surya/server_debian_macro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4bbf35cefb7d6730fc8212392fdb589412a19604
server_debian_macro/node_modules/tedious/lib/ntlm-payload.js

136 lines
24 KiB
JavaScript
Raw Normal View History

Commit iniziale
2025-02-18 22:59:07 +00:00
"use strict";
Object.defineProperty(exports, "__esModule", {
value: true
});
exports.default = void 0;
var _writableTrackingBuffer = _interopRequireDefault(require("./tracking-buffer/writable-tracking-buffer"));
var crypto = _interopRequireWildcard(require("crypto"));
var _jsMd = _interopRequireDefault(require("js-md4"));
function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && Object.prototype.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
class NTLMResponsePayload {
constructor(loginData) {
this.data = this.createResponse(loginData);
}
toString(indent = '') {
return indent + 'NTLM Auth';
}
createResponse(challenge) {
const client_nonce = this.createClientNonce();
const lmv2len = 24;
const ntlmv2len = 16;
const domain = challenge.domain;
const username = challenge.userName;
const password = challenge.password;
const ntlmData = challenge.ntlmpacket;
const server_data = ntlmData.target;
const server_nonce = ntlmData.nonce;
const bufferLength = 64 + domain.length * 2 + username.length * 2 + lmv2len + ntlmv2len + 8 + 8 + 8 + 4 + server_data.length + 4;
const data = new _writableTrackingBuffer.default(bufferLength);
data.position = 0;
data.writeString('NTLMSSP\u0000', 'utf8');
data.writeUInt32LE(0x03);
const baseIdx = 64;
const dnIdx = baseIdx;
const unIdx = dnIdx + domain.length * 2;
const l2Idx = unIdx + username.length * 2;
const ntIdx = l2Idx + lmv2len;
data.writeUInt16LE(lmv2len);
data.writeUInt16LE(lmv2len);
data.writeUInt32LE(l2Idx);
data.writeUInt16LE(ntlmv2len);
data.writeUInt16LE(ntlmv2len);
data.writeUInt32LE(ntIdx);
data.writeUInt16LE(domain.length * 2);
data.writeUInt16LE(domain.length * 2);
data.writeUInt32LE(dnIdx);
data.writeUInt16LE(username.length * 2);
data.writeUInt16LE(username.length * 2);
data.writeUInt32LE(unIdx);
data.writeUInt16LE(0);
data.writeUInt16LE(0);
data.writeUInt32LE(baseIdx);
data.writeUInt16LE(0);
data.writeUInt16LE(0);
data.writeUInt32LE(baseIdx);
data.writeUInt16LE(0x8201);
data.writeUInt16LE(0x08);
data.writeString(domain, 'ucs2');
data.writeString(username, 'ucs2');
const lmv2Data = this.lmv2Response(domain, username, password, server_nonce, client_nonce);
data.copyFrom(lmv2Data);
const genTime = new Date().getTime();
const ntlmDataBuffer = this.ntlmv2Response(domain, username, password, server_nonce, server_data, client_nonce, genTime);
data.copyFrom(ntlmDataBuffer);
data.writeUInt32LE(0x0101);
data.writeUInt32LE(0x0000);
const timestamp = this.createTimestamp(genTime);
data.copyFrom(timestamp);
data.copyFrom(client_nonce);
data.writeUInt32LE(0x0000);
data.copyFrom(server_data);
data.writeUInt32LE(0x0000);
return data.data;
}
createClientNonce() {
const client_nonce = Buffer.alloc(8, 0);
let nidx = 0;
while (nidx < 8) {
client_nonce.writeUInt8(Math.ceil(Math.random() * 255), nidx);
nidx++;
}
return client_nonce;
}
ntlmv2Response(domain, user, password, serverNonce, targetInfo, clientNonce, mytime) {
const timestamp = this.createTimestamp(mytime);
const hash = this.ntv2Hash(domain, user, password);
const dataLength = 40 + targetInfo.length;
const data = Buffer.alloc(dataLength, 0);
serverNonce.copy(data, 0, 0, 8);
data.writeUInt32LE(0x101, 8);
data.writeUInt32LE(0x0, 12);
timestamp.copy(data, 16, 0, 8);
clientNonce.copy(data, 24, 0, 8);
data.writeUInt32LE(0x0, 32);
targetInfo.copy(data, 36, 0, targetInfo.length);
data.writeUInt32LE(0x0, 36 + targetInfo.length);
return this.hmacMD5(data, hash);
}
createTimestamp(time) {
const tenthsOfAMicrosecond = (BigInt(time) + BigInt(11644473600)) * BigInt(10000000);
const lo = Number(tenthsOfAMicrosecond & BigInt(0xffffffff));
const hi = Number(tenthsOfAMicrosecond >> BigInt(32) & BigInt(0xffffffff));
const result = Buffer.alloc(8);
result.writeUInt32LE(lo, 0);
result.writeUInt32LE(hi, 4);
return result;
}
lmv2Response(domain, user, password, serverNonce, clientNonce) {
const hash = this.ntv2Hash(domain, user, password);
const data = Buffer.alloc(serverNonce.length + clientNonce.length, 0);
serverNonce.copy(data);
clientNonce.copy(data, serverNonce.length, 0, clientNonce.length);
const newhash = this.hmacMD5(data, hash);
const response = Buffer.alloc(newhash.length + clientNonce.length, 0);
newhash.copy(response);
clientNonce.copy(response, newhash.length, 0, clientNonce.length);
return response;
}
ntv2Hash(domain, user, password) {
const hash = this.ntHash(password);
const identity = Buffer.from(user.toUpperCase() + domain.toUpperCase(), 'ucs2');
return this.hmacMD5(identity, hash);
}
ntHash(text) {
const unicodeString = Buffer.from(text, 'ucs2');
return Buffer.from(_jsMd.default.arrayBuffer(unicodeString));
}
hmacMD5(data, key) {
return crypto.createHmac('MD5', key).update(data).digest();
}
}
var _default = exports.default = NTLMResponsePayload;
module.exports = NTLMResponsePayload;
//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJfd3JpdGFibGVUcmFja2luZ0J1ZmZlciIsIl9pbnRlcm9wUmVxdWlyZURlZmF1bHQiLCJyZXF1aXJlIiwiY3J5cHRvIiwiX2ludGVyb3BSZXF1aXJlV2lsZGNhcmQiLCJfanNNZCIsIl9nZXRSZXF1aXJlV2lsZGNhcmRDYWNoZSIsImUiLCJXZWFrTWFwIiwiciIsInQiLCJfX2VzTW9kdWxlIiwiZGVmYXVsdCIsImhhcyIsImdldCIsIm4iLCJfX3Byb3RvX18iLCJhIiwiT2JqZWN0IiwiZGVmaW5lUHJvcGVydHkiLCJnZXRPd25Qcm9wZXJ0eURlc2NyaXB0b3IiLCJ1IiwicHJvdG90eXBlIiwiaGFzT3duUHJvcGVydHkiLCJjYWxsIiwiaSIsInNldCIsIm9iaiIsIk5UTE1SZXNwb25zZVBheWxvYWQiLCJjb25zdHJ1Y3RvciIsImxvZ2luRGF0YSIsImRhdGEiLCJjcmVhdGVSZXNwb25zZSIsInRvU3RyaW5nIiwiaW5kZW50IiwiY2hhbGxlbmdlIiwiY2xpZW50X25vbmNlIiwiY3JlYXRlQ2xpZW50Tm9uY2UiLCJsbXYybGVuIiwibnRsbXYybGVuIiwiZG9tYWluIiwidXNlcm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwibnRsbURhdGEiLCJudGxtcGFja2V0Iiwic2VydmVyX2RhdGEiLCJ0YXJnZXQiLCJzZXJ2ZXJfbm9uY2UiLCJub25jZSIsImJ1ZmZlckxlbmd0aCIsImxlbmd0aCIsIldyaXRhYmxlVHJhY2tpbmdCdWZmZXIiLCJwb3NpdGlvbiIsIndyaXRlU3RyaW5nIiwid3JpdGVVSW50MzJMRSIsImJhc2VJZHgiLCJkbklkeCIsInVuSWR4IiwibDJJZHgiLCJudElkeCIsIndyaXRlVUludDE2TEUiLCJsbXYyRGF0YSIsImxtdjJSZXNwb25zZSIsImNvcHlGcm9tIiwiZ2VuVGltZSIsIkRhdGUiLCJnZXRUaW1lIiwibnRsbURhdGFCdWZmZXIiLCJudGxtdjJSZXNwb25zZSIsInRpbWVzdGFtcCIsImNyZWF0ZVRpbWVzdGFtcCIsIkJ1ZmZlciIsImFsbG9jIiwibmlkeCIsIndyaXRlVUludDgiLCJNYXRoIiwiY2VpbCIsInJhbmRvbSIsInVzZXIiLCJzZXJ2ZXJOb25jZSIsInRhcmdldEluZm8iLCJjbGllbnROb25jZSIsIm15dGltZSIsImhhc2giLCJudHYySGFzaCIsImRhdGFMZW5ndGgiLCJjb3B5IiwiaG1hY01ENSIsInRpbWUiLCJ0ZW50aHNPZkFNaWNyb3NlY29uZCIsIkJpZ0ludCIsImxvIiwiTnVtYmVyIiwiaGkiLCJyZXN1bHQiLCJuZXdoYXNoIiwicmVzcG9uc2UiLCJudEhhc2giLCJpZGVudGl0eSIsImZyb20iLCJ0b1VwcGVyQ2FzZSIsInRleHQiLCJ1bmljb2RlU3RyaW5nIiwibWQ0IiwiYXJyYXlCdWZmZXIiLCJrZXkiLCJjcmVhdGVIbWFjIiwidXBkYXRlIiwiZGlnZXN0IiwiX2RlZmF1bHQiLCJleHBvcnRzIiwibW9kdWxlIl0sInNvdXJjZXMiOlsiLi4vc3JjL250bG0tcGF5bG9hZC50cyJdLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgV3JpdGFibGVUcmFja2luZ0J1ZmZlciBmcm9tICcuL3RyYWNraW5nLWJ1ZmZlci93cml0YWJsZS10cmFja2luZy1idWZmZXInO1xuaW1wb3J0ICogYXMgY3J5cHRvIGZyb20gJ2NyeXB0byc7XG5pbXBvcnQgbWQ0IGZyb20gJ2pzLW1kNCc7XG5cbmludGVyZmFjZSBPcHRpb25zIHtcbiAgZG9tYWluOiBzdHJpbmc7XG4gIHVzZXJOYW1lOiBzdHJpbmc7XG4gIHBhc3N3b3JkOiBzdHJpbmc7XG4gIG50bG1wYWNrZXQ6IHtcbiAgICB0YXJnZXQ6IEJ1ZmZlcjtcbiAgICBub25jZTogQnVmZmVyO1xuICB9O1xufVxuXG5jbGFzcyBOVExNUmVzcG9uc2VQYXlsb2FkIHtcbiAgZGVjbGFyZSBkYXRhOiBCdWZmZXI7XG5cbiAgY29uc3RydWN0b3IobG9naW5EYXRhOiBPcHRpb25zKSB7XG4gICAgdGhpcy5kYXRhID0gdGhpcy5jcmVhdGVSZXNwb25zZShsb2dpbkRhdGEpO1xuICB9XG5cbiAgdG9TdHJpbmcoaW5kZW50ID0gJycpIHtcbiAgICByZXR1cm4gaW5kZW50ICsgJ05UTE0gQXV0aCc7XG4gIH1cblxuICBjcmVhdGVSZXNwb25zZShjaGFsbGVuZ2U6IE9wdGlvbnMpIHtcbiAgICBjb25zdCBjbGllbnRfbm9uY2UgPSB0aGlzLmNyZWF0ZUNsaWVudE5vbmNlKCk7XG4gICAgY29uc3QgbG12MmxlbiA9IDI0O1xuICAgIGNvbnN0IG50bG12MmxlbiA9IDE2O1xuICAgIGNvbnN0IGRvbWFpbiA9IGNoYWxsZW5nZS5kb21haW47XG4gICAgY29uc3QgdXNlcm5hbWUgPSBjaGFsbGVuZ2UudXNlck5hbWU7XG4gICAgY29uc3QgcGFzc3dvcmQgPSBjaGFsbGVuZ2UucGFzc3dvcmQ7XG4gICAgY29uc3QgbnRsbURhdGEgPSBjaGFsbGVuZ2UubnRsbXBhY2tldDtcbiAgICBjb25zdCBzZXJ2ZXJfZGF0YSA9IG50bG1EYXRhLnRhcmdldDtcbiAgICBjb25zdCBzZXJ2ZXJfbm9uY2UgPSBudGxtRGF0YS5ub25jZTtcbiAgICBjb25zdCBidWZmZXJMZW5ndGggPSA2NCArIChkb21haW4ubGVuZ3RoICogMikgKyAodXNlcm5hbWUubGVuZ3RoICogMikgKyBsbXYybGVuICsgbnRsbXYybGVuICsgOCArIDggKyA4ICsgNCArIHNlcnZlcl9kYXRhLmxlbmd0aCArIDQ7XG4gICAgY29uc3QgZGF0YSA9IG5ldyBXcml0YWJsZVRyYWNraW5nQnVmZmVyKGJ1ZmZlckxlbmd0aCk7XG4gICAgZGF0YS5wb3NpdGlvbiA9IDA7XG4gICAgZGF0YS53cml0ZVN0cmluZygnTlRMTVNTUFxcdTAwMDAnLCAndXRmOCcpO1xuICAgIGRhdGEud3JpdGVVSW50MzJMRSgweDAzKTtcbiAgICBjb25zdCBiYXNlSWR4ID0gNjQ7XG4gICAgY29uc3QgZG5JZHggPSBiYXNlSWR4O1xuICAgIGNvbnN0IHVuSWR4ID0gZG5JZHggKyBkb21haW4ubGVuZ3RoICogMjtcbiAgICBjb25zdCBsMklkeCA9IHVuSWR4ICsgdXNlcm5hbWUubGVuZ3RoICogMjtcbiAgICBjb25zdCBudElkeCA9IGwySWR4ICsgbG12MmxlbjtcbiAgICBkYXRhLndyaXRlVUludDE2TEUobG12Mmxlbik7XG4gICAgZGF0YS53cml0ZVVJbnQxNkxFKGxtdjJsZW4pO1xuICAgIGRhdGEud3JpdGVVSW50MzJMRShsMklkeCk7XG4gICAgZGF0YS53cml0ZVVJbnQxNkxFKG50bG12Mmxlbik7XG4gICAgZGF0YS53cml0ZVVJbnQxNkxFKG50bG12Mmxlbik7XG4gICAgZGF0YS53cml0ZVVJbnQzMkxFKG50SWR4KTtcbiAgICBkYXRhLndyaXRlVUludDE2TEUoZG9tYWluLmxlbmd0aCAqIDIpO1xuICAgIGRhdGEud3JpdGVVSW50MTZMRShkb21haW4ubGV
Reference in New Issue Copy Permalink