Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 165103 Details for
Bug 209079
net-fs/winexe remotely executes commands on Windows NT/2000/XP/2003 systems, with lmhash passthrough support
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Winexe SVN PASS-THE-HASH patch from http://www.foofus.net/jmk/passhash.html
winexe-svn-10171-pth.patch (text/plain), 2.75 KB, created by
Ruggero Marchei
on 2008-09-10 13:12:25 UTC
(
hide
)
Description:
Winexe SVN PASS-THE-HASH patch from http://www.foofus.net/jmk/passhash.html
Filename:
MIME Type:
Creator:
Ruggero Marchei
Created:
2008-09-10 13:12:25 UTC
Size:
2.75 KB
patch
obsolete
>--- libcli/auth/smbencrypt.c.orig 2008-09-10 13:27:36.000000000 +0200 >+++ libcli/auth/smbencrypt.c 2008-09-10 13:28:17.000000000 +0200 >@@ -30,6 +30,9 @@ > #include "libcli/auth/libcli_auth.h" > #include "pstring.h" > >+#define SMB_HASH_LM 1 >+#define SMB_HASH_NTLM 2 >+ > /* > This implements the X/Open SMB password encryption > It takes a password ('unix' string), a 8 byte "crypt key" >@@ -57,6 +60,57 @@ > return ret; > } > >+/* >+ Support for using LM/NTLM hashes -- jmk@foofus.net 10/2006 >+ Greets: Foofus, Phenfen, Omi, Fizzgig, pMonkey >+*/ >+void E_set_hash(int type, unsigned char hash[16]) >+{ >+ uint l; >+ pstring p; >+ int i, j; >+ char HexChar; >+ int HexValue; >+ >+ if ( (getenv("SMBHASH")) && (strlen(getenv("SMBHASH")) == 65) ) >+ { >+ pstrcpy(p, getenv("SMBHASH")); >+ >+ for (i=0; i<16; i++) { >+ HexValue = 0x0; >+ for (j=0; j<2; j++) { >+ if (type == SMB_HASH_LM) >+ HexChar = (char)p[2*i+j]; >+ else >+ HexChar = (char)p[2*i+j+33]; >+ >+ if (HexChar > 0x39) >+ HexChar = HexChar | 0x20; /* convert upper case to lower */ >+ >+ if (!(((HexChar >= 0x30) && (HexChar <= 0x39))|| /* 0 - 9 */ >+ ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ >+ fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); >+ exit(1); >+ } >+ >+ HexChar -= 0x30; >+ if (HexChar > 0x09) /* HexChar is "a" - "f" */ >+ HexChar -= 0x27; >+ >+ HexValue = (HexValue << 4) | (char)HexChar; >+ } >+ hash[i] = (unsigned char)HexValue; >+ } >+ } >+ else >+ { >+ fprintf(stderr, "Error reading SMB HASH.\n"); >+ fprintf(stderr, "\tEx: export SMBHASH=\"_LM_HASH_:_NTLM_HASH_\"\n"); >+ exit(1); >+ } >+} >+/* jmk */ >+ > /** > * Creates the MD4 Hash of the users password in NT UNICODE. > * @param passwd password in 'unix' charset. >@@ -68,6 +122,11 @@ > int len; > void *wpwd; > >+ /* Support for using NTLM hashes -- jmk@foofus.net 03/2007 */ >+ if ( getenv("SMBHASH") ) { >+ fprintf(stderr, "HASH PASS: Substituting user supplied NTLM HASH...\n"); >+ E_set_hash(SMB_HASH_NTLM, p16); >+ } else { > len = push_ucs2_talloc(NULL, &wpwd, passwd); > if (len < 2) { > /* We don't want to return fixed data, as most callers >@@ -81,6 +140,7 @@ > > talloc_free(wpwd); > return True; >+ } > } > > /** >@@ -97,6 +157,11 @@ > fstring dospwd; > ZERO_STRUCT(dospwd); > >+ /* Support for using LM hashes -- jmk@foofus.net 10/2006 */ >+ if ( getenv("SMBHASH") ) { >+ fprintf(stderr, "HASH PASS: Substituting user supplied LM HASH...\n"); >+ E_set_hash(SMB_HASH_LM, p16); >+ } else { > /* Password must be converted to DOS charset - null terminated, uppercase. */ > push_string(dospwd, passwd, sizeof(dospwd), STR_ASCII|STR_UPPER|STR_TERMINATE); > >@@ -108,6 +173,7 @@ > } > > ZERO_STRUCT(dospwd); >+ } > > return ret; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=165103">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 209079
:
157601
|
157611
|
165102
| 165103 |
165121
|
246446
|
273255
|
281781
|
311471
|
311473
|
375904
|
375906
|
375946
|
376252
