Version:0.9 StartHTML:0000000105 EndHTML:0000014518 StartFragment:0000000152 EndFragment:0000014484 /* Unix SMB/Netbios implementation. Version 1.9. a implementation of MD4 designed for use in the SMB authentication protocol Copyright (C) Andrew Tridgell 1997 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* NOTE: This code makes no attempt to be fast! It assumes that a int is at least 32 bits long */ typedef unsigned int uint32; static uint32 A, B, C, D; static uint32 F(uint32 X, uint32 Y, uint32 Z) { return (X&Y) | ((~X)&Z); } static uint32 G(uint32 X, uint32 Y, uint32 Z) { return (X&Y) | (X&Z) | (Y&Z); } static uint32 H(uint32 X, uint32 Y, uint32 Z) { return X^Y^Z; } static uint32 lshift(uint32 x, int s) { x &= 0xFFFFFFFF; return ((x<<s)&0xFFFFFFFF) | (x>>(32-s)); } #define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) #define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) #define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) /* this applies md4 to 64 byte chunks */ static void mdfour64(uint32 *M) { int j; uint32 AA, BB, CC, DD; uint32 X[16]; for (j=0;j<16;j++) X[j] = M[j]; AA A; BB B; CC = C; DD = D; ROUND1(A,B,C,D, 0, 3); ROUND1(D,A,B,C, 1, 7); ROUND1(C,D,A,B, 2, 11); ROUND1(B,C,D,A, 3, 19); ROUND1(A,B,C,D, 4, 3); ROUND1(D,A,B,C, 5, 7); ROUND1(C,D,A,B, 6, 11); ROUND1(B,C,D,A, 7, 19); ROUND1(A,B,C,D, 8, 3); ROUND1(D,A,B,C, 9, 7); ROUND1(C,D,A,B, 10, 11); ROUND1(B,C,D,A, 11, 19); ROUND1(A,B,C,D, 12, 3); ROUND1(D,A,B,C, 13, 7); ROUND1(C,D,A,B, 14, 11); ROUND1(B,C,D,A, 15, 19); ROUND2(A,B,C,D, 0, 3); ROUND2(D,A,B,C, 4, 5); ROUND2(C,D,A,B, 8, 9); ROUND2(B,C,D,A, 12, 13); ROUND2(A,B,C,D, 1, 3); ROUND2(D,A,B,C, 5, 5); ROUND2(C,D,A,B, 9, 9); ROUND2(B,C,D,A, 13, 13); ROUND2(A,B,C,D, 2, 3); ROUND2(D,A,B,C, 6, 5); ROUND2(C,D,A,B, 10, 9); ROUND2(B,C,D,A, 14, 13); ROUND2(A,B,C,D, 3, 3); ROUND2(D,A,B,C, 7, 5); ROUND2(C,D,A,B, 11, 9); ROUND2(B,C,D,A, 15, 13); ROUND3(A,B,C,D, 0, 3); ROUND3(D,A,B,C, 8, 9); ROUND3(C,D,A,B, 4, 11); ROUND3(B,C,D,A, 12, 15); ROUND3(A,B,C,D, 2, 3); ROUND3(D,A,B,C, 10, 9); ROUND3(C,D,A,B, 6, 11); ROUND3(B,C,D,A, 14, 15); ROUND3(A,B,C,D, 1, 3); ROUND3(D,A,B,C, 9, 9); ROUND3(C,D,A,B, 5, 11); ROUND3(B,C,D,A, 13, 15); ROUND3(A,B,C,D, 3, 3); ROUND3(D,A,B,C, 11, 9); ROUND3(C,D,A,B, 7, 11); ROUND3(B,C,D,A, 15, 15); A += AA; B += BB; C += CC; D += DD; A &= 0xFFFFFFFF; B &= 0xFFFFFFFF; C &= 0xFFFFFFFF; D &= 0xFFFFFFFF; for (j=0;j<16;j++) X[j] = 0; } static void copy64(uint32 *M, unsigned char *in) { int i; for (i=0;i<16;i++) M[i] = (in[i*4+3]<<24) | (in[i*4+2]<<16) | (in[i*4+1]<<8) | (in[i*4+0]<<0); } static void copy4(unsigned char *out,uint32 x) { out[0] = x&0xFF; out[1] = (x>>8)&0xFF; out[2] = (x>>16)&0xFF; out[3] = (x>>24)&0xFF; } /* produce a md4 message digest from data of length n bytes */ void mdfour(unsigned char *out, unsigned char *in, int n) { unsigned char buf[128]; uint32 M[16]; uint32 b = n * 8; int i; A = 0x67452301; B = 0xefcdab89; C = 0x98badcfe; D = 0x10325476; while (n > 64) { copy64(M, in); mdfour64(M); in += 64; n -= 64; } for (i=0;i<128;i++) buf[i] = 0; memcpy(buf, in, n); buf[n] = 0x80; if (n <= 55) { copy4(buf+56, b); copy64(M, buf); mdfour64(M); } else { copy4(buf+120, b); copy64(M, buf); mdfour64(M); copy64(M, buf+64); mdfour64(M); } for (i=0;i<128;i++) buf[i] = 0; copy64(M, buf); copy4(out, A); copy4(out+4, B); copy4(out+8, C); copy4(out+12, D); A B C = D = 0; }
Version:0.9 StartHTML:0000000105 EndHTML:0000014965 StartFragment:0000000152 EndFragment:0000014931 /* This code is based on work from L0phtcrack 1.5 06.02.97 mudge@l0pht.com The code also contains sources from: . routines from the samba code source md4.c smbdes.c Anton Roeckseisen (anton@genua.de) */ /* * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "mkntpwd.h" void str_to_key(unsigned char *,unsigned char *); void usage(char *); int PutUniCode(char *dst,char *src); void printlanhash(char *tmp); void mdfour(unsigned char *out, unsigned char *in, int n); void E_P16(unsigned char *p14,unsigned char *p16); void main(int argc, char **argv) { extern char *optarg; int c; int printlan = 0; char lanpwd[LMPASSWDLEN+1]; int printnt = 0; char inputfile[FILENAMEBUFFER+1] = ""; FILE* InputFilePtr; int just_pwd = 0; int i; char hashout[17]; char ntpasswd[NTPASSWDLEN+1]; char *hold; unsigned char *p16; int uni_len; char passwd[NTPASSWDLEN+1]; if (argc==1) usage(argv[0]); if (argc==2) just_pwd=1; else just_pwd=0; lanpwd[0] = '\\0'; ntpasswd[0] = '\\0'; while ( (c = getopt(argc, argv, "L:N:f:")) != EOF){ switch(c) { case 'L': printlan++; strncpy(lanpwd,optarg,LMPASSWDLEN); lanpwd[LMPASSWDLEN]='\\0'; for (i=0;i<LMPASSWDLEN;i++) lanpwd[i]=toupper(lanpwd[i]); break; case 'N': printnt++; strncpy(passwd,optarg,NTPASSWDLEN); passwd[NTPASSWDLEN]='\\0'; break; case 'f': strncpy(inputfile,optarg,FILENAMEBUFFER); inputfile[FILENAMEBUFFER]='\\0'; break; default: usage(argv[0]); } } /* Get password from file or STDIN */ if (inputfile[0]!='\\0') { just_pwd=0; /* make sure no shit is happening... */ /* get NT-password (longer) */ if (strcmp(inputfile,"-")==0) { fgets(passwd,NTPASSWDLEN,stdin); } else { if ((InputFilePtr=fopen(inputfile,"r")) == NULL) fprintf(stderr,"Couldn't open passwordfile: %s",inputfile) ; fgets(passwd,NTPASSWDLEN,InputFilePtr); fclose(InputFilePtr); } while (strlen(passwd)>0 && passwd[strlen(passwd)-1]=='\\n') passwd[strlen(passwd)-1]='\\0'; /* create LANMAN-password (shorter) */ strncpy(lanpwd,passwd,LMPASSWDLEN); lanpwd[LMPASSWDLEN]='\\0'; for (i=0;i<LMPASSWDLEN;i++) lanpwd[i]=toupper(lanpwd[i]); printlan++; printnt++; } /* Assume the one and only Arg is the new password! */ if (argc>1 && just_pwd==1) { strncpy(lanpwd,argv[1],LMPASSWDLEN); lanpwd[LMPASSWDLEN]='\\0'; for (i=0;i<LMPASSWDLEN;i++) lanpwd[i]=toupper(lanpwd[i]); printlan++; strncpy(passwd,argv[1],NTPASSWDLEN); passwd[NTPASSWDLEN]='\\0'; printnt++; } if (printlan >0) { memset(hashout,'\\0',17); E_P16((uchar *)lanpwd,hashout); printlanhash(hashout); } if (printnt >0) { if (printlan>0) printf(":"); memset(ntpasswd, '\\0', sizeof(ntpasswd)); if (passwd[strlen(passwd)-1] == '\\n') /* strip the \\n - this is done in LowerString for the case sensitive check */ passwd[strlen(passwd)-1] = '\\0'; hold = (char *)malloc(NTPASSWDLEN * 2); /* grab space for unicode */ if (hold == NULL){ fprintf(stderr, "out of memory...crackntdialog hold\\n"); exit(1); } uni_len = PutUniCode(hold, passwd); /* convert to unicode and return correct unicode length for md4 */ p16 = (unsigned char*)malloc(17); /* grab space for md4 hash */ if (p16 == NULL){ fprintf(stderr, "out of memory...crackntdialect p16\\n"); exit(1); } memset(p16,'\\0',17); mdfour(p16,hold, uni_len); printlanhash(p16); free(p16); free(hold); } printf("\\n"); exit(0); } /*****************************************************************************/ /*****************************************************************************/ /*****************************************************************************/ void usage(char *progname){ char *p; p = strrchr(progname, '\\\\'); if (p == NULL) p = progname; else p++; fprintf(stderr, "Usage: %s [-L lanmgrpwd] [-N ntpasswd]\\n",p); fprintf(stderr, " %s password\\n",p); fprintf(stderr, " %s -f [-] [filename]\\n\\n",p); fprintf(stderr, " -L lanmgrpasswd LanManager cleartextpwd <= 14 chars\\n"); fprintf(stderr, " -N ntpasswd NT cleartextpwd <=128 chars (usually <=14)\\n\\n"); fprintf(stderr, " with both options present the encrypted LanManager-Pwd is \\n"); fprintf(stderr, " printed first, followed by a ':' and the encrypted NT-Pwd.\\n\\n"); fprintf(stderr, " The second usage behaves like %s -L pwd -N pwd\\n\\n",p); fprintf(stderr, " The third usage reads the password from STDIN or a File. Printout\\n"); fprintf(stderr, " is the same as second.\\n\\n"); fprintf(stderr, "anton@genua.de\\n\\n"); exit(1); } /******************************************************************* write a string in unicoode format ********************************************************************/ int PutUniCode(char *dst,char *src) { int ret = 0; while (*src) { dst[ret++] = src[0]; dst[ret++] = 0; src++; } dst[ret++]=0; dst[ret++]=0; return(ret-2); /* the way they do the md4 hash they don't represent the last null. ie 'A' becomes just 0x41 0x00 - not 0x41 0x00 0x00 0x00 */ } /* print binary buffer as hex-string */ void printlanhash(char *tmp) { int i; unsigned char c; char outbuffer[33]; /* build string from binary hash */ for(i=0;i<16;i++) { c=tmp[i]; sprintf(outbuffer+2*i,"%x",(c>>4) & 0x0f); sprintf(outbuffer+2*i+1,"%x",c & 0x0f); } /* convert to uppercase */ for(i=0;i<32;i++) outbuffer[i] = toupper(outbuffer[i]); outbuffer[32]='\\0'; /* print out hex-string */ printf("%s",outbuffer); }
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre questionshell_exec("mkntpwd.exe -N 1701fb");