📄 ssptest.c
字号:
0,
0, // Reserved 1
SECURITY_NATIVE_DREP,
NULL,
0, // Reserved 2
&ClientContextHandle,
&AuthenticateDesc,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "InitializeSecurityContext (Re-Authenticate): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Now try to re-authenticate the user (ServerSide)
//
AuthenticateBuffer.BufferType |= SECBUFFER_READONLY;
SecStatus = AcceptSecurityContext(
NULL,
&ServerContextHandle,
&AuthenticateDesc,
0,
SECURITY_NATIVE_DREP,
&ServerContextHandle,
NULL,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "AcceptSecurityContext (Re-authenticate): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Impersonate the client (ServerSide)
//
SecStatus = ImpersonateSecurityContext( &ServerContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "ImpersonateSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Do something while impersonating (Access the token)
//
/*
{
NTSTATUS Status;
HANDLE TokenHandle = NULL;
//
// Open the token,
//
Status = NtOpenThreadToken(
NtCurrentThread(),
TOKEN_QUERY,
(BOOLEAN) TRUE, // Not really using the impersonation token
&TokenHandle );
if ( !NT_SUCCESS(Status) ) {
printf( "Access Thread token while impersonating: " );
PrintStatus( Status );
return;
} else {
(VOID) NtClose( TokenHandle );
}
}
*/
//
// RevertToSelf (ServerSide)
//
SecStatus = RevertSecurityContext( &ServerContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "RevertSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Sign a message
//
SecStatus = MakeSignature(
&ClientContextHandle,
0,
&SignMessage,
0 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "MakeSignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf("\n Signature: \n");
DumpBuffer(SigBuffers[1].pvBuffer,SigBuffers[1].cbBuffer);
}
//
// Verify the signature
//
SecStatus = VerifySignature(
&ServerContextHandle,
&SignMessage,
0,
0 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "VerifySignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Sign a message, this time to check if it can detect a change in the
// message
//
SecStatus = MakeSignature(
&ClientContextHandle,
0,
&SignMessage,
0 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "MakeSignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf("\n Signature: \n");
DumpBuffer(SigBuffers[1].pvBuffer,SigBuffers[1].cbBuffer);
}
//
// Mess up the message to see if VerifySignature works
//
bDataBuffer[10] = 0xec;
//
// Verify the signature
//
SecStatus = VerifySignature(
&ServerContextHandle,
&SignMessage,
0,
0 );
if ( SecStatus != SEC_E_MESSAGE_ALTERED ) {
printf( "VerifySignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Delete both contexts.
//
SecStatus = DeleteSecurityContext( &ClientContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "DeleteSecurityContext failed: " );
PrintStatus( SecStatus );
return;
}
SecStatus = DeleteSecurityContext( &ServerContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "DeleteSecurityContext failed: " );
PrintStatus( SecStatus );
return;
}
//
// Free both credential handles
//
SecStatus = FreeCredentialsHandle( &CredentialHandle1 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "FreeCredentialsHandle failed: " );
PrintStatus( SecStatus );
return;
}
SecStatus = FreeCredentialsHandle( &CredentialHandle2 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "FreeCredentialsHandle failed: " );
PrintStatus( SecStatus );
return;
}
//
// Final Cleanup
//
if ( NegotiateBuffer.pvBuffer != NULL ) {
(VOID) LocalFree( NegotiateBuffer.pvBuffer );
}
if ( ChallengeBuffer.pvBuffer != NULL ) {
(VOID) LocalFree( ChallengeBuffer.pvBuffer );
}
if ( AuthenticateBuffer.pvBuffer != NULL ) {
(VOID) LocalFree( AuthenticateBuffer.pvBuffer );
}
}
int __cdecl
main(
IN int argc,
IN char ** argv
)
/*++
Routine Description:
Drive the NtLmSsp service
Arguments:
argc - the number of command-line arguments.
argv - an array of pointers to the arguments.
Return Value:
Exit status
--*/
{
LPSTR argument;
int i;
ULONG j;
ULONG Iterations;
LPWSTR DomainName = NULL;
LPWSTR UserName = NULL;
LPWSTR Password = NULL;
enum {
NoAction,
ConfigureService,
#define CONFIG_PARAM "/ConfigureService"
TestLpc,
#define TESTLPC_PARAM "/TestLpc"
#define TESTLPC2_PARAM "/TestLpc:"
} Action = NoAction;
#define QUIET_PARAM "/Q"
//
// Loop through the arguments handle each in turn
//
for ( i=1; i<argc; i++ ) {
argument = argv[i];
//
// Handle /TestLpc
//
if ( _stricmp( argument, TESTLPC_PARAM ) == 0 ) {
if ( Action != NoAction ) {
goto Usage;
}
Action = TestLpc;
Iterations = 1;
//
// Handle /TestLpc:
//
} else if ( _strnicmp( argument,
TESTLPC2_PARAM,
sizeof(TESTLPC2_PARAM)-1 ) == 0 ){
char *end;
if ( Action != NoAction ) {
goto Usage;
}
Action = TestLpc;
Iterations = strtoul( &argument[sizeof(TESTLPC2_PARAM)-1], &end, 10 );
i++;
if ( i < argc ) {
argument = argv[i];
DomainName = NetpAllocWStrFromStr( argument );
i++;
if ( i < argc ) {
argument = argv[i];
UserName = NetpAllocWStrFromStr( argument );
i++;
if ( i < argc ) {
argument = argv[i];
Password = NetpAllocWStrFromStr( argument );
}
}
}
} else {
//
// Handle all other parameters
//
Usage:
fprintf( stderr, "Usage: ssptest [/OPTIONS]\n\n" );
fprintf(
stderr,
"\n"
" " TESTLPC_PARAM "[:<iterations> <DomainName> <UserName> <Password>] - Test basic LPC to NtLmSsp service.\n"
" " QUIET_PARAM " - Don't be so verbose\n"
"\n"
"\n" );
return(1);
}
}
//
// Perform the action requested
//
switch ( Action ) {
case TestLpc: {
for ( j=0; j<Iterations ; j++ ) {
TestLpcRoutine( DomainName, UserName, Password );
}
break;
}
}
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -