1 files changed, 253 insertions, 0 deletions
diff --git a/examples/LDAP/smbldap-tools/mkntpwd/mkntpwd.c b/examples/LDAP/smbldap-tools/mkntpwd/mkntpwd.c
new file mode 100644
index 0000000000..0c7d61e134
--- /dev/null
+++ b/examples/LDAP/smbldap-tools/mkntpwd/mkntpwd.c
@@ -0,0 +1,253 @@
+/*
+	This code is based on work from 
+	L0phtcrack 1.5 06.02.97 mudge@l0pht.com
+
+	The code also contains sources from:
+                . routines from the samba code source
+		  md4.c smbdes.c
+
+	Anton Roeckseisen (anton@genua.de)
+
+*/
+
+/*
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "mkntpwd.h"
+
+void str_to_key(unsigned char *,unsigned char *);
+void usage(char *);
+int PutUniCode(char *dst,char *src);
+void printlanhash(char *tmp);
+void mdfour(unsigned char *out, unsigned char *in, int n);
+void E_P16(unsigned char *p14,unsigned char *p16);
+
+
+void main(int argc, char **argv) {
+	extern char *optarg;
+	int c;
+
+	int printlan = 0;
+	char lanpwd[LMPASSWDLEN+1];
+	int printnt = 0;
+	char inputfile[FILENAMEBUFFER+1] = "";
+	FILE* InputFilePtr;
+	int just_pwd = 0;
+	int i;
+	char hashout[17];
+
+	char ntpasswd[NTPASSWDLEN+1]; 
+	char *hold;
+	unsigned char *p16;
+	int uni_len;
+	char passwd[NTPASSWDLEN+1];
+
+	if (argc==1)
+		usage(argv[0]);
+
+	if (argc==2)
+		just_pwd=1;
+	else
+		just_pwd=0;
+
+	lanpwd[0] = '\0';
+	ntpasswd[0] = '\0';
+
+	while ( (c = getopt(argc, argv, "L:N:f:")) != EOF){
+		switch(c) {
+		case 'L':
+			printlan++;
+			strncpy(lanpwd,optarg,LMPASSWDLEN);
+			lanpwd[LMPASSWDLEN]='\0';
+			for (i=0;i<LMPASSWDLEN;i++)
+				lanpwd[i]=toupper(lanpwd[i]);
+			break;
+		case 'N':
+			printnt++;
+			strncpy(passwd,optarg,NTPASSWDLEN);
+			passwd[NTPASSWDLEN]='\0';
+			break;
+		case 'f': 
+			strncpy(inputfile,optarg,FILENAMEBUFFER);
+			inputfile[FILENAMEBUFFER]='\0';
+			break;
+		default:
+			usage(argv[0]);
+		}
+	}
+
+	/* Get password from file or STDIN */
+	if (inputfile[0]!='\0') {
+
+		just_pwd=0; /* make sure no shit is happening... */
+
+		/* get NT-password (longer) */
+		if (strcmp(inputfile,"-")==0) {
+			fgets(passwd,NTPASSWDLEN,stdin);
+		} else {
+			if ((InputFilePtr=fopen(inputfile,"r")) == NULL)
+				fprintf(stderr,"Couldn't open passwordfile: %s",inputfile) ;
+			fgets(passwd,NTPASSWDLEN,InputFilePtr);
+			fclose(InputFilePtr);
+		}
+		while (strlen(passwd)>0 && passwd[strlen(passwd)-1]=='\n')
+			passwd[strlen(passwd)-1]='\0';
+
+		/* create LANMAN-password (shorter) */
+		strncpy(lanpwd,passwd,LMPASSWDLEN);
+		lanpwd[LMPASSWDLEN]='\0';
+		for (i=0;i<LMPASSWDLEN;i++)
+			lanpwd[i]=toupper(lanpwd[i]);
+		printlan++;
+		printnt++;
+
+	}
+
+
+	/* Assume the one and only Arg is the new password! */
+
+	if (argc>1 && just_pwd==1) { 
+                strncpy(lanpwd,argv[1],LMPASSWDLEN);
+		lanpwd[LMPASSWDLEN]='\0';
+		for (i=0;i<LMPASSWDLEN;i++)
+			lanpwd[i]=toupper(lanpwd[i]);
+		printlan++;
+
+		strncpy(passwd,argv[1],NTPASSWDLEN);
+		passwd[NTPASSWDLEN]='\0';
+		printnt++;
+	}
+
+	if (printlan >0) {
+		memset(hashout,'\0',17);
+		E_P16((uchar *)lanpwd,hashout);
+		printlanhash(hashout);
+	}
+
+	if (printnt >0) {
+
+		if (printlan>0) printf(":");
+
+		memset(ntpasswd, '\0', sizeof(ntpasswd));
+
+		if (passwd[strlen(passwd)-1] == '\n') /* strip the \n - this 
+					is done in LowerString for the case sensitive
+					check */
+		passwd[strlen(passwd)-1] = '\0';
+
+		hold = (char *)malloc(NTPASSWDLEN * 2); /* grab space for 
+						       unicode */
+		if (hold == NULL){
+			fprintf(stderr, "out of memory...crackntdialog hold\n");
+			exit(1);
+		}
+
+		uni_len = PutUniCode(hold, passwd); /* convert to 
+						   unicode and return correct 
+						   unicode length for md4 */
+
+		p16 = (unsigned char*)malloc(17); /* grab space for md4 hash */
+		if (p16 == NULL){
+		      fprintf(stderr, "out of memory...crackntdialect p16\n");
+		      exit(1);
+		}
+		
+		memset(p16,'\0',17);
+		mdfour(p16,hold, uni_len);
+
+		printlanhash(p16);
+		    
+		free(p16);
+		free(hold);
+	}
+
+	printf("\n");
+
+	exit(0);
+
+}
+
+/*****************************************************************************/
+/*****************************************************************************/
+/*****************************************************************************/
+
+void usage(char *progname){
+   char *p;
+
+   p = strrchr(progname, '\\');
+   if (p == NULL)
+        p = progname;
+   else
+        p++;
+
+   fprintf(stderr, "Usage: %s [-L lanmgrpwd] [-N ntpasswd]\n",p);
+   fprintf(stderr, "       %s password\n",p);
+   fprintf(stderr, "       %s -f [-] [filename]\n\n",p);
+   fprintf(stderr, "     -L lanmgrpasswd  LanManager cleartextpwd <= 14 chars\n");
+   fprintf(stderr, "     -N ntpasswd      NT cleartextpwd <=128 chars (usually <=14)\n\n");
+   fprintf(stderr, "     with both options present the encrypted LanManager-Pwd is \n");
+   fprintf(stderr, "     printed first, followed by a ':' and the encrypted NT-Pwd.\n\n");
+   fprintf(stderr, "     The second usage behaves like %s -L pwd -N pwd\n\n",p);
+   fprintf(stderr, "     The third usage reads the password from STDIN or a File. Printout\n");
+   fprintf(stderr, "     is the same as second.\n\n");
+   fprintf(stderr, "anton@genua.de\n\n");
+   exit(1);
+}
+
+
+/*******************************************************************
+write a string in unicoode format
+********************************************************************/
+int PutUniCode(char *dst,char *src) 
+{                       
+  int ret = 0;  
+  while (*src) {
+    dst[ret++] = src[0];
+    dst[ret++] = 0;
+    src++;
+  }
+  dst[ret++]=0; 
+  dst[ret++]=0; 
+  return(ret-2); /* the way they do the md4 hash they don't represent
+                    the last null. ie 'A' becomes just 0x41 0x00 - not
+                    0x41 0x00 0x00 0x00 */
+}
+
+/*
+  print binary buffer as hex-string
+*/
+void printlanhash(char *tmp) {
+
+	int i;
+	unsigned char c;
+	char outbuffer[33];
+
+
+	/* build string from binary hash */
+	for(i=0;i<16;i++) {
+		c=tmp[i];
+		sprintf(outbuffer+2*i,"%x",(c>>4) & 0x0f);
+		sprintf(outbuffer+2*i+1,"%x",c & 0x0f);
+	}
+
+	/* convert to uppercase */
+	for(i=0;i<32;i++)
+		outbuffer[i] = toupper(outbuffer[i]);
+	outbuffer[32]='\0';
+
+	/* print out hex-string */
+	printf("%s",outbuffer);
+}
+
+