ÿØÿà JFIF    ÿÛ „ !.%+&8&+/1555$;@;4?.451 4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á" ÿÄ     ÿÄ ?    !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ   ÿÄ !    !1QAa‘2ÿÚ   ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô… Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^ mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀÊ•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî ^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~• îëÔ©ª‹ {ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm ºèËL9 ýèÆð/¨’¥öo=nË.%Îì ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È ¦ øÄër¨q°ð †nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y• ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ kÇR ]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ {L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/ "uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ °.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû |ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£ Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß .W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø Y­ˆÜ ŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„ ·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ !±ù²Ápü²ß6 0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾ ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„e S‡&õÏ B!ŽhüÞ`yj}mªf×\¿ Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm° c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼ ò|Sl”‹7 nPW Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ßð³ñ#Ï Ô$¶œ‰ÊE‹À;÷º ¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0 $íWV3Üì¬ —@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛ æF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U ÖéQå™—-r wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’ ;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´ Ç•€’I0 ÉJX` ñ¹õ%;µŸD‘«´€àwÒ™U ûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞ øƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC p¢Û úy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ nFê{Ç€ü?º'ë ø‹ì Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ ¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC` ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo™`  ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç— ‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò }y-W}™üýVù—ú¢=Ù”c®‘< M ž ´Phr ¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò v ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb) kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE- j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–øµFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[ ‡ uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù --,ísòDØ€èk ÞÀîÜ ò@â( ËNˆë›4ô½•/¦o‡€Û7 ê•ÆêòðÜy'Án½µ á˜ݦ ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞ ß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{€\ ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ û” Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê †«À¼¸e9­Æê_C]žƒ·ý·frÁN«, E=›Çq -‰öŒ:aÏ¿±í&£Í:-} 84‘ÿ eƒQÑeëSsuiA ³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ] F Ô—r.åä˜ @ö¥ªZoÐýYL·¥S²G/‡ñ <~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$ ‰"° æµ8cXGjœˏ¡Aâý•ËÜ¢ûï e·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ> S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º ¢Æ'¥Ðx'e¬ç ]bÈÆV¢ó‹kýBO ðÊâ$Ÿ!×T 3Mýמ žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y; M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@ &îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5 ;e­h<@ Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢| óLšò¥Ä` ¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuY w³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À n ݇¼Ö8Fö óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ°<×EA!Å‚D™IúOÍ¡>ôG}Â` ÍßkÜL™Ž Þð™ {IøF²¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€ 77ˆÝ¼ÊëÜw =cÕ Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜ ™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸ Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º ×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì ì&(ˆ¿­•ƒkï’:ðY¦W‘ Å)“†‘˜³Åtcø˜ñTÂwÚÇ4|üLÇªí–v- qˆèU qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž |ãw;ÀÁIJ»b` {¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG m¤ ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK `hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP |PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @G‰¬ s¸ ëÉücr ÞæѨÊ@>¤¢Ö±. Þ'¯°ÌME[YéïĵÂCå½ Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢ Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ] R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß ¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8 CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ àfPìð .wFšir´þ’2_Y *Æ€x\« ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1 2Ž‰$€$I$#‰SÞ’Hë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙ--- -- Simple Authentication and Security Layer (SASL). -- -- The library contains some low level functions and a high level class. -- -- The DigestMD5 class contains all code necessary to calculate -- a DIGEST-MD5 response based on the servers challenge and the other -- necessary arguments. -- It can be called through the SASL helper or directly like this: -- -- local dmd5 = DigestMD5:new(chall, user, pass, "AUTHENTICATE", nil, "imap") -- local digest = dmd5:calcDigest() -- -- -- The NTLM class contains all code necessary to calculate a -- NTLM response based on the servers challenge and the other necessary -- arguments. It can be called through the SASL helper or -- directly like this: -- -- local ntlm = NTLM:new(chall, user, pass) -- local response = ntlm:calcResponse() -- -- -- The Helper class contains the high level methods: -- * new: This is the SASL object constructor. -- * set_mechanism: Sets the authentication mechanism to use. -- * set_callback: Sets the encoding function to use. -- * encode: Encodes the parameters according to the -- authentication mechanism. -- * reset_callback: Resets the authentication function. -- * reset: Resets the SASL object. -- -- The script writers should use the Helper class to create SASL objects, -- and they can also use the low level functions to customize their -- encoding functions. -- -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html -- Version 0.2 -- Created 07/17/2011 - v0.1 - Created by Djalal Harouni -- Revised 07/18/2011 - v0.2 - Added NTLM, DIGEST-MD5 classes local smbauth = require "smbauth" local stdnse = require "stdnse" local string = require "string" local unicode = require "unicode" _ENV = stdnse.module("sasl", stdnse.seeall) local HAVE_SSL, openssl = pcall(require, 'openssl') if ( not(HAVE_SSL) ) then stdnse.debug1( "sasl.lua: OpenSSL not present, SASL support limited.") end local MECHANISMS = { } if HAVE_SSL then -- Calculates a DIGEST MD5 response DigestMD5 = { --- Instantiates DigestMD5 -- -- @param chall string containing the base64 decoded challenge -- @return a new instance of DigestMD5 new = function(self, chall, username, password, method, uri, service, realm) local o = { nc = 0, chall = chall, challnvs = {}, username = username, password = password, method = method, uri = uri, service = service, realm = realm } setmetatable(o, self) self.__index = self o:parseChallenge() return o end, -- parses a challenge received from the server -- takes care of both quoted and unquoted identifiers -- regardless of what RFC says parseChallenge = function(self) local results = {} if self.chall then local start, stop = self.chall:find("^[Dd][Ii][Gg][Ee][Ss][Tt]%s+") stop = stop or 0 while(true) do local name, value start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1) if ( not(start) ) then break end if ( self.chall:sub(stop + 1, stop + 1) == "\"" ) then start, stop, value = self.chall:find("(.-)\"", stop + 2) else start, stop, value = self.chall:find("([^,]*)", stop + 1) end name = name:lower() --if name == "digest realm" then name="realm" end self.challnvs[name] = value start, stop = self.chall:find("%s*,%s*", stop + 1) if ( not(start) ) then break end end end end, --- Calculates the digest calcDigest = function( self ) local uri = self.uri or ("%s/%s"):format(self.service, "localhost") local realm = self.realm or self.challnvs.realm or "" local cnonce = stdnse.tohex(openssl.rand_bytes( 8 )) local qop = "auth" local qop_not_specified if self.challnvs.qop then qop_not_specified = false else qop_not_specified = true end self.nc = self.nc + 1 local A1_part1 = openssl.md5(self.username .. ":" .. (self.challnvs.realm or "") .. ":" .. self.password) local A1 = stdnse.tohex(openssl.md5(A1_part1 .. ":" .. self.challnvs.nonce .. ':' .. cnonce)) local A2 = stdnse.tohex(openssl.md5(("%s:%s"):format(self.method, uri))) local digest = stdnse.tohex(openssl.md5(A1 .. ":" .. self.challnvs.nonce .. ":" .. ("%08d"):format(self.nc) .. ":" .. cnonce .. ":" .. qop .. ":" .. A2)) local b1 if not self.challnvs.algorithm or self.challnvs.algorithm:upper() == "MD5" then b1 = stdnse.tohex(openssl.md5(self.username..":"..(self.challnvs.realm or "")..":"..self.password)) else b1 = A1 end -- should we make it work when qop == "auth-int" (we would need entity-body here, which -- might be complicated)? local digest_http if not qop_not_specified then digest_http = stdnse.tohex(openssl.md5(b1 .. ":" .. self.challnvs.nonce .. ":" .. ("%08d"):format(self.nc) .. ":" .. cnonce .. ":" .. qop .. ":" .. A2)) else digest_http = stdnse.tohex(openssl.md5(b1 .. ":" .. self.challnvs.nonce .. ":" .. A2)) end local response = "username=\"" .. self.username .. "\"" .. (",%s=\"%s\""):format("realm", realm) .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce) .. (",%s=\"%s\""):format("cnonce", cnonce) .. (",%s=%08d"):format("nc", self.nc) .. (",%s=%s"):format("qop", "auth") .. (",%s=\"%s\""):format("digest-uri", uri) .. (",%s=%s"):format("response", digest) .. (",%s=%s"):format("charset", "utf-8") -- response_table is used in http library because the request should -- be a little bit different then the string generated above local response_table = { username = self.username, realm = realm, nonce = self.challnvs.nonce, cnonce = cnonce, nc = ("%08d"):format(self.nc), qop = qop, ["digest-uri"] = uri, algorithm = self.challnvs.algorithm, response = digest_http } return response, response_table end, } -- The NTLM class handling NTLM challenge response authentication NTLM = { --- Creates a new instance of the NTLM class -- -- @param chall string containing the challenge received from the server -- @param username string containing the username -- @param password string containing the password -- @return new instance of NTML new = function(self, chall, username, password) local o = { nc = 0, chall = chall, username = username, password = password} setmetatable(o, self) self.__index = self o:parseChallenge() return o end, --- Parses the NTLM challenge as received from the server parseChallenge = function(self) local NTLM_NegotiateUnicode = 0x00000001 local NTLM_NegotiateExtendedSecurity = 0x00080000 local pos, _, message_type _, message_type, _, _, _, self.flags, self.chall, _, _, _, _, pos = string.unpack("CRAM-MD5 mechanism. -- -- @param username string. -- @param password string. -- @param challenge The challenge as it is returned by the server. -- @return string The encoded string on success, or nil if Nmap was -- compiled without OpenSSL. function cram_md5_enc(username, password, challenge) local encode = stdnse.tohex(openssl.hmac('md5', password, challenge)) return username.." "..encode end --- Encodes the parameters using the DIGEST-MD5 mechanism. -- -- @param username string. -- @param password string. -- @param challenge The challenge as it is returned by the server. -- @param service string containing the service that is requesting the -- encryption (eg. POP, IMAP, STMP) -- @param uri string containing the URI -- @return string The encoded string on success, or nil if Nmap was -- compiled without OpenSSL. function digest_md5_enc(username, password, challenge, service, uri) return DigestMD5:new(challenge, username, password, "AUTHENTICATE", uri, service):calcDigest() end function ntlm_enc(username, password, challenge) return NTLM:new(challenge, username, password):calcResponse() end else function cram_md5_enc() error("cram_md5_enc not supported without OpenSSL") end function digest_md5_enc() error("digest_md5_enc not supported without OpenSSL") end function ntlm_enc() error("ntlm_enc not supported without OpenSSL") end end MECHANISMS["CRAM-MD5"] = cram_md5_enc MECHANISMS["DIGEST-MD5"] = digest_md5_enc MECHANISMS["NTLM"] = ntlm_enc --- Encodes the parameters using the PLAIN mechanism. -- -- @param username string. -- @param password string. -- @return string The encoded string. function plain_enc(username, password) return username.."\0"..username.."\0"..password end MECHANISMS["PLAIN"] = plain_enc --- Checks if the given mechanism is supported by this library. -- -- @param mechanism string to check. -- @return mechanism if it is supported, otherwise nil. -- @return callback The mechanism encoding function on success. function check_mechanism(mechanism) local lmech, lcallback if mechanism then mechanism = string.upper(mechanism) if MECHANISMS[mechanism] then lmech = mechanism lcallback = MECHANISMS[mechanism] else stdnse.debug3( "sasl library does not support '%s' mechanism", mechanism) end end return lmech, lcallback end --- This is the SASL Helper class, script writers should use it to create -- SASL objects. -- -- Usage of the Helper class: -- -- local sasl_enc = sasl.Helper.new("CRAM-MD5") -- local result = sasl_enc:encode(username, password, challenge) -- -- sasl_enc:set_mechanism("LOGIN") -- local user, pass = sasl_enc:encode(username, password) Helper = { --- SASL object constructor. -- -- @param mechanism The authentication mechanism to use -- (optional parameter). -- @param callback The encoding function associated with the -- mechanism (optional parameter). -- @usage -- local sasl_enc = sasl.Helper:new() -- local sasl_enc = sasl.Helper:new("CRAM-MD5") -- local sasl_enc = sasl.Helper:new("CRAM-MD5", my_cram_md5_func) -- @return sasl object. new = function(self, mechanism, callback) local o = {} setmetatable(o, self) self.__index = self if self:set_mechanism(mechanism) then self:set_callback(callback) end return o end, --- Sets the SASL mechanism to use. -- -- @param string The authentication mechanism. -- @usage -- local sasl_enc = sasl.Helper:new() -- sasl_enc:set_mechanism("CRAM-MD5") -- sasl_enc:set_mechanism("PLAIN") -- @return mechanism on success, or nil if the mechanism is not -- supported. set_mechanism = function(self, mechanism) self.mechanism, self.callback = check_mechanism(mechanism) return self.mechanism end, --- Associates A custom encoding function with the authentication -- mechanism. -- -- Note that the SASL object by default will have its own -- callback functions. -- -- @param callback The function associated with the authentication -- mechanism. -- @usage -- -- My personal CRAM-MD5 encode function -- function cram_md5_encode_func(username, password, challenge) -- ... -- end -- local sasl_enc = sasl.Helper:new("CRAM-MD5") -- sasl_enc:set_callback(cram_md5_handle_func) -- local result = sasl_enc:encode(username, password, challenge) set_callback = function(self, callback) if callback then self.callback = callback end end, --- Resets the encoding function to the default SASL -- callback function. reset_callback = function(self) self.callback = MECHANISMS[self.mechanism] end, --- Resets all the data of the SASL object. -- -- This method will clear the specified SASL mechanism. reset = function(self) self:set_mechanism() end, --- Returns the current authentication mechanism. -- -- @return mechanism on success, or nil on failures. get_mechanism = function(self) return self.mechanism end, --- Encodes the parameters according to the specified mechanism. -- -- @param ... The parameters to encode. -- @usage -- local sasl_enc = sasl.Helper:new("CRAM-MD5") -- local result = sasl_enc:encode(username, password, challenge) -- local sasl_enc = sasl.Helper:new("PLAIN") -- local result = sasl_enc:encode(username, password) -- @return string The encoded string on success, or nil on failures. encode = function(self, ...) return self.callback(...) end, } local unittest = require "unittest" if not unittest.testing() then return _ENV end test_suite = unittest.TestSuite:new() -- Crypto tests require OpenSSL if HAVE_SSL then local _ = "ignored" local object = DigestMD5:new('Digest realm="test", domain="/HTTP/Digest",\z nonce="c8563a5b367e66b3693fbb07a53a30ba"', _, _, _, _) test_suite:add_test(unittest.keys_equal( object.challnvs, { nonce='c8563a5b367e66b3693fbb07a53a30ba', realm='test', domain='/HTTP/Digest', } )) object = DigestMD5:new('Digest nonce="9e4ab724d272474ab13b64d75300a47b", \z opaque="de40b82666bd5fe631a64f3b2d5a019e", \z realm="me@kennethreitz.com", qop=auth', _, _, _, _) test_suite:add_test(unittest.keys_equal( object.challnvs, { nonce='9e4ab724d272474ab13b64d75300a47b', opaque='de40b82666bd5fe631a64f3b2d5a019e', realm='me@kennethreitz.com', qop='auth', } )) object = DigestMD5:new('realm=test, domain="/HTTP/Digest",\tnonce=c8563a5b367e66b3693fbb07a53a30ba', _, _, _, _) test_suite:add_test(unittest.keys_equal( object.challnvs, { nonce='c8563a5b367e66b3693fbb07a53a30ba', realm='test', domain='/HTTP/Digest', } )) end return _ENV;