions

func FlagsToString

func FlagsToString(flags uint32) string

func GetFlagName

func GetFlagName(flag NegotiateFlag) string

func MacsEqual

func MacsEqual(slice1, slice2 []byte) bool

func NtlmV2Mac

func NtlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte

func NtlmVCommonMac

func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte

Mildly ghetto that we expose this

Types

type AuthenticateMessage

type AuthenticateMessage struct {
	// sig - 8 bytes
	Signature []byte
	// message type - 4 bytes
	MessageType uint32

	// The LmChallenge Response can be v1 or v2
	LmChallengeResponse *PayloadStruct // 8 bytes
	LmV1Response        *LmV1Response
	LmV2Response        *LmV2Response

	// The NtChallengeResponse can be v1 or v2
	NtChallengeResponseFields *PayloadStruct // 8 bytes
	NtlmV1Response            *NtlmV1Response
	NtlmV2Response            *NtlmV2Response

	DomainName  *PayloadStruct // 8 bytes
	UserName    *PayloadStruct // 8 bytes
	Workstation *PayloadStruct // 8 bytes

	// If the NTLMSSP_NEGOTIATE_KEY_EXCH flag is set in the neogitate flags then this will point to the offset in the payload
	// with the key, otherwise it will have Len = 0. According to Davenport these bytes are optional (see Type3 message).
	// The MS-NLMP docs do not mention this.
	EncryptedRandomSessionKey *PayloadStruct // 8 bytes

	/// MS-NLMP 2.2.1.3 - In connectionless mode, a NEGOTIATE structure that contains a set of bit flags (section 2.2.2.5) and represents the
	// conclusion of negotiation—the choices the client has made from the options the server offered in the CHALLENGE_MESSAGE.
	// In connection-oriented mode, a NEGOTIATE structure that contains the set of bit flags (section 2.2.2.5) negotiated in
	// the previous
	NegotiateFlags uint32 // 4 bytes

	// Version (8 bytes): A VERSION structure (section 2.2.2.10) that is present only when the NTLMSSP_NEGOTIATE_VERSION
	// flag is set in the NegotiateFlags field. This structure is used for debugging purposes only. In normal protocol
	// messages, it is ignored and does not affect the NTLM message processing.<9>
	Version *VersionStruct

	// The message integrity for the NTLM NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE.<10>
	Mic []byte // 16 bytes

	// payload - variable
	Payload []byte
}

func ParseAuthenticateMessage

func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*AuthenticateMessage, error)

func (*AuthenticateMessage) Bytes

func (a *AuthenticateMessage) Bytes() []byte

func (*AuthenticateMessage) ClientChallenge

func (a *AuthenticateMessage) ClientChallenge() (response []byte)

func (*AuthenticateMessage) String

func (a *AuthenticateMessage) String() string

type AvPair

type AvPair struct {
	AvId  AvPairType
	AvLen uint16
	Value []byte
}

AvPair as described by MS-NLMP

func ReadAvPair

func ReadAvPair(data []byte, offset int) *AvPair

func (*AvPair) Bytes

func (a *AvPair) Bytes() (result []byte)

func (*AvPair) String

func (a *AvPair) String() string

func (*AvPair) UnicodeStringValue

func (a *AvPair) UnicodeStringValue() string

type AvPairType

type AvPairType uint16
const (
	// Indicates that this is the last AV_PAIR in the list. AvLen MUST be 0. This type of information MUST be present in the AV pair list.
	MsvAvEOL AvPairType = iota
	// The server's NetBIOS computer name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
	MsvAvNbComputerName
	// The server's NetBIOS domain name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
	MsvAvNbDomainName
	// The fully qualified domain name (FQDN (1)) of the computer. The name MUST be in Unicode, and is not null-terminated.
	MsvAvDnsComputerName
	// The FQDN (2) of the domain. The name MUST be in Unicode, and is not null-terminate.
	MsvAvDnsDomainName
	// The FQDN (2) of the forest. The name MUST be in Unicode, and is not null-terminated.<11>
	MsvAvDnsTreeName
	// A 32-bit value indicating server or client configuration.
	// 0x00000001: indicates to the client that the account authentication is constrained.
	// 0x00000002: indicates that the client is providing message integrity in the MIC field (section 2.2.1.3) in the AUTHENTICATE_MESSAGE.<12>
	// 0x00000004: indicates that the client is providing a target SPN generated from an untrusted source.<13>
	MsvAvFlags
	// A FILETIME structure ([MS-DTYP] section 2.3.1) in little-endian byte order that contains the server local time.<14>
	MsvAvTimestamp
	//A Restriction_Encoding (section 2.2.2.2) structure. The Value field contains a structure representing the integrity level of the security principal, as well as a MachineID created at computer startup to identify the calling machine.<15>
	MsAvRestrictions
	// The SPN of the target server. The name MUST be in Unicode and is not null-terminated.<16>
	MsvAvTargetName
	// annel bindings hash. The Value field contains an MD5 hash ([RFC4121] section 4.1.1.2) of a gss_channel_bindings_struct ([RFC2744] section 3.11).
	// An all-zero value of the hash is used to indicate absence of channel bindings.<17>
	MsvChannelBindings
)

MS-NLMP - 2.2.2.1 AV_PAIR

type AvPairs

type AvPairs struct {
	List []AvPair
}

Helper struct that contains a list of AvPairs with helper methods for running through them

func ReadAvPairs

func ReadAvPairs(data []byte) *AvPairs

func (*AvPairs) AddAvPair

func (p *AvPairs) AddAvPair(avId AvPairType, bytes []byte)

func (*AvPairs) ByteValue

func (p *AvPairs) ByteValue(avType AvPairType) (result []byte)

func (*AvPairs) Bytes

func (p *AvPairs) Bytes() (result []byte)

func (*AvPairs) Find

func (p *AvPairs) Find(avType AvPairType) (result *AvPair)

func (*AvPairs) String

func (p *AvPairs) String() string

func (*AvPairs) StringValue

func (p *AvPairs) StringValue(avType AvPairType) (result string)

type ChallengeMessage

type ChallengeMessage struct {
	// sig - 8 bytes
	Signature []byte
	// message type - 4 bytes
	MessageType uint32
	// targetname - 12 bytes
	TargetName *PayloadStruct
	// negotiate flags - 4bytes
	NegotiateFlags uint32
	// server challenge - 8 bytes
	ServerChallenge []byte

	// reserved - 8 bytes (set to 0). This field is also known as 'context' in the davenport documentation
	Reserved []byte

	// targetinfo  - 12 bytes
	TargetInfoPayloadStruct *PayloadStruct
	TargetInfo              *AvPairs

	// version - 8 bytes
	Version *VersionStruct
	// payload - variable
	Payload []byte
}

func ParseChallengeMessage

func ParseChallengeMessage(body []byte) (*ChallengeMessage, error)

func (*ChallengeMessage) Bytes

func (c *ChallengeMessage) Bytes() []byte

func (*ChallengeMessage) String

func (c *ChallengeMessage) String() string

type ClientSession

type ClientSession interface {
	SetUserInfo(username string, password string, domain string)
	SetMode(mode Mode)

	GenerateNegotiateMessage() (*NegotiateMessage, error)
	ProcessChallengeMessage(*ChallengeMessage) error
	GenerateAuthenticateMessage() (*AuthenticateMessage, error)

	Seal(message []byte) ([]byte, error)
	Sign(message []byte) ([]byte, error)
	Mac(message []byte, sequenceNumber int) ([]byte, error)
	VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)
}

func CreateClientSession

func CreateClientSession(version Version, mode Mode) (n ClientSession, err error)

Creates an NTLM v1 or v2 client mode - This must be ConnectionlessMode or ConnectionOrientedMode depending on what type of NTLM is used version - This must be Version1 or Version2 depending on the version of NTLM used

type LmV1Response

type LmV1Response struct {
	// 24 bytes
	Response []byte
}

LMv1 ****

func ReadLmV1Response

func ReadLmV1Response(bytes []byte) *LmV1Response

func (*LmV1Response) String

func (l *LmV1Response) String() string

type LmV2Response

type LmV2Response struct {
	// A 16-byte array of unsigned char that contains the client's LM challenge-response.
	// This is the portion of the LmChallengeResponse field to which the HMAC_MD5 algorithm
	/// has been applied, as defined in section 3.3.2. Specifically, Response corresponds
	// to the result of applying the HMAC_MD5 algorithm, using the key ResponseKeyLM, to a
	// message consisting of the concatenation of the ResponseKeyLM, ServerChallenge and ClientChallenge.
	Response []byte
	// An 8-byte array of unsigned char that contains the client's ClientChallenge, as defined in section 3.1.5.1.2.
	ChallengeFromClient []byte
}

*** LMv2

func ReadLmV2Response

func ReadLmV2Response(bytes []byte) *LmV2Response

func (*LmV2Response) String

func (l *LmV2Response) String() string

type Mode

type Mode int
const (
	ConnectionlessMode Mode = iota
	ConnectionOrientedMode
)

type NegotiateFlag

type NegotiateFlag uint32
const (
	// A (1 bit): If set, requests Unicode character set encoding. An alternate name for this field is NTLMSSP_NEGOTIATE_UNICODE.
	NTLMSSP_NEGOTIATE_UNICODE NegotiateFlag = 1 << iota
	// B (1 bit): If set, requests OEM character set encoding. An alternate name for this field is NTLM_NEGOTIATE_OEM. See bit A for details.
	NTLM_NEGOTIATE_OEM
	// The A and B bits are evaluated together as follows:
	// A==1: The choice of character set encoding MUST be Unicode.
	// A==0 and B==1: The choice of character set encoding MUST be OEM.
	// A==0 and B==0: The protocol MUST return SEC_E_INVALID_TOKEN.
	// C (1 bit): If set, a TargetName field of the CHALLENGE_MESSAGE (section 2.2.1.2) MUST be supplied. An alternate name for this field is NTLMSSP_REQUEST_TARGET.
	NTLMSSP_REQUEST_TARGET
	// r10 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R10
	// D (1 bit): If set, requests session key negotiation for message signatures. If the client sends NTLMSSP_NEGOTIATE_SIGN to the server
	// in the NEGOTIATE_MESSAGE, the server MUST return NTLMSSP_NEGOTIATE_SIGN to the client in the CHALLENGE_MESSAGE. An alternate name
	// for this field is NTLMSSP_NEGOTIATE_SIGN.
	NTLMSSP_NEGOTIATE_SIGN
	// E (1 bit): If set, requests session key negotiation for message confidentiality. If the client sends NTLMSSP_NEGOTIATE_SEAL
	// to the server in the NEGOTIATE_MESSAGE, the server MUST return NTLMSSP_NEGOTIATE_SEAL to the client in the CHALLENGE_MESSAGE.
	// Clients and servers that set NTLMSSP_NEGOTIATE_SEAL SHOULD always set NTLMSSP_NEGOTIATE_56 and NTLMSSP_NEGOTIATE_128,
	// if they are supported. An alternate name for this field is NTLMSSP_NEGOTIATE_SEAL.
	NTLMSSP_NEGOTIATE_SEAL
	// F (1 bit): If set, requests connectionless authentication. If NTLMSSP_NEGOTIATE_DATAGRAM is set, then NTLMSSP_NEGOTIATE_KEY_EXCH
	// MUST always be set in the AUTHENTICATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. An alternate name for
	// this field is NTLMSSP_NEGOTIATE_DATAGRAM.
	NTLMSSP_NEGOTIATE_DATAGRAM
	// G (1 bit): If set, requests LAN Manager (LM) session key computation. NTLMSSP_NEGOTIATE_LM_KEY and NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
	// are mutually exclusive. If both NTLMSSP_NEGOTIATE_LM_KEY and NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are requested,
	// NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY alone MUST be returned to the client. NTLM v2 authentication session key generation
	// MUST be supported by both the client and the DC in order to be used, and extended session security signing and sealing requires
	// support from the client and the server to be used. An alternate name for this field is NTLMSSP_NEGOTIATE_LM_KEY.
	NTLMSSP_NEGOTIATE_LM_KEY
	// r9 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R9
	// H (1 bit): If set, requests usage of the NTLM v1 session security protocol. NTLMSSP_NEGOTIATE_NTLM MUST be set in the
	// NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. An alternate name for this field is NTLMSSP_NEGOTIATE_NTLM.
	NTLMSSP_NEGOTIATE_NTLM
	// r8 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R8
	// J (1 bit): If set, the connection SHOULD be anonymous.<26> r8 (1 bit): This bit is unused and SHOULD be zero.<27>
	NTLMSSP_ANONYMOUS
	// K (1 bit): If set, the domain name is provided (section 2.2.1.1).<25> An alternate name for this field is NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED.
	NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
	// L (1 bit): This flag indicates whether the Workstation field is present. If this flag is not set, the Workstation field
	// MUST be ignored. If this flag is set, the length field of the Workstation field specifies whether the workstation name
	// is nonempty or not.<24> An alternate name for this field is NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED.
	NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
	// r7 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R7
	// M (1 bit): If set, requests the presence of a signature block on all  NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be
	// set in the NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. NTLMSSP_NEGOTIATE_ALWAYS_SIGN is
	// overridden by NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, if they are supported. An alternate name for this field
	// is NTLMSSP_NEGOTIATE_ALWAYS_SIGN.
	NTLMSSP_NEGOTIATE_ALWAYS_SIGN
	// N (1 bit): If set, TargetName MUST be a domain name. The data corresponding to this flag is provided by the server in the
	// TargetName field of the CHALLENGE_MESSAGE. If set, then NTLMSSP_TARGET_TYPE_SERVER MUST NOT be set. This flag MUST be ignored
	// in the NEGOTIATE_MESSAGE and the AUTHENTICATE_MESSAGE. An alternate name for this field is NTLMSSP_TARGET_TYPE_DOMAIN.
	NTLMSSP_TARGET_TYPE_DOMAIN
	// O (1 bit): If set, TargetName MUST be a server name. The data corresponding to this flag is provided by the server in the
	// TargetName field of the CHALLENGE_MESSAGE. If this bit is set, then NTLMSSP_TARGET_TYPE_DOMAIN MUST NOT be set. This flag MUST
	// be ignored in the NEGOTIATE_MESSAGE and the AUTHENTICATE_MESSAGE. An alternate name for this field is NTLMSSP_TARGET_TYPE_SERVER.
	NTLMSSP_TARGET_TYPE_SERVER
	// r6 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R6
	// P (1 bit): If set, requests usage of the NTLM v2 session security. NTLM v2 session security is a misnomer because it is not
	// NTLM v2. It is NTLM v1 using the extended session security that is also in NTLM v2. NTLMSSP_NEGOTIATE_LM_KEY and
	// NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are mutually exclusive. If both NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY and
	// NTLMSSP_NEGOTIATE_LM_KEY are requested, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY alone MUST be returned to the client.
	// NTLM v2 authentication session key generation MUST be supported by both the client and the DC in order to be used, and extended
	// session security signing and sealing requires support from the client and the server in order to be used.<23> An alternate name
	// for this field is NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.
	NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
	// Q (1 bit): If set, requests an identify level token. An alternate name for this field is NTLMSSP_NEGOTIATE_IDENTIFY.
	NTLMSSP_NEGOTIATE_IDENTIFY
	// r5 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R5
	// R (1 bit): If set, requests the usage of the LMOWF (section 3.3). An alternate name for this field is NTLMSSP_REQUEST_NON_NT_SESSION_KEY.
	NTLMSSP_REQUEST_NON_NT_SESSION_KEY
	// S (1 bit): If set, indicates that the TargetInfo fields in the CHALLENGE_MESSAGE (section 2.2.1.2) are populated. An alternate
	// name for this field is NTLMSSP_NEGOTIATE_TARGET_INFO.
	NTLMSSP_NEGOTIATE_TARGET_INFO
	//  r4 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R4
	// T (1 bit): If set, requests the protocol version number. The data corresponding to this flag is provided in the Version field of the
	// NEGOTIATE_MESSAGE, the CHALLENGE_MESSAGE, and the AUTHENTICATE_MESSAGE.<22> An alternate name for this field is NTLMSSP_NEGOTIATE_VERSION.
	NTLMSSP_NEGOTIATE_VERSION
	// r3 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R3
	// r2 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R2
	// r1 (1 bit): This bit is unused and MUST be zero.
	NTLMSSP_R1
	// U (1 bit): If set, requests 128-bit session key negotiation. An alternate name for this field is NTLMSSP_NEGOTIATE_128. If the client
	// sends NTLMSSP_NEGOTIATE_128 to the server in the NEGOTIATE_MESSAGE, the server MUST return NTLMSSP_NEGOTIATE_128 to the client in the
	// CHALLENGE_MESSAGE only if the client sets NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN. Otherwise it is ignored. If both
	// NTLMSSP_NEGOTIATE_56 and NTLMSSP_NEGOTIATE_128 are requested and supported by the client and server, NTLMSSP_NEGOTIATE_56 and
	// NTLMSSP_NEGOTIATE_128 will both be returned to the client. Clients and servers that set NTLMSSP_NEGOTIATE_SEAL SHOULD set
	// NTLMSSP_NEGOTIATE_128 if it is supported. An alternate name for this field is NTLMSSP_NEGOTIATE_128.<21>
	NTLMSSP_NEGOTIATE_128
	// V (1 bit): If set, requests an explicit key exchange. This capability SHOULD be used because it improves security for message integrity or
	// confidentiality. See sections 3.2.5.1.2, 3.2.5.2.1, and 3.2.5.2.2 for details. An alternate name for this field is NTLMSSP_NEGOTIATE_KEY_EXCH.
	NTLMSSP_NEGOTIATE_KEY_EXCH
	// If set, requests 56-bit encryption. If the client sends NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN with NTLMSSP_NEGOTIATE_56 to the
	// server in the NEGOTIATE_MESSAGE, the server MUST return NTLMSSP_NEGOTIATE_56 to the client in the CHALLENGE_MESSAGE. Otherwise it is ignored.
	// If both NTLMSSP_NEGOTIATE_56 and NTLMSSP_NEGOTIATE_128 are requested and supported by the client and server, NTLMSSP_NEGOTIATE_56 and
	// NTLMSSP_NEGOTIATE_128 will both be returned to the client. Clients and servers that set NTLMSSP_NEGOTIATE_SEAL SHOULD set NTLMSSP_NEGOTIATE_56
	// if it is supported. An alternate name for this field is NTLMSSP_NEGOTIATE_56.
	NTLMSSP_NEGOTIATE_56
)

func (NegotiateFlag) IsSet

func (f NegotiateFlag) IsSet(flags uint32) bool

func (NegotiateFlag) Set

func (f NegotiateFlag) Set(flags uint32) uint32

func (NegotiateFlag) String

func (f NegotiateFlag) String() string

func (NegotiateFlag) Unset

func (f NegotiateFlag) Unset(flags uint32) uint32

type NegotiateMessage

type NegotiateMessage struct {

	// sig - 8 bytes
	Signature []byte
	// message type - 4 bytes
	MessageType uint32
	// negotiate flags - 4bytes
	NegotiateFlags uint32
	// If the NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED flag is not set in NegotiateFlags,
	// indicating that no DomainName is supplied in Payload  - then this should have Len 0 / MaxLen 0
	// this contains a domain name
	DomainNameFields *PayloadStruct
	// If the NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED flag is not set in NegotiateFlags,
	// indicating that no WorkstationName is supplied in Payload - then this should have Len 0 / MaxLen 0
	WorkstationFields *PayloadStruct
	// version - 8 bytes
	Version *VersionStruct
	// payload - variable
	Payload       []byte
	PayloadOffset int
}

func (*NegotiateMessage) Bytes

func (nm *NegotiateMessage) Bytes() []byte

type NtlmV1Response

type NtlmV1Response struct {
	// 24 byte array
	Response []byte
}

NTLMv1 ******

func ReadNtlmV1Response

func ReadNtlmV1Response(bytes []byte) (*NtlmV1Response, error)

func (*NtlmV1Response) String

func (n *NtlmV1Response) String() string

type NtlmV2ClientChallenge

type NtlmV2ClientChallenge struct {
	// An 8-bit unsigned char that contains the current version of the challenge response type.
	// This field MUST be 0x01.
	RespType byte
	// An 8-bit unsigned char that contains the maximum supported version of the challenge response type.
	// This field MUST be 0x01.
	HiRespType byte
	// A 16-bit unsigned integer that SHOULD be 0x0000 and MUST be ignored on receipt.
	Reserved1 uint16
	// A 32-bit unsigned integer that SHOULD be 0x00000000 and MUST be ignored on receipt.
	Reserved2 uint32
	// A 64-bit unsigned integer that contains the current system time, represented as the number of 100 nanosecond
	// ticks elapsed since midnight of January 1, 1601 (UTC).
	TimeStamp []byte
	// An 8-byte array of unsigned char that contains the client's ClientChallenge (section 3.1.5.1.2).
	ChallengeFromClient []byte
	// A 32-bit unsigned integer that SHOULD be 0x00000000 and MUST be ignored on receipt.
	Reserved3 uint32
	AvPairs   *AvPairs
}

*** NTLMv2 The NTLMv2_CLIENT_CHALLENGE structure defines the client challenge in the AUTHENTICATE_MESSAGE. This structure is used only when NTLM v2 authentication is configured.

func (*NtlmV2ClientChallenge) String

func (n *NtlmV2ClientChallenge) String() string

type NtlmV2Response

type NtlmV2Response struct {
	// A 16-byte array of unsigned char that contains the client's NT challenge- response as defined in section 3.3.2.
	// Response corresponds to the NTProofStr variable from section 3.3.2.
	Response []byte
	// A variable-length byte array that contains the ClientChallenge as defined in section 3.3.2.
	// ChallengeFromClient corresponds to the temp variable from section 3.3.2.
	NtlmV2ClientChallenge *NtlmV2ClientChallenge
}

The NTLMv2_RESPONSE structure defines the NTLMv2 authentication NtChallengeResponse in the AUTHENTICATE_MESSAGE. This response is used only when NTLMv2 authentication is configured.

func ReadNtlmV2Response

func ReadNtlmV2Response(bytes []byte) (*NtlmV2Response, error)

func (*NtlmV2Response) String

func (n *NtlmV2Response) String() string

type NtlmsspMessageSignature

type NtlmsspMessageSignature struct {
	ByteData []byte
	// A 32-bit unsigned integer that contains the signature version. This field MUST be 0x00000001.
	Version []byte
	// A 4-byte array that contains the random pad for the message.
	RandomPad []byte
	// A 4-byte array that contains the checksum for the message.
	CheckSum []byte
	// A 32-bit unsigned integer that contains the NTLM sequence number for this application message.
	SeqNum []byte
}

func (*NtlmsspMessageSignature) Bytes

func (n *NtlmsspMessageSignature) Bytes() []byte

func (*NtlmsspMessageSignature) String

func (n *NtlmsspMessageSignature) String() string

type PayloadStruct

type PayloadStruct struct {
	Type    int
	Len     uint16
	MaxLen  uint16
	Offset  uint32
	Payload []byte
}

func CreateBytePayload

func CreateBytePayload(bytes []byte) (*PayloadStruct, error)

func CreateStringPayload

func CreateStringPayload(value string) (*PayloadStruct, error)

func ReadBytePayload

func ReadBytePayload(startByte int, bytes []byte) (*PayloadStruct, error)

func ReadPayloadStruct

func ReadPayloadStruct(startByte int, bytes []byte, PayloadType int) (*PayloadStruct, error)

func ReadStringPayload

func ReadStringPayload(startByte int, bytes []byte) (*PayloadStruct, error)

func (*PayloadStruct) Bytes

func (p *PayloadStruct) Bytes() []byte

func (*PayloadStruct) String

func (p *PayloadStruct) String() string

type ServerSession

type ServerSession interface {
	SetUserInfo(username string, password string, domain string)
	GetUserInfo() (string, string, string)

	SetMode(mode Mode)
	SetServerChallenge(challege []byte)

	ProcessNegotiateMessage(*NegotiateMessage) error
	GenerateChallengeMessage() (*ChallengeMessage, error)
	ProcessAuthenticateMessage(*AuthenticateMessage) error

	GetSessionData() *SessionData

	Version() int
	Seal(message []byte) ([]byte, error)
	Sign(message []byte) ([]byte, error)
	Mac(message []byte, sequenceNumber int) ([]byte, error)
	VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)
}

func CreateServerSession

func CreateServerSession(version Version, mode Mode) (n ServerSession, err error)

Creates an NTLM v1 or v2 server mode - This must be ConnectionlessMode or ConnectionOrientedMode depending on what type of NTLM is used version - This must be Version1 or Version2 depending on the version of NTLM used

type SessionData

type SessionData struct {
	NegotiateFlags uint32

	ClientSigningKey []byte
	ServerSigningKey []byte
	ClientSealingKey []byte
	ServerSealingKey []byte
	// contains filtered or unexported fields
}

This struct collects NTLM data structures and keys that are used across all types of NTLM requests

type V1ClientSession

type V1ClientSession struct {
	V1Session
}

func (*V1ClientSession) GenerateAuthenticateMessage

func (n *V1ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error)

func (*V1ClientSession) GenerateNegotiateMessage

func (n *V1ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error)

func (*V1ClientSession) Mac

func (n *V1ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V1ClientSession) ProcessChallengeMessage

func (n *V1ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error)

func (*V1ClientSession) VerifyMac

func (n *V1ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V1ServerSession

type V1ServerSession struct {
	V1Session
}

func (*V1ServerSession) GenerateChallengeMessage

func (n *V1ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error)

func (*V1ServerSession) GetSessionData

func (n *V1ServerSession) GetSessionData() *SessionData

func (*V1ServerSession) Mac

func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V1ServerSession) ProcessAuthenticateMessage

func (n *V1ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error)

func (*V1ServerSession) ProcessNegotiateMessage

func (n *V1ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error)

func (*V1ServerSession) SetServerChallenge

func (n *V1ServerSession) SetServerChallenge(challenge []byte)

func (*V1ServerSession) VerifyMac

func (n *V1ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V1Session

type V1Session struct {
	SessionData
}

func (*V1Session) GetUserInfo

func (n *V1Session) GetUserInfo() (string, string, string)

func (*V1Session) Seal

func (n *V1Session) Seal(message []byte) ([]byte, error)

func (*V1Session) SetMode

func (n *V1Session) SetMode(mode Mode)

func (*V1Session) SetUserInfo

func (n *V1Session) SetUserInfo(username string, password string, domain string)

func (*V1Session) Sign

func (n *V1Session) Sign(message []byte) ([]byte, error)

func (*V1Session) Version

func (n *V1Session) Version() int

type V2ClientSession

type V2ClientSession struct {
	V2Session
}

func (*V2ClientSession) GenerateAuthenticateMessage

func (n *V2ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error)

func (*V2ClientSession) GenerateNegotiateMessage

func (n *V2ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error)

func (*V2ClientSession) Mac

func (n *V2ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V2ClientSession) ProcessChallengeMessage

func (n *V2ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error)

func (*V2ClientSession) VerifyMac

func (n *V2ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V2ServerSession

type V2ServerSession struct {
	V2Session
}

func (*V2ServerSession) GenerateChallengeMessage

func (n *V2ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error)

func (*V2ServerSession) GetSessionData

func (n *V2ServerSession) GetSessionData() *SessionData

func (*V2ServerSession) Mac

func (n *V2ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V2ServerSession) ProcessAuthenticateMessage

func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error)

func (*V2ServerSession) ProcessNegotiateMessage

func (n *V2ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error)

func (*V2ServerSession) SetServerChallenge

func (n *V2ServerSession) SetServerChallenge(challenge []byte)

func (*V2ServerSession) VerifyMac

func (n *V2ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V2Session

type V2Session struct {
	SessionData
}

func (*V2Session) GetUserInfo

func (n *V2Session) GetUserInfo() (string, string, string)

func (*V2Session) Seal

func (n *V2Session) Seal(message []byte) ([]byte, error)

func (*V2Session) SetMode

func (n *V2Session) SetMode(mode Mode)

func (*V2Session) SetUserInfo

func (n *V2Session) SetUserInfo(username string, password string, domain string)

func (*V2Session) Sign

func (n *V2Session) Sign(message []byte) ([]byte, error)

func (*V2Session) Version

func (n *V2Session) Version() int

type Version

type Version int
const (
	Version1 Version = 1
	Version2 Version = 2
)

type VersionStruct

type VersionStruct struct {
	ProductMajorVersion uint8
	ProductMinorVersion uint8
	ProductBuild        uint16
	Reserved            []byte
	NTLMRevisionCurrent uint8
}

func ReadVersionStruct

func ReadVersionStruct(structSource []byte) (*VersionStruct, error)

func (*VersionStruct) Bytes

func (v *VersionStruct) Bytes() []byte

func (*VersionStruct) String

func (v *VersionStruct) String() string

Directories

Path Synopsis
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL