#!/usr/bin/python

import sha
import md4
from   pyDes import *
import sys
import random
import binascii


def challenge_hash(peer_challenge, auth_challenge, username):

    hash = sha.new()
    
    hash.update(peer_challenge)
    hash.update(auth_challenge)
    hash.update(username)
    
    return hash.digest()[:8]
    
    
def nt_password_hash(password):

    return md4.new(password).digest()

def get_parity_key(key):
    
    pkey=""
    next = 0
    for i in xrange(7):
        tmp = key[i]
        pkey += chr( (ord(tmp) >> i) | next | 1)
        next = (ord(tmp) << (7-i)) & 0xFF

    pkey += chr(next | 1)

    return pkey
    

def challenge_response(challenge, password_hash):

    response = des(get_parity_key(password_hash[:7]), ECB).encrypt(challenge)
    response += des(get_parity_key(password_hash[7:]), ECB).encrypt(challenge)

    zpwd = (password_hash[14]) + (password_hash[15]) + "\0\0\0\0\0"

    response += des(get_parity_key(zpwd), ECB).encrypt(challenge)

    return response


if __name__ == '__main__':

   if len(sys.argv) < 3:
       print "Usage: ntlm_gen <username> <password>"
       sys.exit(1)

   username = sys.argv[1]
   password = sys.argv[2]

   peer_challenge = "".join(chr(random.randrange(0, 255)) for i in xrange(16))	
   auth_challenge = "".join(chr(random.randrange(0, 255)) for i in xrange(16))

   unicode_pwd = "".join( (password[i] + '\0') for i in xrange(len(password)))

   pwd_hash = nt_password_hash(unicode_pwd)
   nt_key   = nt_password_hash(pwd_hash)

   challenge = challenge_hash(peer_challenge, auth_challenge, username)
   response   = challenge_response(challenge, pwd_hash)

   print "Challenge : ", binascii.hexlify(challenge)
   print "Response  : ", binascii.hexlify(response)
   print "NT_KEY    : ", binascii.hexlify(nt_key).upper()