[WiP] Overhaul ntlm.py for Spec-Aligned Hash Extraction#23
Draft
StrongWind1 wants to merge 8 commits intoMatrixEditor:masterfrom
Draft
[WiP] Overhaul ntlm.py for Spec-Aligned Hash Extraction#23StrongWind1 wants to merge 8 commits intoMatrixEditor:masterfrom
StrongWind1 wants to merge 8 commits intoMatrixEditor:masterfrom
Conversation
StrongWind1
changed the title
Author
|
This is a WiP. I confirmed this code works for Vista, Windows 10, and Server 2022 with all LmCompatibilityLevel set from 0 to 5. I will be doing more testing on all Windows OS before asking to merge. I am trying to test with XP but it is failing due to smb.py not supporting it. See #24 |
MatrixEditor
added
Type - Enhancement
Protocol: NTLM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #22
What Changed
NTLM_AUTH_to_hashcat_formats()— replacesNTLM_AUTH_to_hashcat_format(). Returnslist[tuple[str, str]]with all crackable hashes from a single Type 3 message. Addresses issues 1–4 from the tracking issue.NTLM_AUTH_CreateChallenge()— removedNTLMSSP_AV_TIMEfrom AV_PAIRS, addeddisable_ntlmv2parameter, added SEAL/ALWAYS_SIGN echo, added ESS/LM_KEY exclusivity enforcement. Addresses issues 5–8.Configuration — renamed
ntlm_challange→ntlm_challenge, replacedntlm_esswithntlm_disable_ess(inverted polarity), addedntlm_disable_ntlmv2. Challenge parser now supportshex:/ascii:prefixes with backward-compatible auto-detection. Addresses issue 9._compute_dummy_lm_responses()— new helper that pre-computes the two known dummy LM responses per challenge for filtering.NTLM_report_auth()— updated to iterate over all returned hashes and write each as a separate database entry.Documentation — ~500 lines added: module-level docstring with handshake diagram, NumPy-style function docstrings, inline spec references, hashcat format token layouts.
Output
No change to hashcat format strings — the same mode 5500 and 5600 lines are produced, now with additional LMv2 companion hashes captured and bad entries filtered out. All output is directly consumable by modes 5500, 5600, 27000, and 27100.