scapy.layers.ntlm

NTLM

This is documented in [MS-NLMP]

Note

You will find more complete documentation for this layer over at GSSAPI

class scapy.layers.ntlm.AV_PAIR(_pkt, /, *, AvId=0, AvLen=None, Value=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.AV_PAIR'>, <class 'scapy.packet.Packet'>]

default_payload_class(payload)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEShortEnumField (AV_PAIR).AvId>, <FieldLenField (AV_PAIR).AvLen>, <scapy.fields.MultipleTypeField object>]

scapy.layers.ntlm.HMAC_MD5(key, data)[source]

scapy.layers.ntlm.HTTP_ntlm_negotiate(ntlm_negotiate)[source]: Create an HTTP NTLM negotiate packet from an NTLM_NEGOTIATE message

class scapy.layers.ntlm.LM_RESPONSE(_pkt, /, *, Response=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.LM_RESPONSE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (LM_RESPONSE).Response>]

class scapy.layers.ntlm.LMv2_RESPONSE(_pkt, /, *, Response=b'', ChallengeFromClient=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.LMv2_RESPONSE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (LMv2_RESPONSE).Response>, <StrFixedLenField (LMv2_RESPONSE).ChallengeFromClient>]

scapy.layers.ntlm.MAC(Handle, SigningKey, SeqNum, Message)[source]

scapy.layers.ntlm.MD4le(x)[source]: MD4 over a string encoded as utf-16le

class scapy.layers.ntlm.NEGOEX_EXCHANGE_NTLM(_pkt, /, *, items=[])[source]

Bases: ASN1_Packet

GSSAPI NegoEX Exchange metadata blob This was reversed and may be meaningless

ASN1_codec = <ASN1Codec BER[1]>

ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<ASN1F_SEQUENCE_OF items>,)>,)>

aliastypes = [<class 'scapy.layers.ntlm.NEGOEX_EXCHANGE_NTLM'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ASN1F_SEQUENCE_OF items>]

class scapy.layers.ntlm.NEGOEX_EXCHANGE_NTLM_ITEM(_pkt, /, *, oid=<ASN1_OID['.']>, token=<ASN1_PRINTABLE_STRING['']>)[source]

Bases: ASN1_Packet

ASN1_codec = <ASN1Codec BER[1]>

ASN1_root = <ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<ASN1F_SEQUENCE(<scapy.asn1fields.ASN1F_OID object>, <scapy.asn1fields.ASN1F_PRINTABLE_STRING object>)>,)>,)>

aliastypes = [<class 'scapy.layers.ntlm.NEGOEX_EXCHANGE_NTLM_ITEM'>, <class 'scapy.asn1packet.ASN1_Packet'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.asn1fields.ASN1F_OID object>, <scapy.asn1fields.ASN1F_PRINTABLE_STRING object>]

class scapy.layers.ntlm.NTLMSSP(UPN=None, HASHNT=None, PASSWORD=None, USE_MIC=True, VARIANT: NTLM_VARIANT = NTLM_VARIANT.RECENT, NTLM_VALUES={}, DOMAIN_FQDN=None, DOMAIN_NB_NAME=None, COMPUTER_NB_NAME=None, COMPUTER_FQDN=None, IDENTITIES=None, DO_NOT_CHECK_LOGIN=False, SERVER_CHALLENGE=None, **kwargs)[source]

Bases: SSP

The NTLM SSP

Common arguments:

param USE_MIC:

whether to use a MIC or not (default: True)

param NTLM_VALUES:

a dictionary used to override the following values

In case of a client:
- NegotiateFlags
- ProductMajorVersion
- ProductMinorVersion
- ProductBuild
In case of a server:
- NetbiosDomainName
- NetbiosComputerName
- DnsComputerName
- DnsDomainName (defaults to DOMAIN)
- DnsTreeName (defaults to DOMAIN)
- Flags
- Timestamp

Client-only arguments:

param UPN:

the UPN to use for NTLM auth. If no domain is specified, will use the one provided by the server (domain in a domain, local if without domain)

param HASHNT:

the password to use for NTLM auth

param PASSWORD:

the password to use for NTLM auth

param LOCAL:

use local authentication (must be running locally on Windows)

Server-only arguments:

param DOMAIN_FQDN:

the domain FQDN (default: domain.local)

param DOMAIN_NB_NAME:

the domain Netbios name (default: strip DOMAIN_FQDN)

param COMPUTER_NB_NAME:

the server Netbios name (default: SRV)

param COMPUTER_FQDN:

the server FQDN (default: <computer_nb_name>.<domain_fqdn>)

param IDENTITIES:

a dict {“username”: <HashNT>} Setting this value enables signature computation and authenticates inbound users.

class CONTEXT(**kwargs: Any)[source]

Bases: CONTEXT

ExportedSessionKey

IsAcceptor

RecvSealHandle

RecvSealKey

RecvSeqNum

RecvSignKey

SendSealHandle

SendSealKey

SendSeqNum

SendSignKey

ServerDomain

ServerHostname

SessionKey

chall_tok

clifailure()[source]

neg_tok

GSS_Accept_sec_context(Context: CONTEXT, input_token=None, req_flags: GSS_S_FLAGS | None = <GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS: 268435456>, chan_bindings: GssChannelBindings = b'\x00')[source]

GSS_GetMICEx(Context, msgs, qop_req=0)[source]: [MS-NLMP] sect 3.4.8

GSS_Init_sec_context(Context: CONTEXT, input_token=None, target_name: str | None = None, req_flags: GSS_C_FLAGS | None = None, chan_bindings: GssChannelBindings = b'\x00')[source]

GSS_Inquire_names_for_mech()[source]

GSS_Passive(Context: CONTEXT, token=None, req_flags=None)[source]

GSS_Passive_set_Direction(Context: CONTEXT, IsAcceptor=False)[source]

GSS_UnwrapEx(Context, msgs, signature)[source]: [MS-NLMP] sect 3.4.7

GSS_VerifyMICEx(Context, msgs, signature)[source]: [MS-NLMP] sect 3.4.9

GSS_WrapEx(Context, msgs, qop_req=0)[source]: [MS-NLMP] sect 3.4.6

GetMechListMIC(Context, input)[source]

LegsAmount(Context: CONTEXT)[source]

MaximumSignatureLength(Context: CONTEXT)[source]

Returns the Maximum Signature length.

This will be used in auth_len in DceRpc5, and is necessary for PFC_SUPPORT_HEADER_SIGN to work properly.

NTLM_MaxLifetime = 129600

class STATE(*values)[source]

Bases: STATE

CLI_SENT_AUTH = 3

CLI_SENT_NEGO = 2

INIT = 1

SRV_SENT_CHAL = 4

SupportsMechListMIC()[source]

VerifyMechListMIC(Context, otherMIC, input)[source]

auth_type = 10

class scapy.layers.ntlm.NTLMSSP_DOMAIN(UPN=None, *args, timeout=3, ssp=None, **kwargs)[source]

Bases: NTLMSSP

A variant of the NTLMSSP to be used in server mode that gets the session keys from the domain using a Netlogon channel.

This has the same arguments as NTLMSSP, but supports the following in server mode:

Parameters:

UPN – the UPN of the machine account to login for Netlogon.
HASHNT – the HASHNT of the machine account (use Netlogon secure channel).
ssp – a KerberosSSP to use (use Kerberos secure channel).
PASSWORD – the PASSWORD of the machine account to use for Netlogon.
DC_FQDN – (optional) specify the FQDN of the DC.

Netlogon example:

>>> mySSP = NTLMSSP_DOMAIN(
...     UPN="Server1@domain.local",
...     HASHNT=bytes.fromhex("8846f7eaee8fb117ad06bdd830b7586c"),
... )

Kerberos example:

>>> mySSP = NTLMSSP_DOMAIN(
...     UPN="Server1@domain.local",
...     KEY=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96,
...         key=bytes.fromhex(
...             "85abb9b61dc2fa49d4cc04317bbd108f8f79df28"
...             "239155ed7b144c5d2ebcf016"
...         )
...     ),
... )

class scapy.layers.ntlm.NTLMSSP_MESSAGE_SIGNATURE(_pkt, /, *, Version=1, Checksum=b'', SeqNum=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.NTLMSSP_MESSAGE_SIGNATURE'>, <class 'scapy.packet.Packet'>]

default_payload_class(payload)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEIntField (NTLMSSP_MESSAGE_SIGNATURE).Version>, <XStrFixedLenField (NTLMSSP_MESSAGE_SIGNATURE).Checksum>, <LEIntField (NTLMSSP_MESSAGE_SIGNATURE).SeqNum>]

class scapy.layers.ntlm.NTLM_AUTHENTICATE(_pkt, /, *, Signature=b'NTLMSSP\x00', MessageType=3, LmChallengeResponseLen=None, LmChallengeResponseMaxLen=None, LmChallengeResponseBufferOffset=None, NtChallengeResponseLen=None, NtChallengeResponseMaxLen=None, NtChallengeResponseBufferOffset=None, DomainNameLen=None, DomainNameMaxLen=None, DomainNameBufferOffset=None, UserNameLen=None, UserNameMaxLen=None, UserNameBufferOffset=None, WorkstationLen=None, WorkstationMaxLen=None, WorkstationBufferOffset=None, EncryptedRandomSessionKeyLen=None, EncryptedRandomSessionKeyMaxLen=None, EncryptedRandomSessionKeyBufferOffset=None, NegotiateFlags=<Flag 0 ()>, ProductMajorVersion=0, ProductMinorVersion=0, ProductBuild=0, res_ver=0, NTLMRevisionCurrent=15, MIC=b'', Payload=[])[source]

Bases: _NTLM_VARIANT_Packet, NTLM_Header

NTLM_VERSION = 1

OFFSET()[source]

VARIANT

aliastypes = [<class 'scapy.layers.ntlm.NTLM_AUTHENTICATE'>, <class 'scapy.layers.ntlm._NTLM_VARIANT_Packet'>, <class 'scapy.layers.ntlm._NTLMPayloadPacket'>, <class 'scapy.packet.Packet'>]

compute_mic(ExportedSessionKey, negotiate, challenge)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).Signature>, <LEIntEnumField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).MessageType>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).LmChallengeResponseLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).LmChallengeResponseMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).LmChallengeResponseBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NtChallengeResponseLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NtChallengeResponseMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NtChallengeResponseBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).DomainNameLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).DomainNameMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).DomainNameBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).UserNameLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).UserNameMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).UserNameBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).WorkstationLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).WorkstationMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).WorkstationBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).EncryptedRandomSessionKeyLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).EncryptedRandomSessionKeyMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).EncryptedRandomSessionKeyBufferOffset>, <FlagsField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NegotiateFlags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <_NTLMPayloadField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).Payload>]

post_build(pkt: bytes, pay: bytes) → bytes[source]

class scapy.layers.ntlm.NTLM_AUTHENTICATE_V2(_pkt, /, *, Signature=b'NTLMSSP\x00', MessageType=3, LmChallengeResponseLen=None, LmChallengeResponseMaxLen=None, LmChallengeResponseBufferOffset=None, NtChallengeResponseLen=None, NtChallengeResponseMaxLen=None, NtChallengeResponseBufferOffset=None, DomainNameLen=None, DomainNameMaxLen=None, DomainNameBufferOffset=None, UserNameLen=None, UserNameMaxLen=None, UserNameBufferOffset=None, WorkstationLen=None, WorkstationMaxLen=None, WorkstationBufferOffset=None, EncryptedRandomSessionKeyLen=None, EncryptedRandomSessionKeyMaxLen=None, EncryptedRandomSessionKeyBufferOffset=None, NegotiateFlags=<Flag 0 ()>, ProductMajorVersion=0, ProductMinorVersion=0, ProductBuild=0, res_ver=0, NTLMRevisionCurrent=15, MIC=b'', Payload=[])[source]

Bases: NTLM_AUTHENTICATE

NTLM_VERSION = 2

aliastypes = [<class 'scapy.layers.ntlm.NTLM_AUTHENTICATE_V2'>, <class 'scapy.layers.ntlm.NTLM_AUTHENTICATE'>, <class 'scapy.layers.ntlm._NTLM_VARIANT_Packet'>, <class 'scapy.layers.ntlm._NTLMPayloadPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).Signature>, <LEIntEnumField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).MessageType>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).LmChallengeResponseLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).LmChallengeResponseMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).LmChallengeResponseBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NtChallengeResponseLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NtChallengeResponseMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NtChallengeResponseBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).DomainNameLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).DomainNameMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).DomainNameBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).UserNameLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).UserNameMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).UserNameBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).WorkstationLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).WorkstationMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).WorkstationBufferOffset>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).EncryptedRandomSessionKeyLen>, <LEShortField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).EncryptedRandomSessionKeyMaxLen>, <LEIntField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).EncryptedRandomSessionKeyBufferOffset>, <FlagsField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).NegotiateFlags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <_NTLMPayloadField (NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).Payload>]

class scapy.layers.ntlm.NTLM_CHALLENGE(_pkt, /, *, Signature=b'NTLMSSP\x00', MessageType=2, TargetNameLen=None, TargetNameMaxLen=None, TargetNameBufferOffset=None, NegotiateFlags=<Flag 0 ()>, ServerChallenge=None, Reserved=None, TargetInfoLen=None, TargetInfoMaxLen=None, TargetInfoBufferOffset=None, ProductMajorVersion=0, ProductMinorVersion=0, ProductBuild=0, res_ver=0, NTLMRevisionCurrent=15, Payload=[])[source]

Bases: _NTLM_VARIANT_Packet, NTLM_Header

OFFSET()[source]

VARIANT

aliastypes = [<class 'scapy.layers.ntlm.NTLM_CHALLENGE'>, <class 'scapy.layers.ntlm._NTLM_VARIANT_Packet'>, <class 'scapy.layers.ntlm._NTLMPayloadPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).Signature>, <LEIntEnumField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).MessageType>, <LEShortField (NTLM_CHALLENGE).TargetNameLen>, <LEShortField (NTLM_CHALLENGE).TargetNameMaxLen>, <LEIntField (NTLM_CHALLENGE).TargetNameBufferOffset>, <FlagsField (NTLM_CHALLENGE).NegotiateFlags>, <XStrFixedLenField (NTLM_CHALLENGE).ServerChallenge>, <XStrFixedLenField (NTLM_CHALLENGE).Reserved>, <LEShortField (NTLM_CHALLENGE).TargetInfoLen>, <LEShortField (NTLM_CHALLENGE).TargetInfoMaxLen>, <LEIntField (NTLM_CHALLENGE).TargetInfoBufferOffset>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <_NTLMPayloadField (NTLM_CHALLENGE).Payload>]

getAv(AvId)[source]

post_build(pkt: bytes, pay: bytes) → bytes[source]

class scapy.layers.ntlm.NTLM_Header(_pkt, /, *, Signature=b'NTLMSSP\x00', MessageType=3)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.NTLM_Header'>, <class 'scapy.packet.Packet'>]

classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).Signature>, <LEIntEnumField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).MessageType>]

class scapy.layers.ntlm.NTLM_NEGOTIATE(_pkt, /, *, Signature=b'NTLMSSP\x00', MessageType=1, NegotiateFlags=<Flag 0 ()>, DomainNameLen=None, DomainNameMaxLen=None, DomainNameBufferOffset=None, WorkstationNameLen=None, WorkstationNameMaxLen=None, WorkstationNameBufferOffset=None, ProductMajorVersion=0, ProductMinorVersion=0, ProductBuild=0, res_ver=0, NTLMRevisionCurrent=15, Payload=[])[source]

Bases: _NTLM_VARIANT_Packet, NTLM_Header

OFFSET()[source]

VARIANT

aliastypes = [<class 'scapy.layers.ntlm.NTLM_NEGOTIATE'>, <class 'scapy.layers.ntlm._NTLM_VARIANT_Packet'>, <class 'scapy.layers.ntlm._NTLMPayloadPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).Signature>, <LEIntEnumField (NTLM_Header,NTLM_NEGOTIATE,NTLM_CHALLENGE,NTLM_AUTHENTICATE,NTLM_AUTHENTICATE_V2).MessageType>, <FlagsField (NTLM_NEGOTIATE).NegotiateFlags>, <LEShortField (NTLM_NEGOTIATE).DomainNameLen>, <LEShortField (NTLM_NEGOTIATE).DomainNameMaxLen>, <LEIntField (NTLM_NEGOTIATE).DomainNameBufferOffset>, <LEShortField (NTLM_NEGOTIATE).WorkstationNameLen>, <LEShortField (NTLM_NEGOTIATE).WorkstationNameMaxLen>, <LEIntField (NTLM_NEGOTIATE).WorkstationNameBufferOffset>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <_NTLMPayloadField (NTLM_NEGOTIATE).Payload>]

post_build(pkt: bytes, pay: bytes) → bytes[source]

class scapy.layers.ntlm.NTLM_RESPONSE(_pkt, /, *, Response=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.NTLM_RESPONSE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (NTLM_RESPONSE).Response>]

class scapy.layers.ntlm.NTLM_VARIANT(*values)[source]

Bases: IntEnum

The message variant to use for NTLM.

NT_OR_2000 = 0

RECENT = 2

XP_OR_2003 = 1

class scapy.layers.ntlm.NTLMv2_CLIENT_CHALLENGE(_pkt, /, *, RespType=1, HiRespType=1, Reserved1=0, Reserved2=0, TimeStamp=None, ChallengeFromClient=b'12345678', Reserved3=0, AvPairs=[<AV_PAIR |>])[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.NTLMv2_CLIENT_CHALLENGE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).RespType>, <ByteField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).HiRespType>, <LEShortField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).Reserved1>, <LEIntField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).Reserved2>, <UTCTimeField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).TimeStamp>, <StrFixedLenField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).ChallengeFromClient>, <LEIntField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).Reserved3>, <PacketListField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).AvPairs>]

getAv(AvId)[source]

scapy.layers.ntlm.NTLMv2_ComputeSessionBaseKey(ResponseKeyNT, NTProofStr)[source]

class scapy.layers.ntlm.NTLMv2_RESPONSE(_pkt, /, *, NTProofStr=b'', RespType=1, HiRespType=1, Reserved1=0, Reserved2=0, TimeStamp=None, ChallengeFromClient=b'12345678', Reserved3=0, AvPairs=[<AV_PAIR |>])[source]

Bases: NTLMv2_CLIENT_CHALLENGE

aliastypes = [<class 'scapy.layers.ntlm.NTLMv2_RESPONSE'>, <class 'scapy.layers.ntlm.NTLMv2_CLIENT_CHALLENGE'>, <class 'scapy.packet.Packet'>]

computeNTProofStr(ResponseKeyNT, ServerChallenge)[source]

Set temp to ConcatenationOf(Responserversion, HiResponserversion,: Z(6), Time, ClientChallenge, Z(4), ServerName, Z(4))
Set NTProofStr to HMAC_MD5(ResponseKeyNT,: ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge,temp))

Remember ServerName = AvPairs

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<XStrFixedLenField (NTLMv2_RESPONSE).NTProofStr>, <ByteField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).RespType>, <ByteField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).HiRespType>, <LEShortField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).Reserved1>, <LEIntField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).Reserved2>, <UTCTimeField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).TimeStamp>, <StrFixedLenField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).ChallengeFromClient>, <LEIntField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).Reserved3>, <PacketListField (NTLMv2_CLIENT_CHALLENGE,NTLMv2_RESPONSE).AvPairs>]

scapy.layers.ntlm.NTOWFv2(Passwd, User, UserDom, HashNt=None)[source]

Computes the ResponseKeyNT (per [MS-NLMP] sect 3.3.2)

Parameters:

Passwd – the plain password
User – the username
UserDom – the domain name
HashNt – (out of spec) if you have the HashNt, use this and set Passwd to None

scapy.layers.ntlm.RC4(handle, data)[source]: The RC4 Encryption Algorithm

scapy.layers.ntlm.RC4Init(key)[source]: Alleged RC4

scapy.layers.ntlm.RC4K(key, data)[source]: Indicates the encryption of data item D with the key K using the RC4 algorithm.

scapy.layers.ntlm.SEAL(Handle, SigningKey, SeqNum, Message)[source]: SEAL() according to [MS-NLMP]

scapy.layers.ntlm.SEALKEY(NegFlg, ExportedSessionKey, Mode)[source]

scapy.layers.ntlm.SIGN(Handle, SigningKey, SeqNum, Message)[source]

scapy.layers.ntlm.SIGNKEY(NegFlg, ExportedSessionKey, Mode)[source]

class scapy.layers.ntlm.Single_Host_Data(_pkt, /, *, Size=None, Z4=0, Flags=<Flag 0 ()>, TokenIL=8192, MachineID=b'', PermanentMachineID=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.ntlm.Single_Host_Data'>, <class 'scapy.packet.Packet'>]

default_payload_class(payload)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEIntField (Single_Host_Data).Size>, <LEIntField (Single_Host_Data).Z4>, <FlagsField (Single_Host_Data).Flags>, <LEIntEnumField (Single_Host_Data).TokenIL>, <XStrFixedLenField (Single_Host_Data).MachineID>, <scapy.fields.ConditionalField object>]

post_build(pkt, pay)[source]

scapy.layers.ntlm.UNSEAL(Handle, SigningKey, SeqNum, Message)[source]: UNSEAL() according to [MS-NLMP]