Coverage for /private/tmp/im/impacket/impacket/spnego.py : 54%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # Author: Alberto Solino (beto@coresecurity.com) # # Description: # SPNEGO functions used by SMB, SMB2/3 and DCERPC #
############### GSS Stuff ################ b'+\x06\x01\x04\x01\x827\x02\x02\n': 'NTLMSSP - Microsoft NTLM Security Support Provider', b'*\x86H\x82\xf7\x12\x01\x02\x02': 'MS KRB5 - Microsoft Kerberos 5', b'*\x86H\x86\xf7\x12\x01\x02\x02': 'KRB5 - Kerberos 5', b'*\x86H\x86\xf7\x12\x01\x02\x02\x03': 'KRB5 - Kerberos 5 - User to User', b'\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism' }
#res = asn1.SEQUENCE(str).encode() #import binascii #print '\nalex asn1encode str: %s\n' % binascii.hexlify(str) res = pack('BB', 0x81, len(data)) + data elif 0x10000 <= len(data) <= 0xffffff: res = pack('!BBH', 0x83, len(data) >> 16, len(data) & 0xFFFF) + data elif 0x1000000 <= len(data) <= 0xffffffff: res = pack('!BL', 0x84, len(data)) + data else: raise Exception('Error in asn1encode')
pad = calcsize('B') + calcsize('!H') len2, len3 = unpack('!BH', data[:pad]) data = data[pad:] ans = data[:len2 << 16 + len3] pad = calcsize('!L') len2 = unpack('!L', data[:pad])[0] data = data[pad:] ans = data[:len2] # 1 byte length, string <= 0x7F else:
# Generic GSSAPI Header Format self.fromString(data)
del self.fields[key]
return len(self.getData())
# Manual parse of the GSSAPI Header Format # It should be something like # AID = 0x60 TAG, BER Length # OID = 0x06 TAG # GSSAPI OID # UUID data (BER Encoded) # Payload next_byte = unpack('B',data[:1])[0] if next_byte != ASN1_AID: raise Exception('Unknown AID=%x' % next_byte) data = data[1:] decode_data, total_bytes = asn1decode(data) # Now we should have a OID tag next_byte = unpack('B',decode_data[:1])[0] if next_byte != ASN1_OID: raise Exception('OID tag not found %x' % next_byte) decode_data = decode_data[1:] # Now the OID contents, should be SPNEGO UUID uuid, total_bytes = asn1decode(decode_data) self['OID'] = uuid # the rest should be the data self['Payload'] = decode_data[total_bytes:] #pass
for i in list(self.fields.keys()): print("%s: {%r}" % (i,self[i]))
pack('B',ASN1_OID) + asn1encode(self['UUID']) + self['Payload'] )
# https://tools.ietf.org/html/rfc4178#page-9 # NegTokenResp ::= SEQUENCE { # negState [0] ENUMERATED { # accept-completed (0), # accept-incomplete (1), # reject (2), # request-mic (3) # } OPTIONAL, # -- REQUIRED in the first reply from the target # supportedMech [1] MechType OPTIONAL, # -- present only in the first reply from the target # responseToken [2] OCTET STRING OPTIONAL, # mechListMIC [3] OCTET STRING OPTIONAL, # ... # } # This structure is not prepended by a GSS generic header!
del self.fields[key]
return self.getData()
raise Exception('NegTokenResp not found %x' % next_byte) raise Exception('SEQUENCE tag not found %x' % next_byte)
# MechType not found, could be an AUTH answer if next_byte != ASN1_RESPONSE_TOKEN: raise Exception('MechType/ResponseToken tag not found %x' % next_byte) else: raise Exception('Enumerated tag not found %x' % next_byte)
# Do we have more data? return
if next_byte != ASN1_RESPONSE_TOKEN: raise Exception('Supported Mech/ResponseToken tag not found %x' % next_byte) else: raise Exception('OID tag not found %x' % next_byte)
raise Exception('Response token tag not found %x' % next_byte)
raise Exception('Octet string token tag not found %x' % next_byte)
for i in list(self.fields.keys()): print("%s: {%r}" % (i,self[i])) # Server resp ans += asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode( pack('B',SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_TARG) + asn1encode( pack('B',ASN1_ENUMERATED) + asn1encode( self['NegResult'] )) + pack('B',ASN1_SUPPORTED_MECH) + asn1encode( pack('B',ASN1_OID) + asn1encode(self['SupportedMech'])) + pack('B',ASN1_RESPONSE_TOKEN ) + asn1encode( pack('B', ASN1_OCTET_STRING) + asn1encode(self['ResponseToken'])))) # Server resp ans += asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode( pack('B', SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_TARG) + asn1encode( pack('B',ASN1_ENUMERATED) + asn1encode( self['NegResult'] )))) else: # Client resp pack('B', ASN1_SEQUENCE) + asn1encode( pack('B', ASN1_RESPONSE_TOKEN) + asn1encode( pack('B', ASN1_OCTET_STRING) + asn1encode(self['ResponseToken']))))
# https://tools.ietf.org/html/rfc4178#page-8 # NegTokeInit :: = SEQUENCE { # mechTypes [0] MechTypeList, # reqFlags [1] ContextFlags OPTIONAL, # mechToken [2] OCTET STRING OPTIONAL, # mechListMIC [3] OCTET STRING OPTIONAL, # } GSSAPI.fromString(self, data) payload = self['Payload'] next_byte = unpack('B', payload[:1])[0] if next_byte != SPNEGO_NegTokenInit.SPNEGO_NEG_TOKEN_INIT: raise Exception('NegTokenInit not found %x' % next_byte) payload = payload[1:] decode_data, total_bytes = asn1decode(payload) # Now we should have a SEQUENCE Tag next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_SEQUENCE: raise Exception('SEQUENCE tag not found %x' % next_byte) decode_data = decode_data[1:] decode_data, total_bytes2 = asn1decode(decode_data) next_byte = unpack('B',decode_data[:1])[0] if next_byte != ASN1_MECH_TYPE: raise Exception('MechType tag not found %x' % next_byte) decode_data = decode_data[1:] remaining_data = decode_data decode_data, total_bytes3 = asn1decode(decode_data) next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_SEQUENCE: raise Exception('SEQUENCE tag not found %x' % next_byte) decode_data = decode_data[1:] decode_data, total_bytes4 = asn1decode(decode_data) # And finally we should have the MechTypes self['MechTypes'] = [] while decode_data: next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_OID: # Not a valid OID, there must be something else we won't unpack break decode_data = decode_data[1:] item, total_bytes = asn1decode(decode_data) self['MechTypes'].append(item) decode_data = decode_data[total_bytes:]
# Do we have MechTokens as well? decode_data = remaining_data[total_bytes3:] if len(decode_data) > 0: next_byte = unpack('B', decode_data[:1])[0] if next_byte == ASN1_MECH_TOKEN: # We have tokens in here! decode_data = decode_data[1:] decode_data, total_bytes = asn1decode(decode_data) next_byte = unpack('B', decode_data[:1])[0] if next_byte == ASN1_OCTET_STRING: decode_data = decode_data[1:] decode_data, total_bytes = asn1decode(decode_data) self['MechToken'] = decode_data
# Do we have tokens to send? pack('B', ASN1_OCTET_STRING) + asn1encode( self['MechToken']))
pack('B', ASN1_SEQUENCE) + asn1encode( pack('B', ASN1_MECH_TYPE) + asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode(mechTypes)) + mechToken ))
|