diff --git a/src/ntlm/messages/authenticate.go b/src/ntlm/messages/authenticate.go index a38403b..9993d92 100644 --- a/src/ntlm/messages/authenticate.go +++ b/src/ntlm/messages/authenticate.go @@ -84,9 +84,13 @@ func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, erro // Check to see if this is a v1 or v2 response if ntlmVersion == 2 { - am.NtlmV2Response = ReadNtlmV2Response(am.NtChallengeResponseFields.Payload) + am.NtlmV2Response, err = ReadNtlmV2Response(am.NtChallengeResponseFields.Payload) } else { - am.NtlmV1Response = ReadNtlmV1Response(am.NtChallengeResponseFields.Payload) + am.NtlmV1Response, err = ReadNtlmV1Response(am.NtChallengeResponseFields.Payload) + } + + if err != nil { + return nil, err } am.DomainName, err = ReadStringPayload(28, body) diff --git a/src/ntlm/messages/authenticate_test.go b/src/ntlm/messages/authenticate_test.go index 2f2cdd0..41861eb 100644 --- a/src/ntlm/messages/authenticate_test.go +++ b/src/ntlm/messages/authenticate_test.go @@ -13,6 +13,19 @@ func checkPayloadStruct(t *testing.T, payloadStruct *PayloadStruct, len uint16, } } +func TestParseNTLMv1AsV2(t *testing.T) { + ntlmv1data := "TlRMTVNTUAADAAAAGAAYALYAAAAYABgAzgAAADQANABIAAAAIAAgAHwAAAAaABoAnAAAABAAEADmAAAAVYKQQgUCzg4AAAAPYQByAHIAYQB5ADEAMgAuAG0AcwBnAHQAcwB0AC4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAHUAcwBlAHIAcwB0AHIAZQBzAHMAMQAwADAAMAAwADgATgBZAEMAVgBBADEAMgBTADIAQwBNAFMAQQDguXWdC2hLH+C5dZ0LaEsf4Ll1nQtoSx9nI+fkE73qtElnkDiSQbxfcDN9zbtO1qfyK3ZTI6CUhvjxmXnpZEjY" + authBytes, err := base64.StdEncoding.DecodeString(ntlmv1data) + _, err = ParseAuthenticateMessage(authBytes, 2) + if err == nil { + t.Error("Should have returned error when tring to parse an NTLMv1 authenticate message as NTLMv2") + } + _, err = ParseAuthenticateMessage(authBytes, 1) + if err != nil { + t.Error("Should not have returned error when tring to parse an NTLMv1 authenticate message") + } +} + func TestAuthenticateNtlmV1(t *testing.T) { authenticateMessage := "TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAAAAAAABYAAAAIAAgAFgAAAAQABAAeAAAABAAEAC4AAAAVYKQYgYBsR0AAAAP2BgW++b14Dh6Z5B4Xs1DiHAAYQB1AGwAQABwAGEAdQBsAGQAaQB4AC4AbgBlAHQAVwBJAE4ANwBfAEkARQA4ACugxZFzvHB4P6LdKbbZpiYHo2ErZURLiSugxZFzvHB4P6LdKbbZpiYHo2ErZURLibmpCUlnbq2I4LAdEhLdg7I=" authenticateData, err := base64.StdEncoding.DecodeString(authenticateMessage) diff --git a/src/ntlm/messages/challenge_responses.go b/src/ntlm/messages/challenge_responses.go index dca8aec..8fc2c68 100644 --- a/src/ntlm/messages/challenge_responses.go +++ b/src/ntlm/messages/challenge_responses.go @@ -3,6 +3,7 @@ package messages import ( "bytes" "encoding/hex" + "errors" "fmt" ) @@ -17,10 +18,10 @@ func (n *NtlmV1Response) String() string { return fmt.Sprintf("NtlmV1Response: %s", hex.EncodeToString(n.Response)) } -func ReadNtlmV1Response(bytes []byte) *NtlmV1Response { +func ReadNtlmV1Response(bytes []byte) (*NtlmV1Response, error) { r := new(NtlmV1Response) r.Response = bytes[0:24] - return r + return r, nil } // *** NTLMv2 @@ -80,13 +81,18 @@ func (n *NtlmV2Response) String() string { return buffer.String() } -func ReadNtlmV2Response(bytes []byte) *NtlmV2Response { +func ReadNtlmV2Response(bytes []byte) (*NtlmV2Response, error) { r := new(NtlmV2Response) r.Response = bytes[0:16] r.NtlmV2ClientChallenge = new(NtlmV2ClientChallenge) c := r.NtlmV2ClientChallenge c.RespType = bytes[16] c.HiRespType = bytes[17] + + if c.RespType != 1 || c.HiRespType != 1 { + return nil, errors.New("Does not contain a valid NTLM v2 client challenge - could be NTLMv1.") + } + // Ignoring - 2 bytes reserved // c.Reserved1 // Ignoring - 4 bytes reserved @@ -96,7 +102,7 @@ func ReadNtlmV2Response(bytes []byte) *NtlmV2Response { // Ignoring - 4 bytes reserved // c.Reserved3 c.AvPairs = ReadAvPairs(bytes[44:]) - return r + return r, nil } // LMv1