Created
May 11, 2020 08:08
-
-
Save Harish2997/3519df211c5810c008a053f46a17216a to your computer and use it in GitHub Desktop.
NTLM V2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
import socket | |
from ntlm_auth.ntlm import NtlmContext | |
username = 'User' | |
password = 'Password' | |
domain = 'Domain' # Can be blank if you are not in a domain | |
workstation = socket.gethostname().upper() # Can be blank if you wish to not send this info | |
# create the CBT struct if you wish to bind it with the auth response | |
server_certificate_hash = '96B2FC1EC30792619286A0C7FD62863E81A6564E72829CBC0A46F7B1D5D92A18' | |
certificate_digest = base64.b16decode(server_certificate_hash) | |
cbt_data = GssChannelBindingsStruct() | |
cbt_data[cbt_data.APPLICATION_DATA] = b'tls-server-end-point:' + certificate_digest | |
ntlm_context = NtlmContext(username, password, domain, workstation, cbt_data, ntlm_compatibility=3) | |
negotiate_message = ntlm_context.step() | |
# Attach the negotiate_message to your NTLM/NEGOTIATE HTTP header and send to the server. Get the challenge response back from the server | |
challenge_message = http.response.headers['HEADERFIELD'] | |
authenticate_message = ntlm_context.step(challenge_message) | |
# Attach the authenticate_message ot your NTLM_NEGOTIATE HTTP header and send to the server. You are now authenticated with NTLMv1 | |
# Encrypt the message with the wrapping function and send the message | |
enc_message = ntlm_context.wrap("Message to send", encrypt=True) | |
request.body = msg_data | |
request.send | |
# Receive the response from the server and decrypt | |
response_msg = response.content | |
response = ntlm_context.unwrap(response_msg) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment