github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-08-19 21:03:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed bug in hash parsing.

Browse source
This commit is contained in:
lgandx 2016-10-09 22:20:06 -03:00
commit 0cf1087010
1 changed files with 21 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

52
servers/SMB.py
View file

@ -89,32 +89,22 @@ def GrabSessionID(data):
return SessionID return SessionID
def ParseSMBHash(data,client): #Parse SMB NTLMSSP v1/v2 def ParseSMBHash(data,client): #Parse SMB NTLMSSP v1/v2
SecBlobLen = struct.unpack('<H',data[51:53])[0] SSPIStart = data.find('NTLMSSP')
BccLen = struct.unpack('<H',data[61:63])[0] SSPIString = data[SSPIStart:]
LMhashLen = struct.unpack('<H',data[SSPIStart+14:SSPIStart+16])[0]
if SecBlobLen < 260: LMhashOffset = struct.unpack('<H',data[SSPIStart+16:SSPIStart+18])[0]
SSPIStart = data[75:] LMHash = SSPIString[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper()
LMhashLen = struct.unpack('<H',data[89:91])[0] NthashLen = struct.unpack('<H',data[SSPIStart+20:SSPIStart+22])[0]
LMhashOffset = struct.unpack('<H',data[91:93])[0] NthashOffset = struct.unpack('<H',data[SSPIStart+24:SSPIStart+26])[0]
LMHash = SSPIStart[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper()
NthashLen = struct.unpack('<H',data[97:99])[0]
NthashOffset = struct.unpack('<H',data[99:101])[0]
else:
SSPIStart = data[79:]
LMhashLen = struct.unpack('<H',data[93:95])[0]
LMhashOffset = struct.unpack('<H',data[95:97])[0]
LMHash = SSPIStart[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper()
NthashLen = struct.unpack('<H',data[101:103])[0]
NthashOffset = struct.unpack('<H',data[103:105])[0]
if NthashLen == 24: if NthashLen == 24:
SMBHash = SSPIStart[NthashOffset:NthashOffset+NthashLen].encode("hex").upper() SMBHash = SSPIString[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()
DomainLen = struct.unpack('<H',data[105:107])[0] DomainLen = struct.unpack('<H',SSPIString[30:32])[0]
DomainOffset = struct.unpack('<H',data[107:109])[0] DomainOffset = struct.unpack('<H',SSPIString[32:34])[0]
Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].decode('UTF-16LE') Domain = SSPIString[DomainOffset:DomainOffset+DomainLen].decode('UTF-16LE')
UserLen = struct.unpack('<H',data[113:115])[0] UserLen = struct.unpack('<H',SSPIString[38:40])[0]
UserOffset = struct.unpack('<H',data[115:117])[0] UserOffset = struct.unpack('<H',SSPIString[40:42])[0]
Username = SSPIStart[UserOffset:UserOffset+UserLen].decode('UTF-16LE') Username = SSPIString[UserOffset:UserOffset+UserLen].decode('UTF-16LE')
WriteHash = '%s::%s:%s:%s:%s' % (Username, Domain, LMHash, SMBHash, settings.Config.NumChal) WriteHash = '%s::%s:%s:%s:%s' % (Username, Domain, LMHash, SMBHash, settings.Config.NumChal)
SaveToDb({ SaveToDb({
@ -127,13 +117,13 @@ def ParseSMBHash(data,client): #Parse SMB NTLMSSP v1/v2
}) })
if NthashLen > 60: if NthashLen > 60:
SMBHash = SSPIStart[NthashOffset:NthashOffset+NthashLen].encode("hex").upper() SMBHash = SSPIString[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()
DomainLen = struct.unpack('<H',data[109:111])[0] DomainLen = struct.unpack('<H',SSPIString[30:32])[0]
DomainOffset = struct.unpack('<H',data[111:113])[0] DomainOffset = struct.unpack('<H',SSPIString[32:34])[0]
Domain = SSPIStart[DomainOffset:DomainOffset+DomainLen].decode('UTF-16LE') Domain = SSPIString[DomainOffset:DomainOffset+DomainLen].decode('UTF-16LE')
UserLen = struct.unpack('<H',data[117:119])[0] UserLen = struct.unpack('<H',SSPIString[38:40])[0]
UserOffset = struct.unpack('<H',data[119:121])[0] UserOffset = struct.unpack('<H',SSPIString[40:42])[0]
Username = SSPIStart[UserOffset:UserOffset+UserLen].decode('UTF-16LE') Username = SSPIString[UserOffset:UserOffset+UserLen].decode('UTF-16LE')
WriteHash = '%s::%s:%s:%s:%s' % (Username, Domain, settings.Config.NumChal, SMBHash[:32], SMBHash[32:]) WriteHash = '%s::%s:%s:%s:%s' % (Username, Domain, settings.Config.NumChal, SMBHash[:32], SMBHash[32:])
SaveToDb({ SaveToDb({