Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/ntlm_auth/compute_hash.py: 87%

31 statements  

« prev     ^ index     » next       coverage.py v7.3.1, created at 2023-09-25 07:03 +0000

1# Copyright: (c) 2018, Jordan Borean (@jborean93) <jborean93@gmail.com> 

2# MIT License (see LICENSE or https://opensource.org/licenses/MIT) 

3 

4import binascii 

5import hashlib 

6import hmac 

7import re 

8 

9from ntlm_auth.des import DES 

10 

11 

12def _lmowfv1(password): 

13 """ 

14 [MS-NLMP] v28.0 2016-07-14 

15 

16 3.3.1 NTLM v1 Authentication 

17 Same function as LMOWFv1 in document to create a one way hash of the 

18 password. Only used in NTLMv1 auth without session security 

19 

20 :param password: The password or hash of the user we are trying to 

21 authenticate with 

22 :return res: A Lan Manager hash of the password supplied 

23 """ 

24 # if the password is a hash, return the LM hash 

25 if re.match(r'^[a-fA-F\d]{32}:[a-fA-F\d]{32}$', password): 

26 lm_hash = binascii.unhexlify(password.split(':')[0]) 

27 return lm_hash 

28 

29 # fix the password to upper case and length to 14 bytes 

30 password = password.upper() 

31 lm_pw = password.encode('utf-8') 

32 padding_size = 0 if len(lm_pw) >= 14 else (14 - len(lm_pw)) 

33 lm_pw += b"\x00" * padding_size 

34 

35 # do hash 

36 magic_str = b"KGS!@#$%" # page 56 in [MS-NLMP v28.0] 

37 

38 res = b"" 

39 dobj = DES(DES.key56_to_key64(lm_pw[0:7])) 

40 res += dobj.encrypt(magic_str) 

41 

42 dobj = DES(DES.key56_to_key64(lm_pw[7:14])) 

43 res += dobj.encrypt(magic_str) 

44 

45 return res 

46 

47 

48def _ntowfv1(password): 

49 """ 

50 [MS-NLMP] v28.0 2016-07-14 

51 

52 3.3.1 NTLM v1 Authentication 

53 Same function as NTOWFv1 in document to create a one way hash of the 

54 password. Only used in NTLMv1 auth without session security 

55 

56 :param password: The password or hash of the user we are trying to 

57 authenticate with 

58 :return digest: An NT hash of the password supplied 

59 """ 

60 

61 # if the password is a hash, return the NT hash 

62 if re.match(r'^[a-fA-F\d]{32}:[a-fA-F\d]{32}$', password): 

63 nt_hash = binascii.unhexlify(password.split(':')[1]) 

64 return nt_hash 

65 

66 digest = hashlib.new('md4', password.encode('utf-16-le')).digest() 

67 return digest 

68 

69 

70def _ntowfv2(user_name, password, domain_name): 

71 """ 

72 [MS-NLMP] v28.0 2016-07-14 

73 

74 3.3.2 NTLM v2 Authentication 

75 Same function as NTOWFv2 (and LMOWFv2) in document to create a one way hash 

76 of the password. This combines some extra security features over the v1 

77 calculations used in NTLMv2 auth. 

78 

79 :param user_name: The user name of the user we are trying to authenticate 

80 with 

81 :param password: The password of the user we are trying to authenticate 

82 with 

83 :param domain_name: The domain name of the user account we are 

84 authenticated with 

85 :return digest: An NT hash of the parameters supplied 

86 """ 

87 digest = _ntowfv1(password) 

88 user = (user_name.upper() + domain_name).encode('utf-16-le') 

89 digest = hmac.new(digest, user, digestmod=hashlib.md5).digest() 

90 

91 return digest