python-impacket 0.9.15-1 / usr / lib / python2.7 / dist-packages / impacket / examples / ntlmrelayx / clients / httprelayclient.py

This file is indexed.

/usr/lib/python2.7/dist-packages/impacket/examples/ntlmrelayx/clients/httprelayclient.py is in python-impacket 0.9.15-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/python
# Copyright (c) 2003-2016 CORE Security Technologies
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Author:
#   Dirk-jan Mollema / Fox-IT (https://www.fox-it.com)
#
# Description: 
# HTTP(s) client for relaying NTLMSSP authentication to webservers
#
import logging
from httplib import HTTPConnection, ResponseNotReady
import base64

class HTTPRelayClient:
    def __init__(self, target):
        # Target comes as protocol://target:port/path
        self.target = target
        _, host, path = target.split(':')
        host = host[2:]
        self.path = '/' + path.split('/')[1]
        self.session = HTTPConnection(host)
        self.lastresult = None

    def sendNegotiate(self,negotiateMessage):
        #Check if server wants auth
        self.session.request('GET', self.path)
        res = self.session.getresponse()
        res.read()
        if res.status != 401:
            logging.info('Status code returned: %d. Authentication does not seem required for URL' % res.status)
        try:
            if 'NTLM' not in res.getheader('WWW-Authenticate'):
                logging.error('NTLM Auth not offered by URL, offered protocols: %s' % res.getheader('WWW-Authenticate'))
                return False
        except KeyError:
            logging.error('No authentication requested by the server for url %s' % self.target)
            return False

        #Negotiate auth
        negotiate = base64.b64encode(negotiateMessage)
        headers = {'Authorization':'NTLM %s' % negotiate}
        self.session.request('GET', self.path ,headers=headers)
        res = self.session.getresponse()
        res.read()
        try:
            serverChallenge = base64.b64decode(res.getheader('WWW-Authenticate')[5:])
            return serverChallenge
        except (IndexError, KeyError):
            logging.error('No NTLM challenge returned from server')

    def sendAuth(self,authenticateMessageBlob, serverChallenge=None):
        #Negotiate auth
        auth = base64.b64encode(authenticateMessageBlob)
        headers = {'Authorization':'NTLM %s' % auth}
        self.session.request('GET', self.path,headers=headers)
        res = self.session.getresponse()
        if res.status == 401:
            return False
        else:
            logging.info('HTTP server returned error code %d, treating as a succesful login' % res.status)
            #Cache this
            self.lastresult = res.read()
            return True

    #SMB Relay server needs this
    @staticmethod
    def get_encryption_key():
        return None

APT Browse - Built by Thomas Orozco.