Index: HashAlgorithm.h
===================================================================
--- HashAlgorithm.h	(revision 663)
+++ HashAlgorithm.h	(revision 747)
@@ -28,4 +28,12 @@
 //****************************************************************************
 void HashPIX(unsigned char* pPlain, int nPlainLen, unsigned char* pHash);
 
+//****************************************************************************
+// LM/NTLMv1 Challenge/Response Authentication Hashing
+// Modified: JoMo-Kun <jmk@foofus.net>
+//****************************************************************************
+void HashNetLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash);
+void HashHalfNetLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash);
+void HashNetNTLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash);
+
 #endif
Index: HashRoutine.cpp
===================================================================
--- HashRoutine.cpp	(revision 663)
+++ HashRoutine.cpp	(revision 747)
@@ -27,6 +27,10 @@
   AddHashRoutine("mysql323", HashMySQL323, 8);
   AddHashRoutine("mysqlsha1", HashMySQLSHA1, 20);
   AddHashRoutine("ciscopix", HashPIX, 16);
+  AddHashRoutine("netlm", HashNetLM, 24);
+  AddHashRoutine("halflmchall", HashHalfNetLM, 8);
+  AddHashRoutine("nethalflm", HashHalfNetLM, 8);
+  AddHashRoutine("netntlm", HashNetNTLM, 24);
 }
 
 CHashRoutine::~CHashRoutine()
Index: HashAlgorithm.cpp
===================================================================
--- HashAlgorithm.cpp	(revision 663)
+++ HashAlgorithm.cpp	(revision 747)
@@ -174,7 +174,104 @@
   _crypt_to64(p,*(unsigned long*) (final+12),4); p += 4;
   *p=0;
 
-  memcpy(pHash,temp,MD5_DIGEST_LENGTH);
+  memcpy(pHash, temp, MD5_DIGEST_LENGTH);
 
   free (pass);
 }
+
+//*********************************************************************************
+// Code for LM Challenge/Response Authentication Hashing
+// http://www.securityfocus.com/archive/1/375137/30/0/threaded
+// Modified: JoMo-Kun <jmk@foofus.net>
+//*********************************************************************************
+void HashNetLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)
+{
+  int i;
+  for (i = nPlainLen; i < 14; i++)
+    pPlain[i] = 0;
+
+  static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
+  //static unsigned char chllng[8] = {0}; // the fixed challenge of smbrelay
+  static unsigned char chllng[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; // Cain & Abel fixed challenge
+  des_key_schedule ks;
+  unsigned char lm[21];
+
+  setup_des_key(pPlain, ks);
+  des_ecb_encrypt((des_cblock*)magic, (des_cblock*)lm, ks, DES_ENCRYPT);
+  setup_des_key(&pPlain[7], ks);
+  des_ecb_encrypt((des_cblock*)magic, (des_cblock*)&lm[8], ks, DES_ENCRYPT);
+  setup_des_key(lm, ks);
+  des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)pHash, ks, DES_ENCRYPT);
+  setup_des_key(&lm[7], ks);
+  des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[8], ks, DES_ENCRYPT);
+  if (nPlainLen < 8)
+  {
+    pHash[16] = 0x57; pHash[17] = 0xe9; pHash[18] = 0xa1; pHash[19] = 0xb7;
+    pHash[20] = 0x95; pHash[21] = 0x40; pHash[22] = 0xc3; pHash[23] = 0x74;
+  }
+  else
+  {
+    lm[16] = lm[17] = lm[18] = lm[19] = lm[20] = 0;
+    setup_des_key(&lm[14], ks);
+    des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[16], ks, DES_ENCRYPT);
+  }
+}
+
+//*********************************************************************************
+// Code for LM Challenge/Response Authentication Hashing
+// Generate 1/3 of the LM response. This should help to significantly reduce
+// the potential keyspace of the first half of the LM password.
+// Based on oxid.it Forum Post
+// Modified: JoMo-Kun <jmk@foofus.net>
+//*********************************************************************************
+void HashHalfNetLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)
+{
+  int i;
+  for (i = nPlainLen; i < 14; i++)
+    pPlain[i] = 0;
+
+  static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
+  static unsigned char chllng[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; // Cain & Abel fixed challenge
+  des_key_schedule ks;
+  unsigned char lm[8];
+
+  // generate LM hash (first half)
+  setup_des_key(pPlain, ks);
+  des_ecb_encrypt((des_cblock*)magic, (des_cblock*)lm, ks, DES_ENCRYPT);
+
+  // generate LM response (first third)
+  setup_des_key(lm, ks);
+  des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)pHash, ks, DES_ENCRYPT);
+}
+
+//*********************************************************************************
+// Code for NTLMv1 Challenge/Response Authentication Hashing
+// http://www.securityfocus.com/archive/1/375137/30/0/threaded
+// Modified: JoMo-Kun <jmk@foofus.net>
+//*********************************************************************************
+void HashNetNTLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)
+{
+  unsigned char UnicodePlain[MAX_PLAIN_LEN];
+  int len = (nPlainLen < 127) ? nPlainLen : 127;
+  int i;
+  for (i = 0; i < len; i++)
+  {
+    UnicodePlain[i * 2] = pPlain[i];
+    UnicodePlain[i * 2 + 1] = 0x00;
+  }
+
+  //static unsigned char chllng[8] = {0}; // the fixed challenge of SMBRelay
+  static unsigned char chllng[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; // Cain & Abel fixed challenge
+  des_key_schedule ks;
+  unsigned char lm[21];
+
+  MD4(UnicodePlain, len * 2, lm);
+  lm[16] = lm[17] = lm[18] = lm[19] = lm[20] = 0;
+  setup_des_key(lm, ks);
+  des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)pHash, ks, DES_ENCRYPT);
+  setup_des_key(&lm[7], ks);
+  des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[8], ks, DES_ENCRYPT);
+  setup_des_key(&lm[14], ks);
+  des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[16], ks, DES_ENCRYPT);
+}
+
