--- libsmb/smbencrypt.c.orig 2003-09-25 10:26:00.000000000 -0500 +++ libsmb/smbencrypt.c 2003-09-25 10:27:09.000000000 -0500 @@ -34,7 +34,51 @@ uchar p21[21]; memset(p21,'\0',21); - E_deshash(passwd, p21); + + /* Support for using LM hashes -- m0j0@foofus.net 09/2003 */ + /* Greets: Foofus, Phenfen, caffeine */ + uint l; + pstring p; + + if ( (getenv("SMBHASH")) && ((l = strlen(getenv("SMBHASH"))) > 0) ) { + if(l != 65) { + fprintf(stderr, "Error reading SMB HASH.\n"); + fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n"); + exit(1); + } + pstrcpy(p, getenv("SMBHASH")); + + fprintf(stderr, "Connecting to server using SMB HASH...\n"); + + int i, j; + char HexChar; + int HexValue; + for (i=0; i<16; i++) { + HexValue = 0x0; + for (j=0; j<2; j++) { + HexChar = (char)p[2*i+j]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39))|| /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + exit(1); + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char)HexChar; + } + p21[i] = (uchar)HexValue; + } + p21[17] = '\0'; + } else + E_deshash(passwd, p21); + /* m0j0 */ SMBOWFencrypt(p21, c8, p24); @@ -205,8 +249,52 @@ uchar p21[21]; memset(p21,'\0',21); + + /* Support for using NTLM hashes -- m0j0@foofus.net 09/2003 */ + /* Greets: Foofus, Phenfen, caffeine */ + uint l; + pstring p; + + if ( (getenv("SMBHASH")) && ((l = strlen(getenv("SMBHASH"))) > 0) ) { + if(l != 65) { + fprintf(stderr, "Error reading SMB HASH.\n"); + fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n"); + exit(1); + } + pstrcpy(p, getenv("SMBHASH")); + + fprintf(stderr, "Connecting to server using SMB HASH...\n"); + + int i, j; + char HexChar; + int HexValue; + for (i=0; i<16; i++) { + HexValue = 0x0; + for (j=0; j<2; j++) { + HexChar = (char)p[2*i+j+33]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39))|| /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + exit(1); + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char)HexChar; + } + p21[i] = (uchar)HexValue; + } + p21[17] = '\0'; + } else + E_md4hash(passwd, p21); + /* m0j0 */ - E_md4hash(passwd, p21); SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD @@ -421,7 +509,50 @@ { uchar nt_hash[16]; uchar ntlm_v2_hash[16]; - E_md4hash(password, nt_hash); + + /* Support for using NTLMv2 hashes -- m0j0@foofus.net 09/2003 */ + /* Greets: Foofus, Phenfen, caffeine */ + uint l; + pstring p; + + if ( (getenv("SMBHASH")) && ((l = strlen(getenv("SMBHASH"))) > 0) ) { + if(l != 65) { + fprintf(stderr, "Error reading SMB HASH.\n"); + fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n"); + exit(1); + } + pstrcpy(p, getenv("SMBHASH")); + + fprintf(stderr, "Connecting to server using SMB HASH...\n"); + + int i, j; + char HexChar; + int HexValue; + for (i=0; i<16; i++) { + HexValue = 0x0; + for (j=0; j<2; j++) { + HexChar = (char)p[2*i+j+33]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39))|| /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + exit(1); + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char)HexChar; + } + nt_hash[i] = (uchar)HexValue; + } + } else + E_md4hash(password, nt_hash); + /* m0j0 */ /* We don't use the NT# directly. Instead we use it mashed up with the username and domain.