OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 __init__.py	14.23 KB	11/15/2017 07:42:13 AM	rw-r--r--
📄 __init__.pyc	17.38 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth.py	2.36 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 auth.pyc	2.47 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log.py	56.47 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log.pyc	40.28 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_base.py	4.18 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_base.pyc	4.1 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_ncalrpc.py	4.07 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_ncalrpc.pyc	3.79 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_netlogon.py	5.05 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_netlogon.pyc	4.56 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_netlogon_bad_creds.py	7.06 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_netlogon_bad_creds.pyc	6.55 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_pass_change.py	12.91 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 auth_log_pass_change.pyc	10.67 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_samlogon.py	6.66 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_samlogon.pyc	6.19 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 blackbox	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 common.py	3.04 KB	02/07/2018 08:37:51 AM	rw-r--r--
📄 common.pyc	2.86 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 core.py	2.7 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 core.pyc	3.77 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 credentials.py	19.83 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 credentials.pyc	19.06 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 dcerpc	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 dns.py	51.4 KB	01/25/2022 03:20:03 PM	rw-r--r--
📄 dns.pyc	36.48 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_base.py	13.99 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 dns_base.pyc	13.28 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_forwarder.py	21.23 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 dns_forwarder.pyc	20.21 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 dns_forwarder_helpers	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 dns_packet.py	6.6 KB	01/25/2022 03:20:03 PM	rw-r--r--
📄 dns_packet.pyc	6.97 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_tkey.py	7.24 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 dns_tkey.pyc	6.13 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_wildcard.py	10.9 KB	11/02/2017 11:38:36 AM	rw-r--r--
📄 dns_wildcard.pyc	8.4 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 docs.py	13.95 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 docs.pyc	11.37 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dsdb.py	18.84 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 dsdb.pyc	14.93 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dsdb_schema_attributes.py	7.93 KB	11/02/2017 11:38:36 AM	rw-r--r--
📄 dsdb_schema_attributes.pyc	6.96 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 gensec.py	7.85 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 gensec.pyc	6.61 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 get_opt.py	1.86 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 get_opt.pyc	1.75 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 glue.py	2.59 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 glue.pyc	3.43 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 hostconfig.py	2.15 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 hostconfig.pyc	3.45 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 join.py	6.5 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 join.pyc	5.45 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 kcc	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 libsmb_samba_internal.py	2.38 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 libsmb_samba_internal.pyc	2.71 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 lsa_string.py	2.52 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 lsa_string.pyc	2.21 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 messaging.py	4.97 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 messaging.pyc	5.37 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 net_join.py	2.29 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 net_join.pyc	2.22 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 net_join_no_spnego.py	3.34 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 net_join_no_spnego.pyc	3.15 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 netcmd.py	3 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 netcmd.pyc	3.95 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 netlogonsvc.py	2.43 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 netlogonsvc.pyc	2.14 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 ntacls.py	4.09 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 ntacls.pyc	4.69 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 ntlmauth.py	3 KB	08/29/2017 04:12:36 AM	rw-r--r--
📄 ntlmauth.pyc	2.73 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 pam_winbind.py	1.67 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 pam_winbind.pyc	1.43 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 param.py	3.59 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 param.pyc	4.8 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash.py	12.44 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash.pyc	7.84 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_fl2003.py	7.38 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_fl2003.pyc	5.48 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_fl2008.py	7.94 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_fl2008.pyc	5.66 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_gpgme.py	8.78 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_gpgme.pyc	6.41 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_ldap.py	4.85 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_ldap.pyc	4.63 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 policy.py	1.15 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 policy.pyc	1.03 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 posixacl.py	37.62 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 posixacl.pyc	26.85 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 provision.py	6.22 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 provision.pyc	9.79 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 py_credentials.py	13.71 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 py_credentials.pyc	10.64 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 registry.py	1.73 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 registry.pyc	2.37 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 samba3.py	8.24 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 samba3.pyc	11.54 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 samba3sam.py	48.33 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 samba3sam.pyc	31.65 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 samba_tool	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 samdb.py	3.51 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 samdb.pyc	3.11 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 security.py	5.36 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 security.pyc	7.81 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 source.py	8.06 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 source.pyc	7.48 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 strings.py	4.12 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 strings.pyc	2.96 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 subunitrun.py	2.33 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 subunitrun.pyc	1.84 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 unicodenames.py	1.07 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 unicodenames.pyc	555 bytes	02/03/2022 06:37:41 AM	rw-r--r--
📄 upgrade.py	1.36 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 upgrade.pyc	1.28 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 upgradeprovision.py	6.66 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 upgradeprovision.pyc	6.57 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 upgradeprovisionneeddc.py	7.29 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 upgradeprovisionneeddc.pyc	8.08 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 xattr.py	4.11 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 xattr.pyc	4.57 KB	02/03/2022 06:37:41 AM	rw-r--r--

Editing: password_hash.py

# Tests for Tests for source4/dsdb/samdb/ldb_modules/password_hash.c
#
# Copyright (C) Catalyst IT Ltd. 2017
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

"""
Base class for tests for source4/dsdb/samdb/ldb_modules/password_hash.c
"""

from samba.credentials import Credentials
from samba.samdb import SamDB
from samba.auth import system_session
from samba.tests import TestCase
from samba.ndr import ndr_unpack
from samba.dcerpc import drsblobs
from samba.dcerpc.samr import DOMAIN_PASSWORD_STORE_CLEARTEXT
from samba.dsdb import UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
from samba.tests import delete_force
import ldb
import samba
import binascii
import md5
import crypt

USER_NAME = "PasswordHashTestUser"
USER_PASS = samba.generate_random_password(32, 32)
UPN       = "PWHash@User.Principle"

# Get named package from the passed supplemental credentials
#
# returns the package and it's position within the supplemental credentials
def get_package(sc, name):
    if sc is None:
        return None

idx = 0
    for p in sc.sub.packages:
        idx += 1
        if name == p.name:
            return (idx, p)

return None

# Calculate the MD5 password digest from the supplied user, realm and password
#
def calc_digest(user, realm, password):

data = "%s:%s:%s" % (user, realm, password)
    return binascii.hexlify(md5.new(data).digest())

class PassWordHashTests(TestCase):

def setUp(self):
        self.lp = samba.tests.env_loadparm()
        super(PassWordHashTests, self).setUp()

# Add a user to ldb, this will exercise the password_hash code
    # and calculate the appropriate supplemental credentials
    def add_user(self, options=None, clear_text=False, ldb=None):
        # set any needed options
        if options is not None:
            for (option, value) in options:
                self.lp.set(option, value)

if ldb is None:
            self.creds = Credentials()
            self.session = system_session()
            self.creds.guess(self.lp)
            self.session = system_session()
            self.ldb = SamDB(session_info=self.session,
                             credentials=self.creds,
                             lp=self.lp)
        else:
            self.ldb = ldb

res = self.ldb.search(base=self.ldb.get_config_basedn(),
                              expression="ncName=%s" % self.ldb.get_default_basedn(),
                              attrs=["nETBIOSName"])
        self.netbios_domain = res[0]["nETBIOSName"][0]
        self.dns_domain = self.ldb.domain_dns_name()

# Gets back the basedn
        base_dn = self.ldb.domain_dn()

# Gets back the configuration basedn
        configuration_dn = self.ldb.get_config_basedn().get_linearized()

# Get the old "dSHeuristics" if it was set
        dsheuristics = self.ldb.get_dsheuristics()

# Set the "dSHeuristics" to activate the correct "userPassword"
        # behaviour
        self.ldb.set_dsheuristics("000000001")

# Reset the "dSHeuristics" as they were before
        self.addCleanup(self.ldb.set_dsheuristics, dsheuristics)

# Get the old "minPwdAge"
        minPwdAge = self.ldb.get_minPwdAge()

# Set it temporarily to "0"
        self.ldb.set_minPwdAge("0")
        self.base_dn = self.ldb.domain_dn()

# Reset the "minPwdAge" as it was before
        self.addCleanup(self.ldb.set_minPwdAge, minPwdAge)

account_control = 0
        if clear_text:
            # get the current pwdProperties
            pwdProperties = self.ldb.get_pwdProperties()
            # enable clear text properties
            props = int(pwdProperties)
            props |= DOMAIN_PASSWORD_STORE_CLEARTEXT
            self.ldb.set_pwdProperties(str(props))
            # Restore the value on exit.
            self.addCleanup(self.ldb.set_pwdProperties, pwdProperties)
            account_control |= UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED

# (Re)adds the test user USER_NAME with password USER_PASS
        # and userPrincipalName UPN
        delete_force(self.ldb, "cn=" + USER_NAME + ",cn=users," + self.base_dn)
        self.ldb.add({
             "dn": "cn=" + USER_NAME + ",cn=users," + self.base_dn,
             "objectclass": "user",
             "sAMAccountName": USER_NAME,
             "userPassword": USER_PASS,
             "userPrincipalName": UPN,
             "userAccountControl": str(account_control)
        })

# Get the supplemental credentials for the user under test
    def get_supplemental_creds(self):
        base = "cn=" + USER_NAME + ",cn=users," + self.base_dn
        res = self.ldb.search(scope=ldb.SCOPE_BASE,
                              base=base,
                              attrs=["supplementalCredentials"])
        self.assertIs(True, len(res) > 0)
        obj = res[0]
        sc_blob = obj["supplementalCredentials"][0]
        sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
        return sc

# Calculate and validate a Wdigest value
    def check_digest(self, user, realm, password,  digest):
        expected = calc_digest(user, realm, password)
        actual = binascii.hexlify(bytearray(digest))
        error = "Digest expected[%s], actual[%s], " \
                "user[%s], realm[%s], pass[%s]" % \
                (expected, actual, user, realm, password)
        self.assertEquals(expected, actual, error)

# Check all of the 29 expected WDigest values
    #
    def check_wdigests(self, digests):

self.assertEquals(29, digests.num_hashes)

# Using the n-1 pattern in the array indexes to make it easier
        # to check the tests against the spec and the samba-tool user tests.
        self.check_digest(USER_NAME,
                          self.netbios_domain,
                          USER_PASS,
                          digests.hashes[1-1].hash)
        self.check_digest(USER_NAME.lower(),
                          self.netbios_domain.lower(),
                          USER_PASS,
                          digests.hashes[2-1].hash)
        self.check_digest(USER_NAME.upper(),
                          self.netbios_domain.upper(),
                          USER_PASS,
                          digests.hashes[3-1].hash)
        self.check_digest(USER_NAME,
                          self.netbios_domain.upper(),
                          USER_PASS,
                          digests.hashes[4-1].hash)
        self.check_digest(USER_NAME,
                          self.netbios_domain.lower(),
                          USER_PASS,
                          digests.hashes[5-1].hash)
        self.check_digest(USER_NAME.upper(),
                          self.netbios_domain.lower(),
                          USER_PASS,
                          digests.hashes[6-1].hash)
        self.check_digest(USER_NAME.lower(),
                          self.netbios_domain.upper(),
                          USER_PASS,
                          digests.hashes[7-1].hash)
        self.check_digest(USER_NAME,
                          self.dns_domain,
                          USER_PASS,
                          digests.hashes[8-1].hash)
        self.check_digest(USER_NAME.lower(),
                          self.dns_domain.lower(),
                          USER_PASS,
                          digests.hashes[9-1].hash)
        self.check_digest(USER_NAME.upper(),
                          self.dns_domain.upper(),
                          USER_PASS,
                          digests.hashes[10-1].hash)
        self.check_digest(USER_NAME,
                          self.dns_domain.upper(),
                          USER_PASS,
                          digests.hashes[11-1].hash)
        self.check_digest(USER_NAME,
                          self.dns_domain.lower(),
                          USER_PASS,
                          digests.hashes[12-1].hash)
        self.check_digest(USER_NAME.upper(),
                          self.dns_domain.lower(),
                          USER_PASS,
                          digests.hashes[13-1].hash)
        self.check_digest(USER_NAME.lower(),
                          self.dns_domain.upper(),
                          USER_PASS,
                          digests.hashes[14-1].hash)
        self.check_digest(UPN,
                          "",
                          USER_PASS,
                          digests.hashes[15-1].hash)
        self.check_digest(UPN.lower(),
                          "",
                          USER_PASS,
                          digests.hashes[16-1].hash)
        self.check_digest(UPN.upper(),
                          "",
                          USER_PASS,
                          digests.hashes[17-1].hash)

name = "%s\\%s" % (self.netbios_domain, USER_NAME)
        self.check_digest(name,
                          "",
                          USER_PASS,
                          digests.hashes[18-1].hash)

name = "%s\\%s" % (self.netbios_domain.lower(), USER_NAME.lower())
        self.check_digest(name,
                          "",
                          USER_PASS,
                          digests.hashes[19-1].hash)

name = "%s\\%s" % (self.netbios_domain.upper(), USER_NAME.upper())
        self.check_digest(name,
                          "",
                          USER_PASS,
                          digests.hashes[20-1].hash)
        self.check_digest(USER_NAME,
                          "Digest",
                          USER_PASS,
                          digests.hashes[21-1].hash)
        self.check_digest(USER_NAME.lower(),
                          "Digest",
                          USER_PASS,
                          digests.hashes[22-1].hash)
        self.check_digest(USER_NAME.upper(),
                          "Digest",
                          USER_PASS,
                          digests.hashes[23-1].hash)
        self.check_digest(UPN,
                          "Digest",
                          USER_PASS,
                          digests.hashes[24-1].hash)
        self.check_digest(UPN.lower(),
                          "Digest",
                          USER_PASS,
                          digests.hashes[25-1].hash)
        self.check_digest(UPN.upper(),
                          "Digest",
                          USER_PASS,
                          digests.hashes[26-1].hash)
        name = "%s\\%s" % (self.netbios_domain, USER_NAME)
        self.check_digest(name,
                          "Digest",
                          USER_PASS,
                          digests.hashes[27-1].hash)

name = "%s\\%s" % (self.netbios_domain.lower(), USER_NAME.lower())
        self.check_digest(name,
                          "Digest",
                          USER_PASS,
                          digests.hashes[28-1].hash)

name = "%s\\%s" % (self.netbios_domain.upper(), USER_NAME.upper())
        self.check_digest(name,
                          "Digest",
                          USER_PASS,
                          digests.hashes[29-1].hash)

def checkUserPassword(self, up, expected):

# Check we've received the correct number of hashes
        self.assertEquals(len(expected), up.num_hashes)

i = 0
        for (tag, alg, rounds) in expected:
            self.assertEquals(tag, up.hashes[i].scheme)

data = up.hashes[i].value.split("$")
            # Check we got the expected crypt algorithm
            self.assertEquals(alg, data[1])

if rounds is None:
                cmd = "$%s$%s" % (alg, data[2])
            else:
                cmd = "$%s$rounds=%d$%s" % (alg, rounds, data[3])

# Calculate the expected hash value
            expected = crypt.crypt(USER_PASS, cmd)
            self.assertEquals(expected, up.hashes[i].value)
            i += 1

# Check that the correct nt_hash was stored for userPassword
    def checkNtHash(self, password, nt_hash):
        creds = Credentials()
        creds.set_anonymous()
        creds.set_password(password)
        expected = creds.get_nt_hash()
        actual = bytearray(nt_hash)
        self.assertEquals(expected, actual)