DanMcInerney / net-creds

Sniffs sensitive data from interface or pcap
GNU General Public License v3.0
1.7k stars 439 forks source link

parse_ntlm_chal definition fix #28

Closed randomwalksp closed 6 years ago

randomwalksp commented 6 years ago

The previous commit modified the function prototype of parse_ntlm_chal(msg2, ack) to parse_ntlm_chal(ack, msg2). While this fixed the issue with parse_netntlm_chal incorrectly calling parse_ntlm_chal, it created a new bug in other_parser (line 621), which now calls parse_ntlm_chal incorrectly. This commit reverts back to the original function prototype, and modifies the incorrect call to parse_ntlm_chal within parse_netntlm_chal instead.

randomwalksp commented 6 years ago

To be clear, this fixes the following call on line 621: parse_ntlm_chal(NTLMSSP2.group(), ack). In the current version, this call passes the arguments in the wrong order, causing Non-NETNTLM NTLM hashes (MSSQL, DCE-RPC,SMBv1/2,LDAP, MSSQL) to not be parsed.