From f8899e65f16c50b871863528d419cfb701a5a3e3 Mon Sep 17 00:00:00 2001 From: adrian manrique <60896207+anadrianmanrique@users.noreply.github.com> Date: Wed, 27 Mar 2024 18:15:47 -0300 Subject: [PATCH] fixed computing lmhash for non standard characters (#1723) * fixed computing lmhash for non standard characters * use blank lm hash instead of a random value --- impacket/ntlm.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/impacket/ntlm.py b/impacket/ntlm.py index f07cf93ce3..5951ae037b 100644 --- a/impacket/ntlm.py +++ b/impacket/ntlm.py @@ -35,6 +35,7 @@ USE_NTLMv2 = True # if false will fall back to NTLMv1 (or NTLMv1 with ESS a.k.a NTLM2) TEST_CASE = False # Only set to True when running Test Cases +DEFAULT_LM_HASH = binascii.unhexlify('AAD3B435B51404EEAAD3B435B51404EE') def computeResponse(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash='', nthash='', use_ntlmv2=USE_NTLMv2): @@ -741,7 +742,15 @@ def computeResponseNTLMv1(flags, serverChallenge, clientChallenge, serverName, d def compute_lmhash(password): # This is done according to Samba's encryption specification (docs/html/ENCRYPTION.html) - password = password.upper() + try: + password.encode("latin-1") + except UnicodeEncodeError: + # LM hash can be computed only from latin-1 encoded passwords + # If password contains unicode characters, outside latin-1, we return the default LM_HASH + return DEFAULT_LM_HASH + + password = ''.join( c.upper() if c in string.ascii_letters else c for c in password ) + lmhash = __DES_block(b(password[:7]), KNOWN_DES_INPUT) lmhash += __DES_block(b(password[7:14]), KNOWN_DES_INPUT) return lmhash