Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
module Msf
4

5
###
6
#
7
# This mixins will only provide the options name and description when a protocol want to use ntlm features from lib/rex/proto/ntlm .
8
# Unfortunately other mixin's still have to make direct call from lib/rex/proto/ntlm
9
# cause some protocol like SMB are implemented in lib/rex/proto/ while others like mssql are implemented in lib/msf/core/exploit
10
#
11
###
12

13
module Exploit::NTLM
14

15
  module Client
16
    def initialize(info = {})
17
      super
18
      register_advanced_options(
19
      [
20
      #
21
      # UseNTLMv2 forces NTLMv2 instead of NTLM2_session behavior when the 'Negotiate NTLM2' flag is set
22
      #
23
      OptBool.new('NTLM::UseNTLMv2', [ true, "Use NTLMv2 instead of NTLM2_session when \'Negotiate NTLM2\' key is true", true]),
24
      #
25
      # UseNTLM2_session forces the use of NTLMV2 session keys instead of NTLMv1, emulating the default of Windows 2000+
26
      #
27
      OptBool.new('NTLM::UseNTLM2_session', [ true, 'Activate the \'Negotiate NTLM2 key\' flag, forcing the use of a NTLMv2_session', true]),
28
      #
29
      # SendLM has no effect when NTLM_UseNTLM2_session = true, NTLM_UseNTLMv2 = false or NTLM_SendNTLM = false
30
      #
31
      OptBool.new('NTLM::SendLM', [ true, "Always send the LANMAN response (except when NTLMv2_session is specified)", true]),
32
      #
33
      # UseLMKey is valid when NTLM_SendLM = true, NTLM_SendNTLM = true, or NTLM_UseNTLM2_session = false
34
      #
35
      OptBool.new('NTLM::UseLMKey', [ true, "Activate the \'Negotiate Lan Manager Key\' flag, using the LM key when the LM response is sent", false]),
36
      #
37
      # SendNTLM allows the NTLM response to be excluded, emulating Win9x behavior (don't change unless you are testing)
38
      #
39
      OptBool.new('NTLM::SendNTLM', [ true, 'Activate the \'Negotiate NTLM key\' flag, indicating the use of NTLM responses', true]),
40
      #
41
      # SendSPN will send an avp of type 9/SPN in the ntlmv2 client blob, this is mandatory on windows seven / 2008 r2 if
42
      # Microsoft network server : Server SPN target name validation level is set to <Required from client> or we get an STATUS_ACCESS_DENIED
43
      #
44
      OptBool.new('NTLM::SendSPN', [ true, 'Send an avp of type SPN in the ntlmv2 client blob, this allows authentication on Windows 7+/Server 2008 R2+ when SPN is required', true]),
45
      ], Msf::Exploit::NTLM::Client)
46
    end
47
  end
48

49
=begin
50
  module Server
51
    def initialize(info = {})
52
      super
53
      register_options(
54
      [
55

56
      ], Msf::Exploit::NTLM::Server)
57
    end
58
  end
59
=end
60

61
end
62

63
end
64

65

66