--- SOURCES/samba-3.0.3/source/libsmb/smbencrypt.c 2004-04-20 15:42:55.000000000 -0500 +++ SOURCES/samba-3.0.3-m0j0/source/libsmb/smbencrypt.c 2004-05-27 12:57:48.985161768 -0500 @@ -38,7 +38,51 @@ uchar p21[21]; memset(p21,'\0',21); - ret = E_deshash(passwd, p21); + + /* Support for using LM hashes -- m0j0@foofus.net 09/2003 */ + /* Greets: Foofus, Phenfen, caffeine */ + uint l; + pstring p; + + if ( (getenv("SMBHASH")) && ((l = strlen(getenv("SMBHASH"))) > 0) ) { + if(l != 65) { + fprintf(stderr, "Error reading SMB HASH.\n"); + fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n"); + exit(1); + } + pstrcpy(p, getenv("SMBHASH")); + + fprintf(stderr, "Connecting to server using SMB HASH...\n"); + + int i, j; + char HexChar; + int HexValue; + for (i=0; i<16; i++) { + HexValue = 0x0; + for (j=0; j<2; j++) { + HexChar = (char)p[2*i+j]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39))|| /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + exit(1); + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char)HexChar; + } + p21[i] = (uchar)HexValue; + } + p21[17] = '\0'; + } else + ret = E_deshash(passwd, p21); + /* m0j0 */ SMBOWFencrypt(p21, c8, p24); @@ -224,8 +268,52 @@ uchar p21[21]; memset(p21,'\0',21); - - E_md4hash(passwd, p21); + + /* Support for using NTLM hashes -- m0j0@foofus.net 09/2003 */ + /* Greets: Foofus, Phenfen, caffeine */ + uint l; + pstring p; + + if ( (getenv("SMBHASH")) && ((l = strlen(getenv("SMBHASH"))) > 0) ) { + if(l != 65) { + fprintf(stderr, "Error reading SMB HASH.\n"); + fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n"); + exit(1); + } + pstrcpy(p, getenv("SMBHASH")); + + fprintf(stderr, "Connecting to server using SMB HASH...\n"); + + int i, j; + char HexChar; + int HexValue; + for (i=0; i<16; i++) { + HexValue = 0x0; + for (j=0; j<2; j++) { + HexChar = (char)p[2*i+j+33]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39))|| /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + exit(1); + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char)HexChar; + } + p21[i] = (uchar)HexValue; + } + p21[17] = '\0'; + } else + E_md4hash(passwd, p21); + /* m0j0 */ + SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD @@ -430,7 +518,50 @@ { uchar nt_hash[16]; uchar ntlm_v2_hash[16]; - E_md4hash(password, nt_hash); + + /* Support for using NTLMv2 hashes -- m0j0@foofus.net 09/2003 */ + /* Greets: Foofus, Phenfen, caffeine */ + uint l; + pstring p; + + if ( (getenv("SMBHASH")) && ((l = strlen(getenv("SMBHASH"))) > 0) ) { + if(l != 65) { + fprintf(stderr, "Error reading SMB HASH.\n"); + fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n"); + exit(1); + } + pstrcpy(p, getenv("SMBHASH")); + + fprintf(stderr, "Connecting to server using SMB HASH...\n"); + + int i, j; + char HexChar; + int HexValue; + for (i=0; i<16; i++) { + HexValue = 0x0; + for (j=0; j<2; j++) { + HexChar = (char)p[2*i+j+33]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39))|| /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + exit(1); + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char)HexChar; + } + nt_hash[i] = (uchar)HexValue; + } + } else + E_md4hash(password, nt_hash); + /* m0j0 */ /* We don't use the NT# directly. Instead we use it mashed up with the username and domain.