📄 ntlmutilities.java
字号:
public final static byte[] extractChallengeFromType2Message(byte[] msg) { byte[] challenge = new byte[8]; System.arraycopy(msg, 24, challenge, 0, 8); return challenge; } public final static int extractFlagsFromType2Message(byte[] msg) { byte[] flagsBytes = new byte[4]; System.arraycopy(msg, 20, flagsBytes, 0, 4); ByteUtilities.changeWordEndianess(flagsBytes, 0, 4); return ByteUtilities.makeIntFromByte4(flagsBytes); } public final static String extractTargetNameFromType2Message(byte[] msg, Integer msgFlags) throws UnsupportedEncodingException { byte[] targetName = null; // Read security buffer byte[] securityBuffer = new byte[8]; System.arraycopy(msg, 12, securityBuffer, 0, 8); ByteUtilities.changeWordEndianess(securityBuffer, 0, 8); int length = ByteUtilities.makeIntFromByte2(securityBuffer); int offset = ByteUtilities.makeIntFromByte4(securityBuffer, 4); targetName = new byte[length]; System.arraycopy(msg, offset, targetName, 0, length); int flags = msgFlags == null ? extractFlagsFromType2Message(msg) : msgFlags; if (ByteUtilities.isFlagSet(flags, FLAG_NEGOTIATE_UNICODE)) { return new String(targetName, "UTF-16LE"); } else { return new String(targetName, "ASCII"); } } public final static byte[] extractTargetInfoFromType2Message(byte[] msg, Integer msgFlags) { int flags = msgFlags == null ? extractFlagsFromType2Message(msg) : msgFlags; byte[] targetInformationBlock = null; if (!ByteUtilities.isFlagSet(flags, FLAG_NEGOTIATE_TARGET_INFO)) return null; int pos = 40; //isFlagSet(flags, FLAG_NEGOTIATE_LOCAL_CALL) ? 40 : 32; // Read security buffer byte[] securityBuffer = new byte[8]; System.arraycopy(msg, pos, securityBuffer, 0, 8); ByteUtilities.changeWordEndianess(securityBuffer, 0, 8); int length = ByteUtilities.makeIntFromByte2(securityBuffer); int offset = ByteUtilities.makeIntFromByte4(securityBuffer, 4); targetInformationBlock = new byte[length]; System.arraycopy(msg, offset, targetInformationBlock, 0, length); return targetInformationBlock; } public final static void printTargetInformationBlockFromType2Message( byte[] msg, Integer msgFlags, PrintWriter out) throws UnsupportedEncodingException { int flags = msgFlags == null ? extractFlagsFromType2Message(msg) : msgFlags; byte[] infoBlock = extractTargetInfoFromType2Message(msg, flags); if (infoBlock == null) { out.println("No target information block found !"); } else { int pos = 0; while (infoBlock[pos] != 0) { out.print("---\nType " + infoBlock[pos] + ": "); switch (infoBlock[pos]) { case 1: out.println("Server name"); break; case 2: out.println("Domain name"); break; case 3: out.println("Fully qualified DNS hostname"); break; case 4: out.println("DNS domain name"); break; case 5: out.println("Parent DNS domain name"); break; } byte[] len = new byte[2]; System.arraycopy(infoBlock, pos + 2, len, 0, 2); ByteUtilities.changeByteEndianess(len, 0, 2); int length = ByteUtilities.makeIntFromByte2(len, 0); out.println("Length: " + length + " bytes"); out.print("Data: "); if (ByteUtilities.isFlagSet(flags, FLAG_NEGOTIATE_UNICODE)) { out.println(new String(infoBlock, pos + 4, length, "UTF-16LE")); } else { out .println(new String(infoBlock, pos + 4, length, "ASCII")); } pos += 4 + length; out.flush(); } } } /** * http://davenport.sourceforge.net/ntlm.html#theType3Message */ public final static byte[] createType3Message(String user, String password, byte[] challenge, String target, String workstation, Integer serverFlags, byte[] osVersion) { byte[] msg = null; if (challenge == null || challenge.length != 8) { throw new IllegalArgumentException( "challenge[] should be a 8 byte wide array"); } if (osVersion != null && osVersion.length != 8) { throw new IllegalArgumentException( "osVersion should be a 8 byte wide array"); } //TOSEE breaks tests /*int flags = serverFlags != null ? serverFlags | FLAG_NEGOTIATE_WORKSTATION_SUPPLIED | FLAG_NEGOTIATE_DOMAIN_SUPPLIED : DEFAULT_FLAGS;*/ int flags = serverFlags != null ? serverFlags : DEFAULT_FLAGS; ByteArrayOutputStream baos = new ByteArrayOutputStream(); try { baos.write(NTLM_SIGNATURE); baos.write(ByteUtilities.writeInt(MESSAGE_TYPE_3)); byte[] dataLMResponse = NTLMResponses.getLMResponse(password, challenge); byte[] dataNTLMResponse = NTLMResponses.getNTLMResponse(password, challenge); boolean useUnicode = ByteUtilities.isFlagSet(flags, FLAG_NEGOTIATE_UNICODE); byte[] targetName = ByteUtilities.encodeString(target, useUnicode); byte[] userName = ByteUtilities.encodeString(user, useUnicode); byte[] workstationName = ByteUtilities.encodeString(workstation, useUnicode); int pos = osVersion != null ? 72 : 64; int responsePos = pos + targetName.length + userName.length + workstationName.length; responsePos = writeSecurityBufferAndUpdatePointer(baos, (short) dataLMResponse.length, responsePos); writeSecurityBufferAndUpdatePointer(baos, (short) dataNTLMResponse.length, responsePos); pos = writeSecurityBufferAndUpdatePointer(baos, (short) targetName.length, pos); pos = writeSecurityBufferAndUpdatePointer(baos, (short) userName.length, pos); writeSecurityBufferAndUpdatePointer(baos, (short) workstationName.length, pos); /** LM/LMv2 Response security buffer 20 NTLM/NTLMv2 Response security buffer 28 Target Name security buffer 36 User Name security buffer 44 Workstation Name security buffer (52) Session Key (optional) security buffer (60) Flags (optional) long (64) OS Version Structure (Optional) 8 bytes **/ baos.write(new byte[] { 0, 0, 0, 0, (byte) 0x9a, 0, 0, 0 }); // Session Key Security Buffer ??! baos.write(ByteUtilities.writeInt(flags)); if (osVersion != null) { baos.write(osVersion); } //else // baos.write(DEFAULT_OS_VERSION); // Order is not mandatory since a pointer is given in the security buffers baos.write(targetName); baos.write(userName); baos.write(workstationName); baos.write(dataLMResponse); baos.write(dataNTLMResponse); msg = baos.toByteArray(); baos.close(); } catch (Exception e) { e.printStackTrace(); return null; } return msg; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -