[PATCH] Allow to specify password of schannel encypted dialog in the NTLMSSP field
Matthieu Patou
mat at matws.net
Thu Jan 21 00:59:58 MST 2010
---
epan/dissectors/packet-dcerpc-netlogon.c | 45 +++++++++++++++++++++++++++--
epan/dissectors/packet-ntlmssp.c | 2 +-
2 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/epan/dissectors/packet-dcerpc-netlogon.c b/epan/dissectors/packet-dcerpc-netlogon.c
index 6f5dd52..9b56561 100644
--- a/epan/dissectors/packet-dcerpc-netlogon.c
+++ b/epan/dissectors/packet-dcerpc-netlogon.c
@@ -47,9 +47,10 @@
#include <epan/crypt/crypt-md5.h>
#include <epan/crypt/crypt-des.h>
+extern const char *gbl_nt_password;
#ifdef DEBUG_NETLOGON
#include <stdio.h>
-#define debugfprintf(...) fprintf(stderr,__VA_ARGS__)
+#define debugprintf(...) fprintf(stderr,__VA_ARGS__)
static void printnbyte(const guint8* tab,int nb,char* txt,char* txt2)
{
int i=0;
@@ -6815,30 +6816,66 @@ netlogon_dissect_netrserverauthenticate3_rqst(tvbuff_t *tvb, int offset,
return offset;
}
-static guint32 get_keytab_as_list(md4_pass **p_pass_list)
+static void str_to_unicode(const char *nt_password, char *nt_password_unicode)
+{
+ size_t password_len = 0;
+ size_t i;
+
+ password_len = strlen(nt_password);
+ if(nt_password_unicode != NULL)
+ {
+ for(i=0;i<(password_len);i++)
+ {
+ nt_password_unicode[i*2]=nt_password[i];
+ nt_password_unicode[i*2+1]=0;
+ }
+ nt_password_unicode[2*password_len]='\0';
+ }
+}
+
+static guint32 get_keytab_as_list(md4_pass **p_pass_list,const char* ntlm_pass )
{
#ifdef HAVE_KERBEROS
enc_key_t *ek;
md4_pass* pass_list;
+ md4_pass ntlm_pass_hash;
int i = 0;
guint32 nb_pass = 0;
+ char ntlm_pass_unicode[258];
+ int add_ntlm = 0;
+ int password_len;
if(!krb_decrypt){
*p_pass_list=NULL;
return 0;
}
read_keytab_file_from_preferences();
+ memset(ntlm_pass_hash.md4,0,sizeof(md4_pass));
for(ek=enc_key_list;ek;ek=ek->next){
if( ek->keylength == 16 ) {
nb_pass++;
}
}
+
+ if (ntlm_pass[0] != '\0' && ( strlen(ntlm_pass) < 129 )) {
+ nb_pass++;
+ debugprintf("Password: %s\n",ntlm_pass);
+ password_len = strlen(ntlm_pass);
+ str_to_unicode(ntlm_pass,ntlm_pass_unicode);
+ crypt_md4(ntlm_pass_hash.md4,ntlm_pass_unicode,password_len*2);
+ printnbyte(ntlm_pass_hash.md4,16,"Hash of the NT pass: ","\n");
+ add_ntlm = 0;
+ }
+
*p_pass_list = ep_alloc(nb_pass*sizeof(md4_pass));
pass_list=*p_pass_list;
+ if(add_ntlm) {
+ memcpy(pass_list[0].md4,&(ntlm_pass_hash.md4),sizeof(md4_pass));
+ i++;
+ }
for(ek=enc_key_list;ek;ek=ek->next){
- /*debugprintf("Type %x, len %d, orig: %s\n",ek->keytype,ek->keylength,ek->key_origin);*/
if( ek->keylength == 16 ) {
memcpy(pass_list[i].md4,ek->keyvalue,16);
i++;
@@ -6895,7 +6932,7 @@ netlogon_dissect_netrserverauthenticate3_reply(tvbuff_t *tvb, int offset,
vars->flags = flags;
vars->can_decrypt = FALSE;
- list_size = get_keytab_as_list(&pass_list);
+ list_size = get_keytab_as_list(&pass_list,gbl_nt_password);
debugprintf("Found %d passwords \n",list_size);
if( flags & NETLOGON_FLAG_STRONGKEY ) {
guint8 zeros[4];
diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c
index d80ad2e..bde4531 100644
--- a/epan/dissectors/packet-ntlmssp.c
+++ b/epan/dissectors/packet-ntlmssp.c
@@ -247,7 +247,7 @@ static gint ett_ntlmssp_ntlmv2_response = -1;
static gint ett_ntlmssp_ntlmv2_response_name = -1;
/* Configuration variables */
-static const char *gbl_nt_password = NULL;
+const char *gbl_nt_password = NULL;
#define MAX_BLOB_SIZE 256
typedef struct _ntlmssp_blob {
--
1.6.3.3
--------------020609080200030906020803--
More information about the samba-technical
mailing list