librex 0.0.6 → 0.0.7

data/lib/rex/proto/ntlm/base.rb

@@ -0,0 +1,326 @@
+#
+# An NTLM Authentication Library for Ruby
+#
+# This code is a derivative of "dbf2.rb" written by yrock
+# and Minero Aoki. You can find original code here:
+# http://jp.rubyist.net/magazine/?0013-CodeReview
+# -------------------------------------------------------------
+# Copyright (c) 2005,2006 yrock
+# 
+# This program is free software.
+# You can distribute/modify this program under the terms of the
+# Ruby License.
+#
+# 2011-02-23 refactored by Alexandre Maloteaux for Metasploit Project
+# -------------------------------------------------------------
+#
+# 2006-02-11 refactored by Minero Aoki
+# -------------------------------------------------------------
+#
+# All protocol information used to write this code stems from
+# "The NTLM Authentication Protocol" by Eric Glass. The author 
+# would thank to him for this tremendous work and making it 
+# available on the net.
+# http://davenport.sourceforge.net/ntlm.html
+# -------------------------------------------------------------
+# Copyright (c) 2003 Eric Glass
+#
+# Permission to use, copy, modify, and distribute this document
+# for any purpose and without any fee is hereby granted,
+# provided that the above copyright notice and this list of
+# conditions appear in all copies. 
+# -------------------------------------------------------------
+#
+# The author also looked Mozilla-Firefox-1.0.7 source code,
+# namely, security/manager/ssl/src/nsNTLMAuthModule.cpp and
+# Jonathan Bastien-Filiatrault's libntlm-ruby.
+# "http://x2a.org/websvn/filedetails.php?
+# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
+# The latter has a minor bug in its separate_keys function.
+# The third key has to begin from the 14th character of the 
+# input string instead of 13th:)
+#--
+# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
+#++
+
+#this class defines the base type needed for other modules like message and crypt
+
+require 'rex/proto/ntlm/constants'
+
+module Rex
+module Proto
+module NTLM
+class Base
+
+CONST = Rex::Proto::NTLM::Constants
+
+   	# base classes for primitives
+   	class Field
+	     	attr_accessor :active, :value
+
+		def initialize(opts)
+			@value  = opts[:value]
+			@active = opts[:active].nil? ? true : opts[:active]
+		end
+	      
+		def size
+			@active ? @size : 0
+		end
+	end
+	
+	class String < Field
+		def initialize(opts)
+			super(opts)
+			@size = opts[:size]
+		end
+	      
+		def parse(str, offset=0)
+			if @active and str.size >= offset + @size
+				@value = str[offset, @size]
+				@size
+			else
+				0
+			end
+		end
+	      
+		def serialize
+			if @active
+				@value
+			else
+				""
+			end
+		end
+	      
+		def value=(val)
+			@value = val
+			@size = @value.nil? ? 0 : @value.size
+			@active = (@size > 0)
+		end
+	end
+
+	class Int16LE < Field
+		def initialize(opt)
+			super(opt)
+			@size = 2
+		end
+
+		def parse(str, offset=0)
+			if @active and str.size >= offset + @size
+				@value = str[offset, @size].unpack("v")[0]
+				@size
+			else
+		  		0
+			end
+		end
+	      
+		def serialize
+			[@value].pack("v")
+		end
+	end
+
+	class Int32LE < Field
+		def initialize(opt)
+			super(opt)
+			@size = 4
+		end
+
+		def parse(str, offset=0)
+			if @active and str.size >= offset + @size
+				@value = str.slice(offset, @size).unpack("V")[0]
+				@size
+			else
+				0
+			end
+		end
+
+		def serialize
+			[@value].pack("V") if @active
+		end
+	end
+
+	class Int64LE < Field
+		def initialize(opt)
+			super(opt)
+			@size = 8
+		end
+
+		def parse(str, offset=0)
+			if @active and str.size >= offset + @size
+				d, u = str.slice(offset, @size).unpack("V2")
+				@value = (u * 0x100000000 + d)
+				@size
+			else
+				0
+			end
+		end
+	      
+		def serialize
+			[@value & 0x00000000ffffffff, @value >> 32].pack("V2") if @active
+		end
+	end
+
+	# base class of data structure
+	class FieldSet
+		class << FieldSet
+		def define(&block)
+			c = Class.new(self)
+			def c.inherited(subclass)
+				proto = @proto
+				subclass.instance_eval {
+					@proto = proto
+					}
+			end
+			c.module_eval(&block)
+			c
+		end
+		
+		def string(name, opts)
+			add_field(name, String, opts)
+		end
+		
+		def int16LE(name, opts)
+			add_field(name, Int16LE, opts)
+		end
+
+		def int32LE(name, opts)
+			add_field(name, Int32LE, opts)
+		end
+
+		def int64LE(name, opts)
+			add_field(name, Int64LE, opts)
+		end
+		
+		def security_buffer(name, opts)
+			add_field(name, SecurityBuffer, opts)
+		end
+
+		def prototypes
+			@proto
+		end
+		
+		def names
+			@proto.map{|n, t, o| n}
+		end
+
+		def types
+			@proto.map{|n, t, o| t}
+		end
+		
+		def opts
+			@proto.map{|n, t, o| o}
+		end
+		
+		private
+		
+		def add_field(name, type, opts)
+			(@proto ||= []).push [name, type, opts]
+			define_accessor name
+		end
+		
+		def define_accessor(name)
+			module_eval(<<-End, __FILE__, __LINE__ + 1)
+			def #{name}
+				self['#{name}'].value
+			end
+		    
+			def #{name}=(val)
+				self['#{name}'].value = val
+			end
+			End
+		end 
+		end #self
+      
+		def initialize
+			@alist = self.class.prototypes.map{ |n, t, o| [n, t.new(o)] }
+		end
+	      
+		def serialize
+			@alist.map{|n, f| f.serialize }.join
+		end
+	      
+		def parse(str, offset=0)
+			@alist.inject(offset){|cur, a|  cur += a[1].parse(str, cur)}
+		end
+
+		def size
+			@alist.inject(0){|sum, a| sum += a[1].size}
+		end
+
+		def [](name)
+			a = @alist.assoc(name.to_s.intern)
+			raise ArgumentError, "no such field: #{name}" unless a
+			a[1]
+		end
+	      
+		def []=(name, val)
+			a = @alist.assoc(name.to_s.intern)
+			raise ArgumentError, "no such field: #{name}" unless a
+			a[1] = val
+		end
+	      
+		def enable(name)
+			self[name].active = true
+		end
+	      
+		def disable(name)
+			self[name].active = false
+		end
+	end
+
+	Blob = FieldSet.define {
+		int32LE    :blob_signature,   {:value => CONST::BLOB_SIGN}
+		int32LE    :reserved,         {:value => 0}
+		int64LE    :timestamp,      {:value => 0}
+		string     :challenge,      {:value => "", :size => 8}
+		int32LE    :unknown1,     {:value => 0}
+		string     :target_info,      {:value => "", :size => 0}
+		int32LE    :unknown2,         {:value => 0}
+	}
+
+	SecurityBuffer = FieldSet.define {
+		int16LE   :length,        {:value => 0}
+		int16LE   :allocated,     {:value => 0}
+		int32LE   :offset,        {:value => 0}
+	}
+
+
+	class SecurityBuffer
+		attr_accessor :active
+		def initialize(opts)
+			super()
+			@value  = opts[:value]
+			@active = opts[:active].nil? ? true : opts[:active]
+			@size = 8
+		end
+	      
+		def parse(str, offset=0)
+			if @active and str.size >= offset + @size
+				super(str, offset)
+				@value = str[self.offset, self.length]
+				@size
+			else
+				0
+			end
+		end
+	      
+		def serialize
+			super if @active
+		end
+	      
+		def value
+			@value
+		end
+	      
+		def value=(val)
+			@value = val
+			self.length = self.allocated = val.size
+		end
+	      
+		def data_size
+			@active ? @value.size : 0
+		end
+	end
+end
+end
+end
+end

data/lib/rex/proto/ntlm/constants.rb

@@ -0,0 +1,74 @@
+module Rex
+module Proto
+module NTLM
+class Constants
+
+	SSP_SIGN = "NTLMSSP\0"
+	BLOB_SIGN = 0x00000101
+	LM_MAGIC = "KGS!@\#$%"
+	TIME_OFFSET = 11644473600
+	MAX64 = 0xffffffffffffffff
+    
+	FLAGS = {
+	:UNICODE              => 0x00000001,
+	:OEM                  => 0x00000002,
+	:REQUEST_TARGET       => 0x00000004,
+	#:UNKNOWN              => 0x00000008,
+	:SIGN                 => 0x00000010,
+	:SEAL                 => 0x00000020,
+	#:UNKNOWN              => 0x00000040,
+	:NETWARE              => 0x00000100,
+	:NTLM                 => 0x00000200,
+	#:UNKNOWN              => 0x00000400,
+	#:UNKNOWN              => 0x00000800,
+	:DOMAIN_SUPPLIED      => 0x00001000,
+	:WORKSTATION_SUPPLIED => 0x00002000,
+	:LOCAL_CALL           => 0x00004000,
+	:ALWAYS_SIGN          => 0x00008000,
+	:TARGET_TYPE_DOMAIN   => 0x00010000,
+	:TARGET_INFO          => 0x00800000,
+	:NTLM2_KEY            => 0x00080000,
+	:KEY128               => 0x20000000,
+	:KEY56                => 0x80000000
+	}
+    
+	FLAG_KEYS = FLAGS.keys.sort{|a, b| FLAGS[a] <=> FLAGS[b] }
+
+	DEFAULT_FLAGS = {
+	:TYPE1 => FLAGS[:UNICODE] | FLAGS[:OEM] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY],
+	:TYPE2 => FLAGS[:UNICODE],
+	:TYPE3 => FLAGS[:UNICODE] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY]
+	}
+
+	# NTLM Response Type
+	NTLM_V1_RESPONSE =		1
+	NTLM_V2_RESPONSE =		2
+	NTLM_2_SESSION_RESPONSE = 	3
+
+	#the same flags but merged from lib/rex/proto/smb/constants and keeped for compatibility
+	# NTLMSSP Message Flags
+	NEGOTIATE_UNICODE     = 0x00000001  # Only set if Type 1 contains it - this or oem, not both
+	NEGOTIATE_OEM         = 0x00000002  # Only set if Type 1 contains it - this or unicode, not both
+	REQUEST_TARGET        = 0x00000004  # If set in Type 1, must return domain or server
+	NEGOTIATE_SIGN        = 0x00000010  # Session signature required
+	NEGOTIATE_SEAL        = 0x00000020  # Session seal required
+	NEGOTIATE_LMKEY       = 0x00000080  # LM Session Key should be used for signing and sealing
+	NEGOTIATE_NTLM        = 0x00000200  # NTLM auth is supported
+	NEGOTIATE_ANONYMOUS   = 0x00000800  # Anonymous context used
+	NEGOTIATE_DOMAIN      = 0x00001000  # Sent in Type1, client gives domain info
+	NEGOTIATE_WORKSTATION = 0x00002000  # Sent in Type1, client gives workstation info
+	NEGOTIATE_LOCAL_CALL  = 0x00004000  # Server and client are on same machine
+	NEGOTIATE_ALWAYS_SIGN = 0x00008000  # Add signatures to packets
+	TARGET_TYPE_DOMAIN    = 0x00010000  # If REQUEST_TARGET, we're adding the domain name
+	TARGET_TYPE_SERVER    = 0x00020000  # If REQUEST_TARGET, we're adding the server name
+	TARGET_TYPE_SHARE     = 0x00040000  # Supposed to denote "a share" but for a webserver?
+	NEGOTIATE_NTLM2_KEY   = 0x00080000  # NTLMv2 Signature and Key exchanges
+	NEGOTIATE_TARGET_INFO = 0x00800000  # Server set when sending Target Information Block
+	NEGOTIATE_128         = 0x20000000  # 128-bit encryption supported
+	NEGOTIATE_KEY_EXCH    = 0x40000000  # Client will supply encrypted master key in Session Key field of Type3 msg
+	NEGOTIATE_56          = 0x80000000  # 56-bit encryption supported
+
+end
+end
+end
+end

data/lib/rex/proto/ntlm/crypt.rb

@@ -0,0 +1,340 @@
+#
+# An NTLM Authentication Library for Ruby
+#
+# This code is a derivative of "dbf2.rb" written by yrock
+# and Minero Aoki. You can find original code here:
+# http://jp.rubyist.net/magazine/?0013-CodeReview
+# -------------------------------------------------------------
+# Copyright (c) 2005,2006 yrock
+# 
+# This program is free software.
+# You can distribute/modify this program under the terms of the
+# Ruby License.
+#
+# 2011-03-08 improved through a code merge with Metasploit's SMB::Crypt
+# -------------------------------------------------------------
+#
+# 2011-02-23 refactored and improved by Alexandre Maloteaux for Metasploit Project
+# -------------------------------------------------------------
+#
+# 2006-02-11 refactored by Minero Aoki
+# -------------------------------------------------------------
+#
+# All protocol information used to write this code stems from
+# "The NTLM Authentication Protocol" by Eric Glass. The author 
+# would thank to him for this tremendous work and making it 
+# available on the net.
+# http://davenport.sourceforge.net/ntlm.html
+# -------------------------------------------------------------
+# Copyright (c) 2003 Eric Glass
+#
+# Permission to use, copy, modify, and distribute this document
+# for any purpose and without any fee is hereby granted,
+# provided that the above copyright notice and this list of
+# conditions appear in all copies. 
+# -------------------------------------------------------------
+#
+# The author also looked Mozilla-Firefox-1.0.7 source code,
+# namely, security/manager/ssl/src/nsNTLMAuthModule.cpp and
+# Jonathan Bastien-Filiatrault's libntlm-ruby.
+# "http://x2a.org/websvn/filedetails.php?
+# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
+# The latter has a minor bug in its separate_keys function.
+# The third key has to begin from the 14th character of the 
+# input string instead of 13th:)
+#--
+# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
+#++
+
+
+require 'rex/proto/ntlm/constants'
+require 'rex/proto/ntlm/base'
+
+module Rex
+module Proto
+module NTLM
+class Crypt
+
+CONST = Rex::Proto::NTLM::Constants
+BASE = Rex::Proto::NTLM::Base
+
+	@@loaded_openssl = false
+	
+	begin
+		require 'openssl'
+		require 'openssl/digest'
+		@@loaded_openssl = true
+	rescue ::Exception
+	end
+
+	def self.gen_keys(str)
+		str.scan(/.{7}/).map{ |key| des_56_to_64(key) }
+	end
+ 
+	def self.des_56_to_64(ckey56s)
+		ckey64 = []
+		ckey56 = ckey56s.unpack('C*')
+		ckey64[0] = ckey56[0]
+		ckey64[1] = ((ckey56[0] << 7) & 0xFF) | (ckey56[1] >> 1)
+		ckey64[2] = ((ckey56[1] << 6) & 0xFF) | (ckey56[2] >> 2)
+		ckey64[3] = ((ckey56[2] << 5) & 0xFF) | (ckey56[3] >> 3)
+		ckey64[4] = ((ckey56[3] << 4) & 0xFF) | (ckey56[4] >> 4)
+		ckey64[5] = ((ckey56[4] << 3) & 0xFF) | (ckey56[5] >> 5)
+		ckey64[6] = ((ckey56[5] << 2) & 0xFF) | (ckey56[6] >> 6)
+		ckey64[7] =  (ckey56[6] << 1) & 0xFF
+		ckey64.pack('C*')
+	end
+	     
+	def self.apply_des(plain, keys)
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		dec = OpenSSL::Cipher::DES.new
+		keys.map do |k|
+			dec.key = k
+			dec.encrypt.update(plain)
+		end
+	end
+      
+	def self.lm_hash(password, half = false)
+		size = half ? 7 : 14
+		keys = gen_keys(password.upcase.ljust(size, "\0"))
+		apply_des(CONST::LM_MAGIC, keys).join
+	end   
+      
+	def self.ntlm_hash(password, opt = {})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		pwd = password.dup
+		unless opt[:unicode]
+			pwd = Rex::Text.to_unicode(pwd)
+		end
+		OpenSSL::Digest::MD4.digest(pwd)
+	end
+	
+	# This hash is used for lmv2/ntlmv2 response calculation
+	def self.ntlmv2_hash(user, password, domain, opt={})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		
+		if opt[:pass_is_hash]
+			ntlmhash = password
+		else
+			ntlmhash = ntlm_hash(password, opt)
+		end
+		
+		# With Win 7 and maybe other OSs we sometimes get the domain not uppercased
+		userdomain = user.upcase  + domain
+		unless opt[:unicode]
+			userdomain = Rex::Text.to_unicode(userdomain)
+		end
+		OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmhash, userdomain)
+	end
+
+	# Create the LANMAN response
+	def self.lm_response(arg, half = false)
+		begin
+			hash = arg[:lm_hash]
+			chal = arg[:challenge]
+		rescue
+			raise ArgumentError
+		end
+		chal = BASE::pack_int64le(chal) if chal.is_a?(Integer)
+		if half then size = 7 else  size = 21 end
+		keys = gen_keys hash.ljust(size, "\0")
+		apply_des(chal, keys).join
+	end
+
+	# Synonym of lm_response for old compatibility with lib/rex/proto/smb/crypt
+	def self.lanman_des(password, challenge)		
+		lm_response({
+			:lm_hash => self.lm_hash(password),
+			:challenge => challenge
+		})
+	end
+      
+	def self.ntlm_response(arg)
+		hash = arg[:ntlm_hash]
+		chal = arg[:challenge]
+		chal = BASE::pack_int64le(chal) if chal.is_a?(::Integer)
+		keys = gen_keys(hash.ljust(21, "\0"))
+		apply_des(chal, keys).join
+	end
+
+	#synonym of ntlm_response for old compatibility with lib/rex/proto/smb/crypt
+	def self.ntlm_md4(password, challenge)
+		ntlm_response({
+			:ntlm_hash =>  self.ntlm_hash(password), 
+			:challenge => challenge
+		})
+	end
+
+	def self.ntlmv2_response(arg, opt = {})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		
+		key, chal = arg[:ntlmv2_hash], arg[:challenge]
+		if not (key and chal)
+			raise ArgumentError , 'ntlmv2_hash and challenge are mandatory'
+		end
+		
+		chal = BASE::pack_int64le(chal) if chal.is_a?(::Integer)
+		bb   = nil
+		
+		if opt[:nt_client_challenge]
+			if opt[:nt_client_challenge].to_s.length <= 24
+				raise ArgumentError,"nt_client_challenge is not in a correct format " 
+			end
+			bb = opt[:nt_client_challenge]
+		else
+			if not arg[:target_info]
+				raise ArgumentError, "target_info is mandatory in this case"
+			end
+
+			ti = arg[:target_info]
+			cc = opt[:client_challenge] || rand(CONST::MAX64)
+			cc = BASE::pack_int64le(cc) if cc.is_a?(::Integer)
+
+			ts = opt[:timestamp] || Time.now.to_i
+
+			# Convert the unix timestamp to windows format
+			#   epoch -> milsec from Jan 1, 1601
+			ts = 10000000 * (ts + CONST::TIME_OFFSET)
+
+			blob = BASE::Blob.new
+			blob.timestamp = ts
+			blob.challenge = cc
+			blob.target_info = ti
+		
+			bb = blob.serialize
+		end
+
+		OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + bb) + bb
+
+	end
+      
+	def self.lmv2_response(arg, opt = {})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		key = arg[:ntlmv2_hash]
+		chal = arg[:challenge]
+        
+		chal = BASE::pack_int64le(chal) if chal.is_a?(::Integer)
+		cc   = opt[:client_challenge] || rand(CONST::MAX64)
+		cc   = BASE::pack_int64le(cc) if cc.is_a?(::Integer)
+
+		OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + cc) + cc
+	end
+      
+	def self.ntlm2_session(arg, opt = {})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		passwd_hash,chal = arg[:ntlm_hash],arg[:challenge]
+		if not (passwd_hash and chal)
+			raise RuntimeError, "ntlm_hash and challenge are required"
+		end
+
+		cc = opt[:client_challenge] || rand(CONST::MAX64)
+		cc = BASE::pack_int64le(cc) if cc.is_a?(Integer)
+
+		keys = gen_keys(passwd_hash.ljust(21, "\0"))
+		session_hash = OpenSSL::Digest::MD5.digest(chal + cc)[0,8]
+		response = apply_des(session_hash, keys).join
+		[cc.ljust(24, "\0"), response]
+	end
+
+	#
+	# Signing method added for metasploit project
+	#
+	
+	# Used when only the LMv1 response is provided (i.e., with Win9x clients)
+	def self.lmv1_user_session_key(pass, opt = {})
+		if opt[:pass_is_hash]
+			usk = pass[0,8]
+		else
+			usk = self.lm_hash(pass.upcase[0,7],true)
+		end
+		usk.ljust(16,"\x00")
+	end
+		
+	# This variant is used when the client sends the NTLMv1 response
+	def self.ntlmv1_user_session_key(pass, opt = {})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+
+		if opt[:pass_is_hash]
+			usk = pass
+		else
+			usk = self.ntlm_hash(pass)
+		end
+		OpenSSL::Digest::MD4.digest(usk)
+	end
+
+	# Used when NTLMv1 authentication is employed with NTLM2 session security
+	def self.ntlm2_session_user_session_key(pass, srv_chall, cli_chall, opt = {})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+
+		ntlm_key = self.ntlmv1_user_session_key(pass, opt )
+		session_chal = srv_chall + cli_chall
+		OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlm_key, session_chal)
+	end
+
+	# Used when the LMv2 response is sent
+	def self.lmv2_user_session_key(user, pass, domain, srv_chall, cli_chall, opt = {})
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+
+		ntlmv2_key = self.ntlmv2_hash(user, pass, domain, opt)
+		hash1 = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmv2_key, srv_chall + cli_chall)
+		OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmv2_key, hash1)
+	end
+
+	# Used when the NTLMv2 response is sent
+	class << self; alias_method :ntlmv2_user_session_key, :lmv2_user_session_key; end
+
+	# Used when LanMan Key flag is set
+	def self.lanman_session_key(pass, srvchall, opt = {})
+		if opt[:pass_is_hash]
+			halfhash = pass[0,8]
+		else
+			halfhash = lm_hash(pass.upcase[0,7],true)
+		end
+		plain = self.lm_response({
+			:lm_hash => halfhash[0,7],
+			:challenge => srvchall
+		}, true )
+		key = halfhash  + ["bdbdbdbdbdbd"].pack("H*")
+        keys = self.gen_keys(key)
+       	apply_des(plain, keys).join
+	end
+
+	def self.encrypt_sessionkey(session_key, user_session_key)
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		cipher = OpenSSL::Cipher::Cipher.new('rc4')
+		cipher.encrypt
+		cipher.key = user_session_key
+		cipher.update(session_key) 
+	end
+
+	def self.decrypt_sessionkey(encrypted_session_key, user_session_key)
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		cipher = OpenSSL::Cipher::Cipher.new('rc4')
+		cipher.decrypt
+		cipher.key = user_session_key
+		cipher.update(encrypted_session_key) 
+	end
+
+	def self.make_weak_sessionkey(session_key,key_size,lanman_key = false)
+		case key_size
+		when 40
+			if lanman_key
+				return session_key[0,5] + "\xe5\x38\xb0" 
+			else
+				return session_key[0,5] 
+			end
+		when 56
+			if lanman_key
+				return session_key[0,7]  + "\xa0"
+			else
+				return session_key[0,7]  
+			end
+		else #128 
+			return session_key[0,16]
+		end
+	end
+
+end
+end
+end
+end