RedTeamOperations
diff --git a/‎pivot_suite/ntlm_auth/U32.py
+156 b/‎pivot_suite/ntlm_auth/U32.py
+156
diff --git a/‎pivot_suite/ntlm_auth/__init__.py
+3 b/‎pivot_suite/ntlm_auth/__init__.py
+3
diff --git a/‎pivot_suite/ntlm_auth/compute_hash.py
+85 b/‎pivot_suite/ntlm_auth/compute_hash.py
+85
diff --git a/‎pivot_suite/ntlm_auth/compute_keys.py
+138 b/‎pivot_suite/ntlm_auth/compute_keys.py
+138
@@ -0,0 +1,156 @@
+# This file is part of 'NTLM Authorization Proxy Server' http://sourceforge.net/projects/ntlmaps/
+# Copyright 2001 Dmitry A. Rozmanov <dima@xenon.spb.ru>
+#
+# This library is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see <http://www.gnu.org/licenses/> or <http://www.gnu.org/licenses/lgpl.txt>.
+
+from __future__ import division
+import six
+
+C = 0x1000000000
+
+
+def norm(n):
+    return n & 0xFFFFFFFF
+
+
+class U32:
+    v = 0
+
+    def __init__(self, value=0):
+        if not isinstance(value, six.integer_types):
+            value = six.byte2int(value)
+
+        self.v = C + norm(abs(int(value)))
+
+    def set(self, value=0):
+        self.v = C + norm(abs(int(value)))
+
+    def __repr__(self):
+        return hex(norm(self.v))
+
+    def __long__(self):
+        return int(norm(self.v))
+
+    def __int__(self):
+        return int(norm(self.v))
+
+    def __chr__(self):
+        return chr(norm(self.v))
+
+    def __add__(self, b):
+        r = U32()
+        r.v = C + norm(self.v + b.v)
+        return r
+
+    def __sub__(self, b):
+        r = U32()
+        if self.v < b.v:
+            r.v = C + norm(0x100000000 - (b.v - self.v))
+        else:
+            r.v = C + norm(self.v - b.v)
+        return r
+
+    def __mul__(self, b):
+        r = U32()
+        r.v = C + norm(self.v * b.v)
+        return r
+
+    def __div__(self, b):
+        r = U32()
+        r.v = C + (norm(self.v) // norm(b.v))
+        return r
+
+    def __truediv__(self, b):
+        r = U32()
+        r.v = C + (norm(self.v) / norm(b.v))
+        return r
+
+    def __mod__(self, b):
+        r = U32()
+        r.v = C + (norm(self.v) % norm(b.v))
+        return r
+
+    def __neg__(self):
+        return U32(self.v)
+
+    def __pos__(self):
+        return U32(self.v)
+
+    def __abs__(self):
+        return U32(self.v)
+
+    def __invert__(self):
+        r = U32()
+        r.v = C + norm(~self.v)
+        return r
+
+    def __lshift__(self, b):
+        r = U32()
+        r.v = C + norm(self.v << b)
+        return r
+
+    def __rshift__(self, b):
+        r = U32()
+        r.v = C + (norm(self.v) >> b)
+        return r
+
+    def __and__(self, b):
+        r = U32()
+        r.v = C + norm(self.v & b.v)
+        return r
+
+    def __or__(self, b):
+        r = U32()
+        r.v = C + norm(self.v | b.v)
+        return r
+
+    def __xor__(self, b):
+        r = U32()
+        r.v = C + norm(self.v ^ b.v)
+        return r
+
+    def __not__(self):
+        return U32(not norm(self.v))
+
+    def truth(self):
+        return norm(self.v)
+
+    def __cmp__(self, b):
+        if norm(self.v) > norm(b.v):
+            return 1
+        elif norm(self.v) < norm(b.v):
+            return -1
+        else:
+            return 0
+
+    def __lt__(self, other):
+        return self.v < other.v
+
+    def __gt__(self, other):
+        return self.v > other.v
+
+    def __eq__(self, other):
+        return self.v == other.v
+
+    def __le__(self, other):
+        return self.v <= other.v
+
+    def __ge__(self, other):
+        return self.v >= other.v
+
+    def __ne__(self, other):
+        return self.v != other.v
+
+    def __nonzero__(self):
+        return norm(self.v)
@@ -0,0 +1,3 @@
+from . import ntlm, session_security
+
+__all__ = ('ntlm', 'session_security')
@@ -0,0 +1,85 @@
+# This library is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see <http://www.gnu.org/licenses/> or <http://www.gnu.org/licenses/lgpl.txt>.
+
+import binascii
+import hashlib
+import hmac
+import re
+from ntlm_auth import des
+
+
+def _lmowfv1(password, lmhash):
+    """
+    [MS-NLMP] v28.0 2016-07-14
+
+    3.3.1 NTLM v1 Authentication
+    Same function as LMOWFv1 in document to create a one way hash of the password. Only
+    used in NTLMv1 auth without session security
+
+    :param password: The password of the user we are trying to authenticate with
+    :return res: A Lan Manager hash of the password supplied
+    """
+
+    # fix the password length to 14 bytes
+    if lmhash is not None:
+        return lmhash.decode('hex')
+
+    password = password.upper()
+    lm_pw = password[0:14]
+
+    # do hash
+    magic_str = b"KGS!@#$%"  # page 56 in [MS-NLMP v28.0]
+
+    res = b''
+    dobj = des.DES(lm_pw[0:7])
+    res = res + dobj.encrypt(magic_str)
+
+    dobj = des.DES(lm_pw[7:14])
+    res = res + dobj.encrypt(magic_str)
+    return res
+
+def _ntowfv1(password, nthash):
+    """
+    [MS-NLMP] v28.0 2016-07-14
+
+    3.3.1 NTLM v1 Authentication
+    Same function as NTOWFv1 in document to create a one way hash of the password. Only
+    used in NTLMv1 auth without session security
+
+    :param password: The password of the user we are trying to authenticate with
+    :return digest: An NT hash of the password supplied
+    """
+    if nthash is not None:
+        return nthash.decode('hex')
+
+    digest = hashlib.new('md4', password.encode('utf-16le')).digest()
+    return digest
+
+def _ntowfv2(user_name, password, nthash, domain_name):
+    """
+    [MS-NLMP] v28.0 2016-07-14
+
+    3.3.2 NTLM v2 Authentication
+    Same function as NTOWFv2 (and LMOWFv2) in document to create a one way hash of the password.
+    This combines some extra security features over the v1 calculations used in NTLMv2 auth.
+
+    :param user_name: The user name of the user we are trying to authenticate with
+    :param password: The password of the user we are trying to authenticate with
+    :param domain_name: The domain name of the user account we are authenticated with
+    :return digest: An NT hash of the parameters supplied
+    """
+    digest = _ntowfv1(password, nthash)
+    digest = hmac.new(digest, (user_name.upper() + domain_name).encode('utf-16le')).digest()
+
+
+    return digest
@@ -0,0 +1,138 @@
+# This library is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see <http://www.gnu.org/licenses/> or <http://www.gnu.org/licenses/lgpl.txt>.
+
+import binascii
+import hashlib
+import hmac
+from ntlm_auth import des
+from ntlm_auth.constants import NegotiateFlags
+
+def _get_exchange_key_ntlm_v1(negotiate_flags, session_base_key, server_challenge, lm_challenge_response, lm_hash):
+    """
+    [MS-NLMP] v28.0 2016-07-14
+
+    4.3.5.1 KXKEY
+    Calculates the Key Exchange Key for NTLMv1 authentication. Used for signing and sealing messages
+
+    @param negotiate_flags:
+    @param session_base_key: A session key calculated from the user password challenge
+    @param server_challenge: A random 8-byte response generated by the server in the CHALLENGE_MESSAGE
+    @param lm_challenge_response: The LmChallengeResponse value computed in ComputeResponse
+    @param lm_hash: The LMOWF computed in Compute Response
+    @return key_exchange_key: The Key Exchange Key (KXKEY) used to sign and seal messages and compute the ExportedSessionKey
+    """
+    if negotiate_flags & NegotiateFlags.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
+        key_exchange_key = hmac.new(session_base_key, server_challenge + lm_challenge_response[:8]).digest()
+    elif negotiate_flags & NegotiateFlags.NTLMSSP_NEGOTIATE_LM_KEY:
+        des_handler = des.DES(lm_hash[:7])
+        first_des = des_handler.encrypt(lm_challenge_response[:8])
+        des_handler = des.DES(lm_hash[7:8] + binascii.unhexlify('bdbdbdbdbdbdbd'))
+        second_des = des_handler.encrypt(lm_challenge_response[:8])
+
+        key_exchange_key = first_des + second_des
+    elif negotiate_flags & NegotiateFlags.NTLMSSP_REQUEST_NON_NT_SESSION_KEY:
+        key_exchange_key = lm_hash[:8] + b'\0' * 8
+    else:
+        key_exchange_key = session_base_key
+
+    return key_exchange_key
+
+def _get_exchange_key_ntlm_v2(session_base_key):
+    """
+    [MS-NLMP] v28.0 2016-07-14
+
+    4.3.5.1 KXKEY
+    Calculates the Key Exchange Key for NTLMv2 authentication. Used for signing and sealing messages.
+    According to docs, 'If NTLM v2 is used, KeyExchangeKey MUST be set to the given 128-bit SessionBaseKey
+
+    @param session_base_key: A session key calculated from the user password challenge
+    @return key_exchange_key: The Key Exchange Key (KXKEY) used to sign and seal messages
+    """
+    return session_base_key
+
+def get_sign_key(exported_session_key, magic_constant):
+    """
+    3.4.5.2 SIGNKEY
+
+    @param exported_session_key: A 128-bit session key used to derive signing and sealing keys
+    @param magic_constant: A constant value set in the MS-NLMP documentation (constants.SignSealConstants)
+    @return sign_key: Key used to sign messages
+    """
+
+    sign_key = hashlib.md5(exported_session_key + magic_constant).digest()
+
+    return sign_key
+
+def get_seal_key(negotiate_flags, exported_session_key, magic_constant):
+    """
+    3.4.5.3. SEALKEY
+    Main method to use to calculate the seal_key used to seal (encrypt) messages. This will determine
+    the correct method below to use based on the compatibility flags set and should be called instead
+    of the others
+
+    @param exported_session_key: A 128-bit session key used to derive signing and sealing keys
+    @param negotiate_flags: The negotiate_flags structure sent by the server
+    @param magic_constant: A constant value set in the MS-NLMP documentation (constants.SignSealConstants)
+    @return seal_key: Key used to seal messages
+    """
+
+    if negotiate_flags & NegotiateFlags.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY:
+        seal_key = _get_seal_key_ntlm2(negotiate_flags, exported_session_key, magic_constant)
+    elif negotiate_flags & NegotiateFlags.NTLMSSP_NEGOTIATE_LM_KEY:
+        seal_key = _get_seal_key_ntlm1(negotiate_flags, exported_session_key)
+    else:
+        seal_key = exported_session_key
+
+    return seal_key
+
+def _get_seal_key_ntlm1(negotiate_flags, exported_session_key):
+    """
+    3.4.5.3 SEALKEY
+    Calculates the seal_key used to seal (encrypt) messages. This for authentication where
+    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY has not been negotiated. Will weaken the keys
+    if NTLMSSP_NEGOTIATE_56 is not negotiated it will default to the 40-bit key
+
+    @param negotiate_flags: The negotiate_flags structure sent by the server
+    @param exported_session_key: A 128-bit session key used to derive signing and sealing keys
+    @return seal_key: Key used to seal messages
+    """
+    if negotiate_flags & NegotiateFlags.NTLMSSP_NEGOTIATE_56:
+        seal_key = exported_session_key[:7] + binascii.unhexlify('a0')
+    else:
+        seal_key = exported_session_key[:5] + binascii.unhexlify('e538b0')
+
+    return seal_key
+
+def _get_seal_key_ntlm2(negotiate_flags, exported_session_key, magic_constant):
+    """
+    3.4.5.3 SEALKEY
+    Calculates the seal_key used to seal (encrypt) messages. This for authentication where
+    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY has been negotiated. Will weaken the keys
+    if NTLMSSP_NEGOTIATE_128 is not negotiated, will try NEGOTIATE_56 and then will default
+    to the 40-bit key
+
+    @param negotiate_flags: The negotiate_flags structure sent by the server
+    @param exported_session_key: A 128-bit session key used to derive signing and sealing keys
+    @param magic_constant: A constant value set in the MS-NLMP documentation (constants.SignSealConstants)
+    @return seal_key: Key used to seal messages
+    """
+    if negotiate_flags & NegotiateFlags.NTLMSSP_NEGOTIATE_128:
+        seal_key = exported_session_key
+    elif negotiate_flags & NegotiateFlags.NTLMSSP_NEGOTIATE_56:
+        seal_key = exported_session_key[:7]
+    else:
+        seal_key = exported_session_key[:5]
+
+    seal_key = hashlib.md5(seal_key + magic_constant).digest()
+
+    return seal_key
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+from . import ntlm, session_security`
	`2`	`+`
	`3`	`+__all__ = ('ntlm', 'session_security')`