Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix NTLMv2 hash when username contains non-ASCII characters #56

Merged
merged 4 commits into from
Jun 12, 2024
Merged

Fix NTLMv2 hash when username contains non-ASCII characters #56

merged 4 commits into from
Jun 12, 2024

Conversation

cdelafuente-r7
Copy link
Contributor

This fixes #55.

See the issue for details. After the fix:

❯ ruby examples/authenticate.rb 10.0.0.68 юзер 123456
SMB3 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Netbios Name: MYWIN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0311
OS Version: 10.0.14393
SMB2 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Netbios Name: MYWIN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0210
OS Version: 10.0.14393
SMB1 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Native OS: Windows Server 2016 Standard 14393
Native LAN Manager: Windows Server 2016 Standard 6.3
Netbios Name: MYWIN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: NT LM 0.12
OS Version: 10.0.14393
SMB2 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Netbios Name: MYWIN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0210
OS Version: 10.0.14393
SMB3 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Netbios Name: MYWIN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0311
OS Version: 10.0.14393

@cdelafuente-r7 cdelafuente-r7 mentioned this pull request Sep 22, 2022
Closed
@cdelafuente-r7 cdelafuente-r7 changed the title Fix NTLMv2 hash when username contains non-ASCI characters Fix NTLMv2 hash when username contains non-ASCII characters Sep 23, 2022
@cdelafuente-r7 cdelafuente-r7 mentioned this pull request Sep 23, 2022
Merged
@cdelafuente-r7
Copy link
Contributor Author

I noticed there is still an encoding issue using some specific characters (e.g Hélène). It looks like the issue is due to how strings are encoded and concatenated in Net::NTLM::Message#serialize.

I added a fix and I wrote some specs to show the issue (added to spec/lib/net/ntlm/message/type3_spec.rb specs) in 11ef238.

  ...
  describe '#serialize' do
    context 'when the username contains non-ASCI characters' do
      let(:t3) {
        t2 = Net::NTLM::Message::Type2.new
        t2.response(
          {
            :user => 'Hélène',
            :password => '123456',
            :domain => ''
          },
          {
            :ntlmv2 => true,
            :workstation => 'testlab.local'
          }
        )
      }

      it 'serializes without error' do
        expect { t3.serialize }.not_to raise_error
      end
    end
  end
  ...

Before the fix

❯ rspec spec/lib/net/ntlm/message/type3_spec.rb -e 'when the username contains non-ASCI characters'
Run options: include {:full_description=>/when\ the\ username\ contains\ non\-ASCI\ characters/}

Net::NTLM::Message::Type3
  #serialize
    when the username contains non-ASCI characters
      serializes without error (FAILED - 1)

Failures:

  1) Net::NTLM::Message::Type3#serialize when the username contains non-ASCI characters serializes without error
     Failure/Error: expect { t3.serialize }.not_to raise_error

       expected no Exception, got #<Encoding::CompatibilityError: incompatible character encodings: ASCII-8BIT and UTF-8> with backtrace:
         # ./lib/net/ntlm/message.rb:90:in `join'
         # ./lib/net/ntlm/message.rb:90:in `serialize'
         # ./spec/lib/net/ntlm/message/type3_spec.rb:243:in `block (5 levels) in <top (required)>'
         # ./spec/lib/net/ntlm/message/type3_spec.rb:243:in `block (4 levels) in <top (required)>'
     # ./spec/lib/net/ntlm/message/type3_spec.rb:243:in `block (4 levels) in <top (required)>'

Finished in 0.02305 seconds (files took 0.1948 seconds to load)
1 example, 1 failure

Failed examples:

rspec ./spec/lib/net/ntlm/message/type3_spec.rb:242 # Net::NTLM::Message::Type3#serialize when the username contains non-ASCI characters serializes without error

After the fix

❯ rspec spec/lib/net/ntlm/message/type3_spec.rb -e 'when the username contains non-ASCI characters'
Run options: include {:full_description=>/when\ the\ username\ contains\ non\-ASCI\ characters/}

Net::NTLM::Message::Type3
  #serialize
    when the username contains non-ASCI characters
      serializes without error

Finished in 0.00835 seconds (files took 0.19049 seconds to load)
1 example, 0 failures

pcai
pcai reviewed Jun 6, 2024
View reviewed changes
pcai
pcai requested changes Jun 6, 2024
View reviewed changes
Copy link
Contributor

@pcai pcai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see inline

pcai
pcai reviewed Jun 6, 2024
View reviewed changes
lib/net/ntlm/encode_util.rb
@@ -39,7 +39,7 @@ def self.decode_utf16le(str)
# the function will convert the string bytes to UTF-16LE and note the encoding as UTF-8 so that byte
# concatination works seamlessly.
def self.encode_utf16le(str)
str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('UTF-8')
str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('ASCII-8BIT')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think this change makes sense and behaves more like the comment block describes, since its supposed to be safe to perform byte concatenation on the result

@pcai pcai mentioned this pull request Jun 7, 2024
Closed
@pcai pcai merged commit 3a20614 into WinRb:master Jun 12, 2024
12 checks passed
@pcai
Copy link
Contributor

pcai commented Jun 12, 2024

thanks!

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@pcai pcai pcai approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Wrong NTLMv2 hash when username contains non-ASCI characters
2 participants
@cdelafuente-r7 @pcai