Skip to content

Commit

Permalink
#27: Implement NTLM hash support for PwnedPassAPI
Browse files Browse the repository at this point in the history
This PR implements support for NTLM hashes as announced by Troy Hunt:
https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768

For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib"

A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will  operate on NTLM hashes.

Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`
  • Loading branch information
wneessen committed Feb 9, 2023
1 parent 2b0b51a commit 179cd36
Show file tree
Hide file tree
Showing 8 changed files with 636 additions and 12 deletions.
32 changes: 30 additions & 2 deletions hibp.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,18 @@ var (
// expected length
ErrSHA1LengthMismatch = errors.New("SHA1 hash size needs to be 160 bits")

// ErrNTLMLengthMismatch should be used if a given NTLM hash does not match the
// expected length
ErrNTLMLengthMismatch = errors.New("NTLM hash size needs to be 128 bits")

// ErrSHA1Invalid should be used if a given string does not represent a valid SHA1 hash
ErrSHA1Invalid = errors.New("not a valid SHA1 hash")

// ErrNTLMInvalid should be used if a given string does not represent a valid NTLM hash
ErrNTLMInvalid = errors.New("not a valid NTLM hash")

// ErrUnsupportedHashMode should be used if a given hash mode is not supported
ErrUnsupportedHashMode = errors.New("hash mode not supported")
)

// Client is the HIBP client object
Expand Down Expand Up @@ -80,7 +90,10 @@ func New(options ...Option) Client {

// Set defaults
c.to = DefaultTimeout
c.PwnedPassAPIOpts = &PwnedPasswordOptions{}
c.PwnedPassAPIOpts = &PwnedPasswordOptions{
HashMode: HashModeSHA1,
WithPadding: false,
}
c.ua = DefaultUserAgent

// Set additional options
Expand All @@ -95,7 +108,10 @@ func New(options ...Option) Client {
c.hc = httpClient(c.to)

// Associate the different HIBP service APIs with the Client
c.PwnedPassAPI = &PwnedPassAPI{hibp: &c}
c.PwnedPassAPI = &PwnedPassAPI{
hibp: &c,
ParamMap: make(map[string]string),
}
c.BreachAPI = &BreachAPI{hibp: &c}
c.PasteAPI = &PasteAPI{hibp: &c}

Expand Down Expand Up @@ -140,6 +156,18 @@ func WithRateLimitSleep() Option {
}
}

// WithPwnedNTLMHash sets the hash mode for the PwnedPasswords API to NTLM hashes
//
// Note: This option only affects the generic methods like PwnedPassAPI.CheckPassword
// or PwnedPassAPI.ListHashesPassword. For any specifc method with the hash type in
// the method name, this option is ignored and the hash type of the function is
// forced
func WithPwnedNTLMHash() Option {
return func(c *Client) {
c.PwnedPassAPIOpts.HashMode = HashModeNTLM
}
}

// HTTPReq performs an HTTP request to the corresponding API
func (c *Client) HTTPReq(m, p string, q map[string]string) (*http.Request, error) {
u, err := url.Parse(p)
Expand Down
16 changes: 15 additions & 1 deletion hibp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,25 @@ func TestNewWithHttpTimeout(t *testing.T) {
func TestNewWithPwnedPadding(t *testing.T) {
hc := New(WithPwnedPadding())
if !hc.PwnedPassAPIOpts.WithPadding {
t.Errorf("hibp client pwned padding option was not set properly. Expected %v, got: %v",
t.Errorf("hibp client pwned padding option was not set properly. Expected %t, got: %t",
true, hc.PwnedPassAPIOpts.WithPadding)
}
}

// TestNewWithPwnedNTLMHash tests the New() function with the PwnedPadding option
func TestNewWithPwnedNTLMHash(t *testing.T) {
hc := New(WithPwnedNTLMHash())
if hc.PwnedPassAPIOpts.HashMode != HashModeNTLM {
t.Errorf("hibp client NTLM hash mode option was not set properly. Expected %d, got: %d",
HashModeNTLM, hc.PwnedPassAPIOpts.HashMode)
}
hc = New()
if hc.PwnedPassAPIOpts.HashMode != HashModeSHA1 {
t.Errorf("hibp client SHA-1 hash mode option was not set properly. Expected %d, got: %d",
HashModeSHA1, hc.PwnedPassAPIOpts.HashMode)
}
}

// TestNewWithApiKey tests the New() function with the API key set
func TestNewWithApiKey(t *testing.T) {
apiKey := os.Getenv("HIBP_API_KEY")
Expand Down
27 changes: 27 additions & 0 deletions md4/LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
Copyright (c) 2009 The Go Authors. All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:

* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
122 changes: 122 additions & 0 deletions md4/md4.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
//
// NOTE: MD4 is cryptographically broken and should should only be used
// where compatibility with legacy systems, not security, is the goal. Instead,
// use a secure hash like SHA-256 (from crypto/sha256).
package md4 // import "golang.org/x/crypto/md4"

import (
"crypto"
"hash"
)

func init() {
crypto.RegisterHash(crypto.MD4, New)
}

// Size is the size of an MD4 checksum in bytes.
const Size = 16

// BlockSize is the blocksize of MD4 in bytes.
const BlockSize = 64

const (
_Chunk = 64
_Init0 = 0x67452301
_Init1 = 0xEFCDAB89
_Init2 = 0x98BADCFE
_Init3 = 0x10325476
)

// digest represents the partial evaluation of a checksum.
type digest struct {
s [4]uint32
x [_Chunk]byte
nx int
len uint64
}

func (d *digest) Reset() {
d.s[0] = _Init0
d.s[1] = _Init1
d.s[2] = _Init2
d.s[3] = _Init3
d.nx = 0
d.len = 0
}

// New returns a new hash.Hash computing the MD4 checksum.
func New() hash.Hash {
d := new(digest)
d.Reset()
return d
}

func (d *digest) Size() int { return Size }

func (d *digest) BlockSize() int { return BlockSize }

func (d *digest) Write(p []byte) (nn int, err error) {
nn = len(p)
d.len += uint64(nn)
if d.nx > 0 {
n := len(p)
if n > _Chunk-d.nx {
n = _Chunk - d.nx
}
for i := 0; i < n; i++ {
d.x[d.nx+i] = p[i]
}
d.nx += n
if d.nx == _Chunk {
_Block(d, d.x[0:])
d.nx = 0
}
p = p[n:]
}
n := _Block(d, p)
p = p[n:]
if len(p) > 0 {
d.nx = copy(d.x[:], p)
}
return
}

func (d *digest) Sum(in []byte) []byte {
// Make a copy of d0, so that caller can keep writing and summing.
dc := new(digest)
*dc = *d

// Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
plen := dc.len
var tmp [64]byte
tmp[0] = 0x80
if plen%64 < 56 {
_, _ = dc.Write(tmp[0 : 56-plen%64])
} else {
_, _ = dc.Write(tmp[0 : 64+56-plen%64])
}

// Length in bits.
plen <<= 3
for i := uint(0); i < 8; i++ {
tmp[i] = byte(plen >> (8 * i))
}
_, _ = dc.Write(tmp[0:8])

if dc.nx != 0 {
panic("dc.nx != 0")
}

for _, s := range dc.s {
in = append(in, byte(s>>0))
in = append(in, byte(s>>8))
in = append(in, byte(s>>16))
in = append(in, byte(s>>24))
}
return in
}
71 changes: 71 additions & 0 deletions md4/md4_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package md4

import (
"fmt"
"io"
"testing"
)

type md4Test struct {
out string
in string
}

var golden = []md4Test{
{"31d6cfe0d16ae931b73c59d7e0c089c0", ""},
{"bde52cb31de33e46245e05fbdbd6fb24", "a"},
{"ec388dd78999dfc7cf4632465693b6bf", "ab"},
{"a448017aaf21d8525fc10ae87aa6729d", "abc"},
{"41decd8f579255c5200f86a4bb3ba740", "abcd"},
{"9803f4a34e8eb14f96adba49064a0c41", "abcde"},
{"804e7f1c2586e50b49ac65db5b645131", "abcdef"},
{"752f4adfe53d1da0241b5bc216d098fc", "abcdefg"},
{"ad9daf8d49d81988590a6f0e745d15dd", "abcdefgh"},
{"1e4e28b05464316b56402b3815ed2dfd", "abcdefghi"},
{"dc959c6f5d6f9e04e4380777cc964b3d", "abcdefghij"},
{"1b5701e265778898ef7de5623bbe7cc0", "Discard medicine more than two years old."},
{"d7f087e090fe7ad4a01cb59dacc9a572", "He who has a shady past knows that nice guys finish last."},
{"a6f8fd6df617c72837592fc3570595c9", "I wouldn't marry him with a ten foot pole."},
{"c92a84a9526da8abc240c05d6b1a1ce0", "Free! Free!/A trip/to Mars/for 900/empty jars/Burma Shave"},
{"f6013160c4dcb00847069fee3bb09803", "The days of the digital watch are numbered. -Tom Stoppard"},
{"2c3bb64f50b9107ed57640fe94bec09f", "Nepal premier won't resign."},
{"45b7d8a32c7806f2f7f897332774d6e4", "For every action there is an equal and opposite government program."},
{"b5b4f9026b175c62d7654bdc3a1cd438", "His money is twice tainted: 'taint yours and 'taint mine."},
{"caf44e80f2c20ce19b5ba1cab766e7bd", "There is no reason for any individual to have a computer in their home. -Ken Olsen, 1977"},
{"191fae6707f496aa54a6bce9f2ecf74d", "It's a tiny change to the code and not completely disgusting. - Bob Manchek"},
{"9ddc753e7a4ccee6081cd1b45b23a834", "size: a.out: bad magic"},
{"8d050f55b1cadb9323474564be08a521", "The major problem is with sendmail. -Mark Horton"},
{"ad6e2587f74c3e3cc19146f6127fa2e3", "Give me a rock, paper and scissors and I will move the world. CCFestoon"},
{"1d616d60a5fabe85589c3f1566ca7fca", "If the enemy is within range, then so are you."},
{"aec3326a4f496a2ced65a1963f84577f", "It's well we cannot hear the screams/That we create in others' dreams."},
{"77b4fd762d6b9245e61c50bf6ebf118b", "You remind me of a TV show, but that's all right: I watch it anyway."},
{"e8f48c726bae5e516f6ddb1a4fe62438", "C is as portable as Stonehedge!!"},
{"a3a84366e7219e887423b01f9be7166e", "Even if I could be Shakespeare, I think I should still choose to be Faraday. - A. Huxley"},
{"a6b7aa35157e984ef5d9b7f32e5fbb52", "The fugacity of a constituent in a mixture of gases at a given temperature is proportional to its mole fraction. Lewis-Randall Rule"},
{"75661f0545955f8f9abeeb17845f3fd6", "How can you write a big system without C++? -Paul Glick"},
}

func TestGolden(t *testing.T) {
for i := 0; i < len(golden); i++ {
g := golden[i]
c := New()
for j := 0; j < 3; j++ {
if j < 2 {
_, _ = io.WriteString(c, g.in)
} else {
_, _ = io.WriteString(c, g.in[0:len(g.in)/2])
c.Sum(nil)
_, _ = io.WriteString(c, g.in[len(g.in)/2:])
}
s := fmt.Sprintf("%x", c.Sum(nil))
if s != g.out {
t.Fatalf("md4[%d](%s) = %s want %s", j, g.in, s, g.out)
}
c.Reset()
}
}
}
Loading

0 comments on commit 179cd36

Please sign in to comment.