The NTLM Authentication Protocol and Security Support Provider---附录

来源：互联网发布：淘宝达人内容质量分编辑：程序博客网时间：2024/04/30 10:25

Appendix A: Links and References

(原始链接http://davenport.sourceforge.net/ntlm.html#theNtlmUserSessionKey)

Note that due to the highly dynamic and transient nature of the Web, these may or may not be available.

The jCIFS Project Home Page: http://jcifs.samba.org/
jCIFS is an open-source Java implementation of CIFS/SMB. The information presented in this article was used as the basis for the jCIFS NTLM authentication implementation. jCIFS provides support for both the client and server sides of the NTLM HTTP authentication scheme, as well as non-protocol-specific NTLM utility classes.

The Samba Home Page: http://www.samba.org/
Samba is an open-source CIFS/SMB server and client. Implements NTLM authentication and session security, and a reference for much of this document.

Implementing CIFS: The Common Internet FileSystem: http://ubiqx.org/cifs/
A highly informative online book by Christopher R. Hertel. Especially relevant to this discussion is the section on authentication.

The Open Group ActiveX Core Technology Reference (Chapter 11, "NTLM"): http://www.opengroup.org/comsource/techref2/NCH1222X.HTM
Closest thing to an "official" reference on NTLM. Unfortunately, also rather old and not terribly accurate.

The Security Support Provider Interface: http://www.microsoft.com/windows2000/techinfo/howitworks/security/sspi2000.asp
A whitepaper discussing application development using the SSPI.

NTLM Authentication Scheme for HTTP: http://www.innovation.ch/java/ntlm.html
Informative discussion on the NTLM HTTP authentication mechanism.

Squid NTLM Authentication Project: http://squid.sourceforge.net/ntlm/
Project to provide NTLM HTTP authentication to the Squid proxy server.

Jakarta Commons HttpClient: http://jakarta.apache.org/commons/httpclient/
An open-source Java HTTP client which provides support for the NTLM HTTP authentication scheme.

The GNU Crypto Project: http://www.gnu.org/software/gnu-crypto/
An open-source Java Cryptography Extension provider supplying an implementation of the MD4 message-digest algorithm.

RFC 1320 - The MD4 Message-Digest Algorithm: http://www.ietf.org/rfc/rfc1320.txt
Specification and reference implementation for the MD4 digest (used to calculate the NTLM password hash).

RFC 1321 - The MD5 Message-Digest Algorithm: http://www.ietf.org/rfc/rfc1321.txt
Specification and reference implementation for the MD5 digest (used to calculate the NTLM2 session response).

RFC 2104 - HMAC: Keyed-Hashing for Message Authentication: http://www.ietf.org/rfc/rfc2104.txt
Specification and reference implementation for the HMAC-MD5 algorithm (used in the calculation of the NTLMv2/LMv2 responses).

How to Enable NTLM 2 Authentication: http://support.microsoft.com/default.aspx?scid=KB;en-us;239869
Describes how to enable negotiation of NTLMv2 authentication and enforce NTLM security flags.

Microsoft SSPI Function Documentation: http://windowssdk.msdn.microsoft.com/en-us/library/ms717571.aspx#sspi_functions
Provides an overview of the Security Support Provider Interface (SSPI) and related functions.

Appendix B: Application Protocol Usage of NTLM

This section examines the use of NTLM authentication within some of Microsoft's network protocol implementations.

NTLM HTTP Authentication

Microsoft has established the proprietary "NTLM" authentication scheme for HTTP to provide integrated authentication to IIS web servers. This authentication mechanism allows clients to access resources using their Windows credentials, and is typically used within corporate environments to provide single sign-on functionality to intranet sites. Historically, NTLM authentication was only supported by Internet Explorer; recently, however, support has been added to various other user agents.

The NTLM HTTP authentication mechanism works as follows:

The client requests a protected resource from the server:
```
    GET /index.html HTTP/1.1
```
The server responds with a 401 status, indicating that the client must authenticate. "NTLM" is presented as a supported authentication mechanism via the "WWW-Authenticate" header. Typically, the server closes the connection at this time:
```
    HTTP/1.1 401 Unauthorized    WWW-Authenticate: NTLM    Connection: close
```
Note that Internet Explorer will only select NTLM if it is the first mechanism offered; this is at odds with RFC 2616, which states that the client must select the strongest supported authentication scheme.
The client resubmits the request with an "Authorization" header containing a Type 1 message parameter. The Type 1 message is Base-64 encoded for transmission. From this point forward, the connection is kept open; closing the connection requires reauthentication of subsequent requests. This implies that the server and client must support persistent connections, via either the HTTP 1.0-style "Keep-Alive" header or HTTP 1.1 (in which persistent connections are employed by default). The relevant request headers appear as follows (the line break in the "Authorization" header below is for display purposes only, and is not present in the actual message):
```
    GET /index.html HTTP/1.1    Authorization: NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1    JLU1RBVElPTkRPTUFJTg==
```

The server replies with a 401 status containing a Type 2 message in the "WWW-Authenticate" header (again, Base-64 encoded). This is shown below (the line breaks in the "WWW-Authenticate" header are for editorial clarity only, and are not present in the actual header).

    HTTP/1.1 401 Unauthorized    WWW-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8    AAAAAAAAAAGIAYgA8AAAARABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTA    EUAUgBWAEUAUgAEABQAZABvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHI    ALgBkAG8AbQBhAGkAbgAuAGMAbwBtAAAAAAA=

The client responds to the Type 2 message by resubmitting the request with an "Authorization" header containing a Base-64 encoded Type 3 message (again, the line breaks in the "Authorization" header below are for display purposes only):

    GET /index.html HTTP/1.1    Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAA    AACAAIAEwAAAAWABYAVAAAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIA    VwBPAFIASwBTAFQAQQBUAEkATwBOAMM3zVy9RPyXgqZnr21CfG3mfCDC0+d8ViWpjB    wx6BhHRmspst9GgPOZWPuMITqcxg==

Finally, the server validates the responses in the client's Type 3 message and allows access to the resource.
```
    HTTP/1.1 200 OK
```

This scheme differs from most "normal" HTTP authentication mechanisms, in that subsequent requests over the authenticated connection are not themselves authenticated; NTLM is connection-oriented, rather than request-oriented. So a second request for "/index.html" would not carry any authentication information, and the server would request none. If the server detects that the connection to the client has been dropped, a request for "/index.html" would result in the server reinitiating the NTLM handshake.

A notable exception to the above is the client's behavior when submitting a POST request (typically employed when the client is sending form data to the server). If the client determines that the server is not the local host, the client will initiate reauthentication for POST requests over the active connection. The client will first submit an empty POST request with a Type 1 message in the "Authorization" header; the server responds with the Type 2 message (in the "WWW-Authenticate" header as shown above). The client then resubmits the POST with the Type 3 message, sending the form data with the request.

The NTLM HTTP mechanism can also be used for HTTP proxy authentication. The process is similar, except:

The server uses the 407 response code (indicating proxy authentication required) rather than 401.
The client's Type 1 and 3 messages are sent in the "Proxy-Authorization" request header, rather than the "Authorization" header.
The server's Type 2 challenge is sent in the "Proxy-Authenticate" response header (instead of "WWW-Authenticate").

With Windows 2000, Microsoft introduced the "Negotiate" HTTP authentication mechanism. While primarily aimed at providing a means of authenticating the user against Active Directory via Kerberos, it is backward-compatible with the NTLM scheme. When the Negotiate mechanism is used in "legacy" mode, the headers passed between the client and server are identical, except "Negotiate" (rather than "NTLM") is indicated as the mechanism name.

NTLM POP3 Authentication

Microsoft's Exchange server provides an NTLM authentication mechanism for the POP3 protocol. This is a proprietary extension used with the POP3 AUTH command as documented in

RFC 1734. On the client side, this mechanism is supported by Outlook and Outlook Express, and is called "Secure Password Authentication".

The POP3 NTLM authentication handshake occurs during the POP3 "authorization" state, and works as follows:

The client may request a list of supported authentication mechanisms by sending the AUTH command with no arguments:
```
    AUTH
```
The server responds with a success message, followed by the list of supported mechanisms; this list should include "NTLM", and is terminated by a line containing a single period (".").
```
    +OK The operation completed successfully.    NTLM    .
```
The client initiates NTLM authentication by sending an AUTH command specifying NTLM as the authentication mechanism:
```
    AUTH NTLM
```
The server responds with a success message as shown below. Note that there is a space between the "+" and the "OK"; RFC 1734 states that the server should reply with a challenge, but NTLM requires the Type 1 message from the client. So the server sends a "non-challenge", which is basically the message "OK".
```
    + OK
```

The client then sends the Type 1 message, Base-64 encoded for transmission:

    TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==

The server replies with the Type 2 challenge message (again, Base-64 encoded). This is send in the challenge format specified by RFC 1734 ("+", followed by a space, followed by the challenge message). This is shown below; the line breaks are for editorial clarity and are not present in the server's reply:
```
    + TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgA8AAAA    RABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZA    BvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHIALgBkAG8AbQBhAGkAbgAu    AGMAbwBtAAAAAAA=
```

The client calculates and sends the Base-64 encoded Type 3 response (the line breaks below are for display purposes only):

    TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVA    AAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBU    AEkATwBOAMM3zVy9RPyXgqZnr21CfG3mfCDC0+d8ViWpjBwx6BhHRmspst9GgPOZWP    uMITqcxg==

The server validates the response and indicates the result of authentication:
```
    +OK User successfully logged on
```

After successful authentication has occurred, the POP3 session enters the "transaction" state, allowing messages to be retrieved by the client. RFC 1730; the NTLM mechanism is a proprietary extension provided by Exchange and supported by the Outlook client family.

NTLM IMAP Authentication

Exchange provides an IMAP authentication mechanism similar in form to the POP3 mechanism previously discussed. IMAP authentication is documented in

The handshake sequence is similar to the POP3 mechanism:

The server may indicate support for the NTLM authentication mechanism in the capability response. Upon connecting to the IMAP server, the client would request the list of server capabilities:
```
    0000 CAPABILITY
```
The server responds with the list of supported capabilities; the NTLM authentication extension is indicated by the presence of the string "AUTH=NTLM" in the server's reply:
```
    * CAPABILITY IMAP4 IMAP4rev1 IDLE LITERAL+ AUTH=NTLM    0000 OK CAPABILITY completed.
```
The client initiates NTLM authentication by sending an AUTHENTICATE command specifying NTLM as the authentication mechanism:
```
    0001 AUTHENTICATE NTLM
```
The server responds with an empty challenge, consisting simply of a "+":
```
    +
```

The client then sends the Type 1 message, Base-64 encoded for transmission:

    TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==

The server replies with the Type 2 challenge message (again, Base-64 encoded). This is send in the challenge format specified by RFC 1730 ("+", followed by a space, followed by the challenge message). This is shown below; the line breaks are for editorial clarity and are not present in the server's reply:
```
    + TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgA8AAAA    RABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZA    BvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHIALgBkAG8AbQBhAGkAbgAu    AGMAbwBtAAAAAAA=
```

The client calculates and sends the Base-64 encoded Type 3 response (the line breaks below are for display purposes only):

    TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVA    AAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBU    AEkATwBOAMM3zVy9RPyXgqZnr21CfG3mfCDC0+d8ViWpjBwx6BhHRmspst9GgPOZWP    uMITqcxg==

The server validates the response and indicates the result of authentication:
```
    0001 OK AUTHENTICATE NTLM completed.
```

After authentication has completed, the IMAP session enters the authenticated state.

NTLM SMTP Authentication

In addition to the NTLM authentication mechanisms provided for POP3 and IMAP, Exchange provides similar functionality for the SMTP protocol. This allows NTLM authentication of users sending outgoing mail messages. This is a proprietary extension used with the SMTP AUTH command (documented in

RFC 2554).

The SMTP NTLM authentication handshake operates as follows:

The server may indicate support for NTLM as an authentication mechanism in the EHLO reply. Upon connecting to the SMTP server, the client would send the initial EHLO message:
```
    EHLO client.example.com
```
The server responds with the list of supported extensions; the NTLM authentication extension is indicated by its presence in the list of AUTH mechanisms as shown below. Note that the AUTH list is sent twice (once with an "=" and once without). The "AUTH=" form was apparently specified in a draft of the RFC; sending both forms ensures that clients implemented against this draft are supported.
```
    250-server.example.com Hello [10.10.2.20]    250-HELP    250-AUTH LOGIN NTLM    250-AUTH=LOGIN NTLM    250 SIZE 10240000
```
The client initiates NTLM authentication by sending an AUTH command specifying NTLM as the authentication mechanism and providing the Base-64 encoded Type 1 message as a parameter:
```
    AUTH NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==
```
According to RFC 2554, the client may opt not to send the initial response parameter (instead merely sending "AUTH NTLM" and waiting for an empty server challenge before replying with the Type 1 message). However, this did not appear to work properly when tested against Exchange.

The server replies with a 334 response containing the Type 2 challenge message (again, Base-64 encoded). This is shown below; the line breaks are for editorial clarity and are not present in the server's reply:

    334 TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgA8AAAA    RABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZA    BvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHIALgBkAG8AbQBhAGkAbgAu    AGMAbwBtAAAAAAA=

The client calculates and sends the Base-64 encoded Type 3 response (the line breaks below are for display purposes only):

    TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVA    AAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBU    AEkATwBOAMM3zVy9RPyXgqZnr21CfG3mfCDC0+d8ViWpjBwx6BhHRmspst9GgPOZWP    uMITqcxg==

The server validates the response and indicates the result of authentication:
```
    235 NTLM authentication successful.
```

After authenticating, the client is able to send messages normally.

NTLMv1 Authentication; NTLM1 Signing and Sealing Using the LM User Session Key

Demonstration of NTLMv1 authentication with LM User Session Key NTLM1 signing and sealing (without key exchange). NTLM response is manually removed from the Type 3 message to force the server-side context to use the LM User Session Key.

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Following flags were masked off of resulting Type 1message:    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)4e544c4d535350000100000037820000000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 message37820000            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c0030000000358281006da297169f7aa9c20000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)35828100            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate Target Info          (0x00800000)6da297169f7aa9c2    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message; NTLM responseis removed to force usage of the LM User Session Key:4e544c4d5353500003000000180018004000000000000000000000000c000c005800000008000800640000000c000c006c0000000000000000000000358280002e17884ea16177e2b751d53b5cc756c3cd57cdfd6e3bf8b954004500530054004e00540074006500730074004d0045004d004200450052004e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180040000000    LM/LMv2 Response (length 24, offset 64)0000000000000000    NTLM/NTLMv2 Response (empty, removed)0c000c0058000000    Domain Name header (length 12, offset 88)0800080064000000    User Name header (length 8, offset 100)0c000c006c000000    Workstation Name header (length 12, offset 108)0000000000000000    Session Key header (empty)35828000            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate Target Info          (0x00800000)2e17884ea16177e2b751d53b5cc756c3cd57cdfd6e3bf8b9    LM/LMv2 Response54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper35828101    flags0000000000000000f8290900f8290900782a0900782a09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f28010000624aac413795cdc10000000000000000    outbound signing key624aac413795cdc10000000000000000    inbound verifying key624aac413795cdc10000000000000000    outbound encrypting key624aac413795cdc10000000000000000    inbound decrypting key00000000000000000000000059ad15f0da768c3d17b6c57d41885c21d530a998e4140743f86c0a45067994a34a91002db96aae962b0b7abe77feaf1651ccaa249ae754563ab8abe6c9869ddc1d1052e3328a6f2564b0f7408eeb6b57e9d268dd73198b5bf3c75a995e1fbffabcdf851a958fc2ea49a8d839fc5dd755fb44c4a258600523ed7ea1ee38351bca29b72f37d075b567a5d4123ee20de5a09b63ffd633183bfd660ef5780ceccb286e97c8e0e84e48c16d7b114cbaa622b4c62708655f1e20c32cf2bb7fb136f672accf84027c3101d1902eb2932ab3e13f4271826209343c1c61269cd3f450925380cd47f946f1efc00313cedb4fa49e879fbd04a7748969d970830f4b8dde814d0000000000000000000000000000000059ad15f0da768c3d17b6c57d41885c21d530a998e4140743f86c0a45067994a34a91002db96aae962b0b7abe77feaf1651ccaa249ae754563ab8abe6c9869ddc1d1052e3328a6f2564b0f7408eeb6b57e9d268dd73198b5bf3c75a995e1fbffabcdf851a958fc2ea49a8d839fc5dd755fb44c4a258600523ed7ea1ee38351bca29b72f37d075b567a5d4123ee20de5a09b63ffd633183bfd660ef5780ceccb286e97c8e0e84e48c16d7b114cbaa622b4c62708655f1e20c32cf2bb7fb136f672accf84027c3101d1902eb2932ab3e13f4271826209343c1c61269cd3f450925380cd47f946f1efc00313cedb4fa49e879fbd04a7748969d970830f4b8dde814d000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"lmHash = lmEncrypt(password, "KGS!@#$%") = 0x624aac413795cdc1ff17365faf1ffe89LMUserSessionKey = trunc(lmHash) = 0x624aac413795cdc10000000000000000Key is *not* weakened (NTLM1 only weakens Lan Manager Session Keys).Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:0100000090010700cacc888006466cb5CRC32(0x0102030405060708) = 0xc588ca3fSequence number is 0.0x00000000 + crc32 + seqnum = 0x00000000c588ca3f00000000RC4(key, 0x00000000c588ca3f00000000) = 0xdd0e70b1cacc888006466cb5version num + first 4 bytes overwritten with counter value (0x90010700 here):0100000090010700cacc888006466cb5 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:48793abbf0145ddb01000000a0030700e286c6021ffc374209613b9790f7d40e0100000088030700fb8e614d1cf2284csame RC4 cipher is used from previous signing operation (i.e., not reset):RC4(0x0102030405060708) = sealed message = 0x48793abbf0145ddbtrailer buffer gets signature; again uses same RC4 cipher(sequence number is now 1 because of previous signing):RC4(0x00000000c588ca3f01000000) = 0x623bc698e286c6021ffc3742version num + first 4 bytes overwritten w/counter (0xa0030700):01000000a0030700e286c6021ffc3742 = trailer signaturesecond message is same:RC4(0x0102030405060708) = sealed message = 0x09613b9790f7d40etrailer buffer signature with sequence 2:RC4(0x00000000c588ca3f02000000) = 0x85433470fb8e614d1cf2284cversion num + first 4 bytes overwritten w/counter (0x88030700)0100000088030700fb8e614d1cf2284c = trailer signature

NTLMv1 Authentication; NTLM1 Signing and Sealing Using the 56-bit Lan Manager Session Key

Demonstration of NTLMv1 authentication with 56-bit Lan Manager Session Key NTLM1 signing and sealing (without key exchange).

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Following flags were masked off of resulting Type 1message:    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)4e544c4d5353500001000000b7820080000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 messageb7820080            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate 56                   (0x80000000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c0030000000b5828180c77c1fcdb77ad0420000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)b5828180            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate Target Info          (0x00800000)    Negotiate 56                   (0x80000000)c77c1fcdb77ad042    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000018001800780000000c000c0040000000080008004c0000000c000c00540000000000000090000000b582808054004500530054004e00540074006500730074004d0045004d004200450052002e1580af209c1579bbd95a0c9568e2a7455764064cd8ff8c75791b1820178018c9d00365a5dedfaa455ef8c3b3ad1c1c4e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)1800180078000000    NTLM/NTLMv2 Response header (length 24, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)0000000090000000    Session Key header (empty)b5828080            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate Target Info          (0x00800000)    Negotiate 56                   (0x80000000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")2e1580af209c1579bbd95a0c9568e2a7455764064cd8ff8c    LM/LMv2 Response75791b1820178018c9d00365a5dedfaa455ef8c3b3ad1c1c    NTLM/NTLMv2 Response--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpperb5828181    flags, also has an unknown flag set0000000000000000e8290900e8290900682a0900682a09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f20010000f41c7848bec59daa4cfe52156645f77bf41c7848bec59daa4cfe52156645f77bf41c7848bec59daa4cfe52156645f77bf41c7848bec59daa4cfe52156645f77b000000000000000000000000f41115be030662aca4a022504869d30421ae431964da92b42af589ea8a4e5f5e4c140ab6b342bacb3405ce25e787e5176f30108229c538b5db44e86b1367ad86573b5294818d6e5174f683c10ecf2ec7a27831dd1efbeeb2fe7302e48b402061af07bf45d5bcfacc36b81c3e3d6018128e79a54b93998097ab66b798720bbd47d96a6890d2c2f0ffcdc985a9955ae09fc36c54f17f71d0287d8fdea34df356886dc6bb1dc823241a7e7ac4edefa10d7c26d18c77639675d40ce37bebf75cd62cecfd84769a3fb15ba82d2f53d74f32fca7e6aa0f279bb02b41084ae1f8dff2e9e2399c003aa6b95d5833ca1b37dc65593c914916099e7001551f9dd8c04635f900000000000000000000000000000000f41115be030662aca4a022504869d30421ae431964da92b42af589ea8a4e5f5e4c140ab6b342bacb3405ce25e787e5176f30108229c538b5db44e86b1367ad86573b5294818d6e5174f683c10ecf2ec7a27831dd1efbeeb2fe7302e48b402061af07bf45d5bcfacc36b81c3e3d6018128e79a54b93998097ab66b798720bbd47d96a6890d2c2f0ffcdc985a9955ae09fc36c54f17f71d0287d8fdea34df356886dc6bb1dc823241a7e7ac4edefa10d7c26d18c77639675d40ce37bebf75cd62cecfd84769a3fb15ba82d2f53d74f32fca7e6aa0f279bb02b41084ae1f8dff2e9e2399c003aa6b95d5833ca1b37dc65593c914916099e7001551f9dd8c04635f9000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"lmHash = lmEncrypt(password, "KGS!@#$%") = 0x624aac413795cdc1ff17365faf1ffe89trunc(lmHash + pad) = 0x624aac413795cdc1bdbdbdbdbdbdlmResponse[0-7] = 0x2e1580af209c1579LanManagerSessionKey =    lmEncrypt(0x624aac413795cdc1bdbdbdbdbdbd, 0x2e1580af209c1579) =        0xf41c7848bec59daa4cfe52156645f77bKey is weakened to 56-bit w/0xa0 = 0xf41c7848bec59da0Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:0100000090010700598d18d8150514ccCRC32(0x0102030405060708) = 0xc588ca3fSequence number is 0.0x00000000 + crc32 + seqnum = 0x00000000c588ca3f00000000RC4(key, 0x00000000c588ca3f00000000) = 0x2cfc55af598d18d8150514ccversion num + first 4 bytes overwritten with counter value (0x90010700 here):0100000090010700598d18d8150514cc = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:357f77b267a494c101000000a0030700fb2ce7d1bfd23a0a4db804533e6ffc2301000000880307003736d2b43c149c48same RC4 cipher is used from previous signing operation (i.e., not reset):RC4(0x0102030405060708) = sealed message = 0x357f77b267a494c1trailer buffer gets signature; again uses same RC4 cipher(sequence number is now 1 because of previous signing):RC4(0x00000000c588ca3f01000000) = 0x757b9976fb2ce7d1bfd23a0aversion num + first 4 bytes overwritten w/counter (0xa0030700):01000000a0030700fb2ce7d1bfd23a0a = trailer signaturesecond message is same:RC4(0x0102030405060708) = sealed message = 0x4db804533e6ffc23trailer buffer signature with sequence 2:RC4(0x00000000c588ca3f02000000) = 0x5eb9ab2f3736d2b43c149c48version num + first 4 bytes overwritten w/counter (0x88030700)01000000880307003736d2b43c149c48 = trailer signature

NTLMv1 Authentication; NTLM1 Signing and Sealing Using the 40-bit Lan Manager Session Key

Demonstration of NTLMv1 authentication with 40-bit Lan Manager Session Key NTLM1 signing and sealing (without key exchange).

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Following flags were masked off of resulting Type 1message:    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)4e544c4d5353500001000000b7820000000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 messageb7820000            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c0030000000b58281007116b94341ee4e700000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)b5828100            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate Target Info          (0x00800000)7116b94341ee4e70    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000018001800780000000c000c0040000000080008004c0000000c000c00540000000000000090000000b582800054004500530054004e00540074006500730074004d0045004d0042004500520066271e46d60b246d25fcc3340235841057c2821f490d073304c6e94c5624abad6c922d8e64b6c86d43138f8f0d94fc3f4e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)1800180078000000    NTLM/NTLMv2 Response header (length 24, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)0000000090000000    Session Key header (empty)b5828000            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate Target Info          (0x00800000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")66271e46d60b246d25fcc3340235841057c2821f490d0733    LM/LMv2 Response04c6e94c5624abad6c922d8e64b6c86d43138f8f0d94fc3f    NTLM/NTLMv2 Response--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpperb5828101    flags0000000000000000182e0900182e0900982e0900982e09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f20010000b98a3a22c81e31f99e7eca1e123c04d1    outbound signing keyb98a3a22c81e31f99e7eca1e123c04d1    inbound verifying keyb98a3a22c81e31f99e7eca1e123c04d1    outbound encrypting keyb98a3a22c81e31f99e7eca1e123c04d1    inbound decrypting key000000000000000000000000b94480a5718a4f50e1a4e815e91021e0a9a387263fbbd69d6e3b03a2027c0e561c47582cab375deacb92462f4db09bb32965670de5dc573e7bf20a901fb68ecd6d697800a1ced9de7a9a79091b5318b104c827bf7791ad3448c606c5e4bca6eb7da0949e28ec137596fd5cbaeedb08af52898845a75a95e78d63c36bfe054af0703df1432aef32f3b2d8594e9961b5251d33f9ae8b2b8fc46a2ef520140fc1d1d3f785428493a8ff3af8cad216da734c556fdfb4384bb8acf4687672367f1a23835fc20bcfc05bd0fadd31edfb98b78c823cc9cc629faa1924e3d4300c8681bd7411e6e235be49396601419cd7541251f6605ed51e6cfcc7407e97176407222d00000000000000000000000000000000b94480a5718a4f50e1a4e815e91021e0a9a387263fbbd69d6e3b03a2027c0e561c47582cab375deacb92462f4db09bb32965670de5dc573e7bf20a901fb68ecd6d697800a1ced9de7a9a79091b5318b104c827bf7791ad3448c606c5e4bca6eb7da0949e28ec137596fd5cbaeedb08af52898845a75a95e78d63c36bfe054af0703df1432aef32f3b2d8594e9961b5251d33f9ae8b2b8fc46a2ef520140fc1d1d3f785428493a8ff3af8cad216da734c556fdfb4384bb8acf4687672367f1a23835fc20bcfc05bd0fadd31edfb98b78c823cc9cc629faa1924e3d4300c8681bd7411e6e235be49396601419cd7541251f6605ed51e6cfcc7407e97176407222d000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"lmHash = lmEncrypt(password, "KGS!@#$%") = 0x624aac413795cdc1ff17365faf1ffe89trunc(lmHash + pad) = 0x624aac413795cdc1bdbdbdbdbdbdlmResponse[0-7] = 0x66271e46d60b246dLanManagerSessionKey =    lmEncrypt(0x624aac413795cdc1bdbdbdbdbdbd, 0x66271e46d60b246d) =        0xb98a3a22c81e31f99e7eca1e123c04d1Key is weakened to 40-bit w/0xe538b0 = 0xb98a3a22c8e538b0Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:01000000ffffff001a7599e9ad0ad460CRC32(0x0102030405060708) = 0xc588ca3fSequence number is 0.0x00000000 + crc32 + seqnum = 0x00000000c588ca3f00000000RC4(key, 0x00000000c588ca3f00000000) = 0xbeb185ce1a7599e9ad0ad460version num + first 4 bytes overwritten with counter value (0xffffff00 here):01000000ffffff001a7599e9ad0ad460 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:075c81a318754894010000006003070033df86be9d65813dda731ecef152bd750100000048030700a61d753437944ee5same RC4 cipher is used from previous signing operation (i.e., not reset):RC4(0x0102030405060708) = sealed message = 0x075c81a318754894trailer buffer gets signature; again uses same RC4 cipher(sequence number is now 1 because of previous signing):RC4(0x00000000c588ca3f01000000) = 0x0004c5b033df86be9d65813dversion num + first 4 bytes overwritten w/counter (0x60030700):010000006003070033df86be9d65813d = trailer signaturesecond message is same:RC4(0x0102030405060708) = sealed message = 0xda731ecef152bd75trailer buffer signature with sequence 2:RC4(0x00000000c588ca3f02000000) = 0xf012a98ca61d753437944ee5version num + first 4 bytes overwritten w/counter (0x48030700)0100000048030700a61d753437944ee5 = trailer signature

NTLMv1 Datagram-Style Authentication; NTLM1 Signing and Sealing Using the 40-bit Lan Manager Session Key With Key Exchange Negotiated

Demonstration of datagram-style authentication with default options (defaults to 40-bit Lan Manager Session Key NTLM1 with key exchange when used with NTLMv1).

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with:    ISC_REQ_INTEGRITY | ISC_REQ_CONFIDENTIALITY | ISC_REG_DATAGRAMProduces no token (datagram-style).  Client context can be used for signingand sealing immediately.--------------------------------------------------------------------------------AcceptSecurityContext called with:    ASC_REQ_INTEGRITY | ASC_REQ_CONFIDENTIALITY | ASC_REG_DATAGRAMProduces a Type 2 message:4e544c4d53535000020000000000000030000000f38298e0ada5839570b5cb99000000000000000000000000300000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0000000030000000    Target Name header (empty)f38298e0            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Datagram Style       (0x00000040)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Request Init Response          (0x00100000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)ada5839570b5cb99    Challenge0000000000000000    Context0000000030000000    Target Information header (empty)--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000018001800780000000c000c0040000000080008004c0000000c000c00540000001000100090000000f582804054004500530054004e00540074006500730074004d0045004d00420045005200e8cff653006525da77c6bef2fed79bc6d7d839f598ead91a4e37300050075eebaa5915480c3620b8ee6fa869cdf16e7c9227ebee8b19a312664fa4ed44bd33774e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)1800180078000000    NTLM/NTLMv2 Response header (length 24, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)1000100090000000    Session Key header (length 16, offset 144)f5828040            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Datagram Style       (0x00000040)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate Target Info          (0x00800000)    Negotiate Key Exchange         (0x40000000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")e8cff653006525da77c6bef2fed79bc6d7d839f598ead91a    LM/LMv2 Response4e37300050075eebaa5915480c3620b8ee6fa869cdf16e7c    NTLM/NTLMv2 Response9227ebee8b19a312664fa4ed44bd3377                    Session Key--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpperf5828041    flags000000000000000080740a0080740a0000750a0000750a000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f20010000d56070a4c355c2d91693d8f3406d4d82    outbound signing keyd56070a4c355c2d91693d8f3406d4d82    inbound verifying keyd56070a4c355c2d91693d8f3406d4d82    outbound encrypting keyd56070a4c355c2d91693d8f3406d4d82    inbound decrypting key00000000000000000000000005f9b27f16db3ea4563b296433256b1076cdd372908ac60367f37d5e495c11ab378f70d165ea3d633ca5f819e2f45a3906328b8993718c7726d78145042099a7b0dde1c831986f661ef6bc9dc7de558d80ed447e4cdf749b02b346c4227915cc09cb75c9430fa3ba53c018fa78b7daff9f62b9efd2a92a60845fe5e0278692dce983be951f24b6a2ec592194bd352c0cb596fd7ae747fba0a1c5340861b85dc191f1aad9fc14e801858251d687a61dbbb157303fd0bf73e4ce526a9c0d0ec250d454cf2e38ad4dac6c42f0b41223079ef21b7ba83a0a7c5b2debca404f1300e6d58e582b692f68eee31a88c3ae4a17fe4b484e419a1c280b6e36afd8f56d97f70000000000000000000000000000000005f9b27f16db3ea4563b296433256b1076cdd372908ac60367f37d5e495c11ab378f70d165ea3d633ca5f819e2f45a3906328b8993718c7726d78145042099a7b0dde1c831986f661ef6bc9dc7de558d80ed447e4cdf749b02b346c4227915cc09cb75c9430fa3ba53c018fa78b7daff9f62b9efd2a92a60845fe5e0278692dce983be951f24b6a2ec592194bd352c0cb596fd7ae747fba0a1c5340861b85dc191f1aad9fc14e801858251d687a61dbbb157303fd0bf73e4ce526a9c0d0ec250d454cf2e38ad4dac6c42f0b41223079ef21b7ba83a0a7c5b2debca404f1300e6d58e582b692f68eee31a88c3ae4a17fe4b484e419a1c280b6e36afd8f56d97f7000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"lmHash = lmEncrypt(password, "KGS!@#$%") = 0x624aac413795cdc1ff17365faf1ffe89trunc(lmHash + pad) = 0x624aac413795cdc1bdbdbdbdbdbdlmResponse[0-7] = 0xe8cff653006525daLanManagerSessionKey =    lmEncrypt(0x624aac413795cdc1bdbdbdbdbdbd, 0xe8cff653006525da) =        0x97dba8c110cd6b7976c02c203c6be07aKey exchange performed:type3Key (from Type 3) = 0x9227ebee8b19a312664fa4ed44bd3377key = RC4(LanManagerSessionKey, type3Key) =    0xd56070a4c355c2d91693d8f3406d4d82Key is weakened to 40-bit w/0xe538b0 = 0xd56070a4c3e538b0Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:010000009801070012c00705ba25a7ecCRC32(0x0102030405060708) = 0xc588ca3fSequence number is 0.0x00000000 + crc32 + seqnum = 0x00000000c588ca3f00000000RC4(key, 0x00000000c588ca3f00000000) = 0x39ec604d12c00705ba25a7ecversion num + first 4 bytes overwritten with counter value (0x98010700 here):010000009801070012c00705ba25a7ec = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:38ee6349d24eca32010000008803070012c00705ba25a7ec38ee6349d24eca32010000007003070012c00705ba25a7ecRC4 cipher is reset after each signing/sealing operation in datagram-style:RC4(key, 0x0102030405060708) = sealed message = 0x38ee6349d24eca32trailer buffer gets signature; RC4 cipher is reset and sequence number is*not* incremented in datagram-style:RC4(key, 0x00000000c588ca3f00000000) = 0x39ec604d12c00705ba25a7ecversion num + first 4 bytes overwritten w/counter (0x88030700):010000008803070012c00705ba25a7ec = trailer signaturesecond message is same:RC4(key, 0x00000000c588ca3f00000000) = 0x39ec604d12c00705ba25a7ecversion num + first 4 bytes overwritten w/counter (0x70030700):010000007003070012c00705ba25a7ec = trailer signature

NTLMv1 Authentication; NTLM1 "Dummy" Signing and Sealing Using the NTLM User Session Key

Demonstration of "dummy" signing and sealing. Context is *not* initialized with support for integrity or confidentiality. "Negotiate Always Sign" is negotiated, which allows the context to be used in dummy signing and sealing.

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with default options.  Produces Type 1 message:4e544c4d5353500001000000078200a0000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 message078200a0            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate 128                  (0x20000000)    Negotiate 56                   (0x80000000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with default options. Produces Type 2 message:4e544c4d53535000020000000c000c0030000000058281a0eacf7d5a2a6fa7d40000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)058281a0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate 56                   (0x80000000)eacf7d5a2a6fa7d4    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)1800180078000000    NTLM/NTLMv2 Response header (length 24, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)0000000090000000    Session Key header (empty)058280a0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate 56                   (0x80000000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")6c454794b50321a067fdf78e92ee5085a5b0a23057e9125b    LM/LMv2 Responsed2025bc5d6c201af7472550a677ca9904245a16ebb542a8e    NTLM/NTLMv2 Response--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper058281a1    flags000000000000000028f5080028f50800a8f50800a8f508000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f20010000ae33a32dca8c9821844f740d5b3f4d6c    outbound signing keyae33a32dca8c9821844f740d5b3f4d6c    inbound verifying keyae33a32dca8c9821844f740d5b3f4d6c    outbound encrypting keyae33a32dca8c9821844f740d5b3f4d6c    inbound decrypting key000000000000000000000000ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e2908cf90e0057f622d31a92b7d0ca6f586d5d36e24af70cdbe52ea49d067aa4ffae85a5cb1a41e3241a288f8de8a4c8909593cc698b657750af014b26f13778eee855310d716f61ce5c795a0a3bbac358bb02611c954a54b2791d6e297f1fd8c6d18fffc190b9c69b80122f7c8fb036146c2b581443960fe239b967b17e33de15b73e445401f1db3a8c5ad51f48d665e38796b8263b9ca363f763aef71d1ec12d8a76cb46a333b0fddab7850ba3493dcd4077299d22515eb5f300221e9e79a80d91a1b4d2865e6ccc3470eda7c4ace04bfbddbedc1cb207483f343c4a1422c7a9200000000000000000000000000000000ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e2908cf90e0057f622d31a92b7d0ca6f586d5d36e24af70cdbe52ea49d067aa4ffae85a5cb1a41e3241a288f8de8a4c8909593cc698b657750af014b26f13778eee855310d716f61ce5c795a0a3bbac358bb02611c954a54b2791d6e297f1fd8c6d18fffc190b9c69b80122f7c8fb036146c2b581443960fe239b967b17e33de15b73e445401f1db3a8c5ad51f48d665e38796b8263b9ca363f763aef71d1ec12d8a76cb46a333b0fddab7850ba3493dcd4077299d22515eb5f300221e9e79a80d91a1b4d2865e6ccc3470eda7c4ace04bfbddbedc1cb207483f343c4a1422c7a92000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"ntlmHash = md4(password) = 0x3b1b47e42e0463276e3ded6cef349f93NTLMUserSessionKey = md4(ntlmHash) = 0xae33a32dca8c9821844f740d5b3f4d6cKey is *not* weakened (NTLM1 only weakens Lan Manager Session Keys).Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:01000000000000000000000000000000 ("dummy" signature)--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:2194108dc8f329290100000048020700fa4f9c95a098b2588f88dc2f36cd5e710100000030020700d825f5a1154aa5fcRC4(key, 0x0102030405060708) = sealed message = 0x2194108dc8f32929trailer buffer gets signature; uses same RC4 cipher as sealing(sequence number is 0, previous dummy signing doesn't count):RC4(0x00000000c588ca3f00000000) = 0x039ae5c5fa4f9c95a098b258version num + first 4 bytes overwritten w/counter (0x48020700):0100000048020700fa4f9c95a098b258 = trailer signaturesecond message is same:RC4(0x0102030405060708) = sealed message = 0x8f88dc2f36cd5e71trailer buffer signature with sequence 1 (previous trailer signatureincremented it):RC4(0x00000000c588ca3f01000000) = 0x6b9317f7d825f5a1154aa5fcversion num + first 4 bytes overwritten w/counter (0x30020700)0100000030020700d825f5a1154aa5fc = trailer signature

NTLM2 Session Response Authentication; NTLM2 Signing and Sealing Using the 128-bit NTLM2 Session Response User Session Key With Key Exchange Negotiated

Demonstration of NTLMv1 authentication with 128-bit NTLM2 Session Response User Session Key NTLM2 signing and sealing, with key exchange enabled.

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.4e544c4d5353500001000000b78208e0000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 messageb78208e0            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c0030000000358289e0677f1c557a5ee96c0000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)358289e0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)677f1c557a5ee96c    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000018001800780000000c000c0040000000080008004c0000000c000c00540000001000100090000000358288e054004500530054004e00540074006500730074004d0045004d00420045005200404d1b6f6915258000000000000000000000000000000000ea8cc49f24da157f13436637f77693d8b992d619e584c7ee727a5240822ec7af4e9100c43e6fee7f4e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)1800180078000000    NTLM/NTLMv2 Response header (length 24, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)1000100090000000    Session Key header (length 16, offset 144)358288e0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")404d1b6f6915258000000000000000000000000000000000    LM/LMv2 Responseea8cc49f24da157f13436637f77693d8b992d619e584c7ee    NTLM/NTLMv2 Response727a5240822ec7af4e9100c43e6fee7f                    Session Key--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:48a42e7848a42e780000000000000000000000000000000070f10b00    server context handle dwUpper358289e1    flags0000000000000000382e09003c2e0900b82e0900c82f09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f200100006c713b60e6571035c9396ece1e456395    outbound signing keye775c02a63d159ec64185f6d7d993344    inbound verifying keye9b0f8e2cbf7b453b8389e8d2d7bb4ba    outbound encrypting keycc0fc51f360b7da837cde6cb417fd735    inbound decrypting key000000000000000000000000e932727927bbfe589b599a99d212bf23479fa99e7d8953bd6764862e690a6facb5f935ba02df8a75e415ddf7d30fc9a89778a2b7d4f0cc0c032b8757b43126638c0b39136536b8af1c3a774fc890cf30fbd16b18059c5eec7b3b3782efe06628216aeda7e83fcb1446344bdeeb1ef5914ad894333d96ea51fdfc8311ad175b52254ed93ce58bff50d0c78561aeb36ef8952c205acef3cad506085d5c700080abc6d77c22b1c22fb9c32a73a0481d100e298e929dc0e1a671ee1f8d4438a5c476f22d847ec1196ce6094d5f3edc4201b28f6d43aaf4cdf1e362d6fa98a19307b055f640e7544c457424bc04c5dadb41160d7f88beb656a41be21a607a688149a300000000000000000000000000000000cc094487604571968040c0ac1fe2da492938751932bc4139040def8c27635807ad4e68b5ab6c6a65897f8f2df24f02164cc35466d0111d81f026a23d6d7221fd34c9cb885e52b10ec88e532ec57a8ba5a6eb3f769446b62ab8a3840548220cd8ff3b9bb2b731e1e64a50ae08917dc28d869215cf5a677920a801a493c143ec971efb576bd717b0303ea9be9fdb9a5dd55b1b8a77aaf42f9ccea183ea6eb36428f7984bf9d39e9524a7eedd00cae5425533d9bded0b51ded2e43769c7c41a7bc6af595ff1e33612e8614ddfe9f523785673a085fcd1d67ed4356f5ccd9ddc90030a4799bb2b70e71418823cfa06e0f62cbffe133a7cb4baf8101cf325620fb974000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"ntlmHash = md4(password) = 0x3b1b47e42e0463276e3ded6cef349f93NTLMUserSessionKey = md4(ntlmHash) = 0xae33a32dca8c9821844f740d5b3f4d6cchallenge (from Type 2) = 0x677f1c557a5ee96cnonce (from Type 3) = 0x404d1b6f69152580NTLM2SessionResponseUserSessionKey =    HMAC(NTLMUserSessionKey, challenge + nonce) =        0x0d4b30a8750b73ab2dab39e889455fcdKey exchange performed:type3Key (from Type 3) = 0x727a5240822ec7af4e9100c43e6fee7fkey = RC4(NTLM2SessionResponseUserSessionKey, type3Key) =    0x5764dc0a93b1292fa898c29524c30a54We are using server context:serverSigningConstant =    "session key to server-to-client signing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207369676e696e67206b6579206d6167696320636f6e7374616e7400serverSealingConstant =    "session key to server-to-client sealing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207365616c696e67206b6579206d6167696320636f6e7374616e7400signingKey = MD5(key + serverSigningConstant) =    0x6c713b60e6571035c9396ece1e456395User Session Key is not weakened (128-bit negotiated).sealingKey = MD5(key + serverSealingConstant) =    0xe9b0f8e2cbf7b453b8389e8d2d7bb4baCalled MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:0100000069de1aff9cbee43100000000Sequence number is 0.seqnum + message = 0x000000000102030405060708HMAC(signingKey, 0x000000000102030405060708) =    0x9d642651faec52f2164297dcaaa1ff6esig = RC4(sealingKey, first 8 bytes) = 0x69de1aff9cbee431version num + sig + seqnum:0100000069de1aff9cbee43100000000 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:5b4cbbd3b2d8e8a401000000272c6dee5b236fe20100000029535954c1e00fb9010000002922b8fcada4cda202000000Uses RC4 cipher from previous signing operation (key exchange encryptssignature with sealing key as well).RC4(0x0102030405060708) = sealed message = 0x5b4cbbd3b2d8e8a4trailer buffer gets signature (sequence number is now 1 because of previoussigning, same RC4 cipher used for this signature too):HMAC(signingKey, 0x010000000102030405060708) =    0x1b7fc502e4cc73b6d85360d7ee052800sig = RC4(first 8 bytes) = 0x272c6dee5b236fe2version num + sig + seqnum:01000000272c6dee5b236fe201000000 = trailer signaturesecond message is same, using RC4 cipher from previous operations:RC4(0x0102030405060708) = sealed message = 0x29535954c1e00fb9trailer buffer signature with sequence 2:HMAC(signingKey, 0x020000000102030405060708) =   0x3e46a45716671a6e0d056636f77db4bbsig = RC4(first 8 bytes) = 0x2922b8fcada4cda2version num + sig + seqnum:010000002922b8fcada4cda202000000 = trailer signature

NTLM2 Session Response Authentication; NTLM2 Signing and Sealing Using the 40-bit NTLM2 Session Response User Session Key

Demonstration of NTLMv1 authentication with 40-bit NTLM2 Session Response User Session Key NTLM2 signing and sealing (without key exchange).

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Following flags were masked off of resulting Type 1message:    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)4e544c4d5353500001000000b7820800000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 messageb7820800            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)0000000000000000    Supplied Domain (empty, supplied credentials)0000000000000000    Supplied Workstation (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c003000000035828900919013ccde5c4d160000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)35828900            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)919013ccde5c4d16    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000018001800780000000c000c0040000000080008004c0000000c000c005400000000000000900000003582880054004500530054004e00540074006500730074004d0045004d0042004500520002a668799b43b02600000000000000000000000000000000191c91d68a26a93382ec89178c1e496d8f2f63a1c7dc0b544e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)1800180078000000    NTLM/NTLMv2 Response header (length 24, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)0000000090000000    Session Key header (empty)35828800            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")02a668799b43b02600000000000000000000000000000000    LM/LMv2 Response191c91d68a26a93382ec89178c1e496d8f2f63a1c7dc0b54    NTLM/NTLMv2 Response--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper35828901    flags0000000000000000f8290900fc290900782a0900882b09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f20010000605b738984f36aea7d2ccc5678670f2c    outbound signing key94d75dd6591eb8569d8480b5c9c25136    inbound verifying keye4c55ca209611e9e007009731b7103d5    outbound encrypting key738e75e9b0df0ac9139839abf5cc8354    inbound decrypting key00000000000000000000000037aa90adbac5442beb5c77f553b782d01859687c2e421e524e2fbc4ad5ff055543657a283af2366b3f3cafa80372a3a781b123dd6f2c22e45e0c57d23bd78399f64935c94bbf9112156a67a2dc843e1a7069f8ec30f99388fa61c4cf4c3d3824b046df9c31fc0a0150d6638ca17fb651c79db25d07efbea5dea02580fe406211ea9b1341b41f76e366857d5afbe92adb6ee2940bfd6c4fe12995b5acc05fbb73a98bbd33b906ae14a4da00cb0dcc1b75f0edc2792d9e60cef1c192741d8a10398d7b479a97b30e20f4217ef39fe6c30948199604c8f79856d1ee4dd9e589648e26ca86c67802e78f5b34e8a617d3ab5408582745cdd416711c32e06d87b80fd800000000000000000000000000000000eb024b64187446dcf798db69a299356807ba78fec2b642e6cd77a097a80bb9a538e7548a935d923dbd22e1b7d80127fc1cc9fad61e404eac033f6bab10e57923878f729e84500ce97139d5cb8c11c7b21741e2325f56a34aad757a804f34ed19a747bf05af9b912f94ffea700dd43a8806d73eb4458bd97e1a375c6d9633f3c649092dc8635a9a589ce35221c5dda1f926ef1f6a5bc03bb1ce65e089149d2baa28b3cab59f448655306c25133629bc812c57be592a1b0e1204537bcf00d176b03c0faecce8f6c4dfd0674cfbd27d95fdf1da318e8d8582bbec7f16f0c162eea60a8324f26660151d2eb851736edea9e4f86f08a45e4dc3d37c48f54390f46120000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"ntlmHash = md4(password) = 0x3b1b47e42e0463276e3ded6cef349f93NTLMUserSessionKey = md4(ntlmHash) = 0xae33a32dca8c9821844f740d5b3f4d6cchallenge (from Type 2) = 0x919013ccde5c4d16nonce (from Type 3) = 0x02a668799b43b026NTLM2SessionResponseUserSessionKey =    HMAC(NTLMUserSessionKey, challenge + nonce) =        0x6b60097a8f9dbbff2d23f5b15377ca28We are using server context:serverSigningConstant =    "session key to server-to-client signing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207369676e696e67206b6579206d6167696320636f6e7374616e7400serverSealingConstant =    "session key to server-to-client sealing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207365616c696e67206b6579206d6167696320636f6e7374616e7400signingKey = MD5(key + serverSigningConstant) =    0x605b738984f36aea7d2ccc5678670f2cUser Session Key is weakened to 40-bit for sealing by truncating =    0x6b60097a8fsealingKey = MD5(weakenedKey + serverSealingConstant) =    0xe4c55ca209611e9e007009731b7103d5Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:01000000d1e2d811145d81ec00000000Sequence number is 0.seqnum + message = 0x000000000102030405060708HMAC(signingKey, 0x000000000102030405060708) =    0xd1e2d811145d81ecf5f8723312c75e3cversion num + first 8 bytes + seqnum:01000000d1e2d811145d81ec00000000 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:ab8d38bb0cad7dd601000000eed64de8afb80c8001000000b011cc07a7f6127b01000000644a8509d73ac48c02000000RC4(sealingKey, 0x0102030405060708) = sealed message = 0xab8d38bb0cad7dd6trailer buffer gets signature (sequence number is now 1 because of previoussigning):HMAC(signingKey, 0x010000000102030405060708) =    0xeed64de8afb80c801ea5ddd1d98cbdc8version num + first 8 bytes + seqnum:01000000eed64de8afb80c8001000000 = trailer signaturesecond message is same, using RC4 cipher from previous sealing operation:RC4(0x0102030405060708) = sealed message = 0xb011cc07a7f6127btrailer buffer signature with sequence 2:HMAC(signingKey, 0x020000000102030405060708) =    0x644a8509d73ac48c8f5a7f7f65bc8381version num + first 8 bytes + seqnum:01000000644a8509d73ac48c02000000 = trailer signature

NTLMv2 Authentication; NTLM1 Signing and Sealing Using the 40-bit NTLMv2 User Session Key

Demonstration of NTLMv2 authentication with NTLMv2 User Session Key NTLM1 signing and sealing (without key exchange).

LMCompatibilityLevel set to 3 (LMv2/NTLMv2).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Following flags were masked off of resulting Type 1message:    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)4e544c4d535350000100000037820000000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 message37820000            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c0030000000358281000033b02d17275b770000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)35828100            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate Target Info          (0x00800000)0033b02d17275b77    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000076007600780000000c000c0040000000080008004c0000000c000c005400000000000000ee0000003582800054004500530054004e00540074006500730074004d0045004d004200450052005d55a02b60a40526ac9a1e4d15fa45a0f2e6329726c598e8f77c67dad00b93216242b197fe6addfa0101000000000000502db638677bc301f2e6329726c598e80000000002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d0000000000000000004e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)7600760078000000    NTLM/NTLMv2 Response header (length 118, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)00000000ee000000    Session Key header (empty)35828000            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate Target Info          (0x00800000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")5d55a02b60a40526ac9a1e4d15fa45a0f2e6329726c598e8    LM/LMv2 ResponseNTLM/NTLMv2 Response:f77c67dad00b93216242b197fe6addfa0101000000000000502db638677bc301f2e6329726c598e80000000002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d000000000000000000--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper35828101    flags, also has an unknown flag set0000000000000000782e0900782e0900f82e0900f82e09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f200100001c4c7aaa7403acf01b1fa565bc950810    outbound signing key1c4c7aaa7403acf01b1fa565bc950810    inbound verifying key1c4c7aaa7403acf01b1fa565bc950810    outbound encrypting key1c4c7aaa7403acf01b1fa565bc950810    inbound decrypting key000000000000000000000000783ee50c1d1209b1cb2ea115e7899fbe9547b2b03c1ef14c20d102e0a7282a00d4919756821af4ff388a5333c51835fc482c71a5f6bdea3745e2dc6124dd3241c9a9849d267ebc3d7608554962235fb568d6874699cd141fb7395b801b796650ca0edaee65d2304afe707504067aefb38669eda3547f7c5d946ecf3aadbf437d6f4288e1d9a6935e63ae7ba467afaac1ccc3529a1c36d7b49cf2e407779e29853173db8d814e9b405cc00d01d5d016a022b6c62be96b90c2f792ecce4dc4f36cf58b2d74980a6dde17d3d8f8e63b0b7264342f600fab05580344bae88ffa5ab927df19f96a51bba8f083eb3f10ac218cfdc8fb8ea2255711c74b4f5913e3b89600000000000000000000000000000000783ee50c1d1209b1cb2ea115e7899fbe9547b2b03c1ef14c20d102e0a7282a00d4919756821af4ff388a5333c51835fc482c71a5f6bdea3745e2dc6124dd3241c9a9849d267ebc3d7608554962235fb568d6874699cd141fb7395b801b796650ca0edaee65d2304afe707504067aefb38669eda3547f7c5d946ecf3aadbf437d6f4288e1d9a6935e63ae7ba467afaac1ccc3529a1c36d7b49cf2e407779e29853173db8d814e9b405cc00d01d5d016a022b6c62be96b90c2f792ecce4dc4f36cf58b2d74980a6dde17d3d8f8e63b0b7264342f600fab05580344bae88ffa5ab927df19f96a51bba8f083eb3f10ac218cfdc8fb8ea2255711c74b4f5913e3b896000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"ntlmHash = md4(password) = 0x3b1b47e42e0463276e3ded6cef349f93ntlmv2Hash = hmac(ntlmHash, "TESTTESTNT") = 0xc4ea95cb148df11bf9d7c3611ad6d722challenge (from Type 2) = 0x0033b02d17275b77blob (from Type 3) = 0x0101000000000000502db638677bc301f2e6329726c598e80000000002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d000000000000000000NTLMv2UserSessionKey = HMAC(ntlmv2Hash(HMAC(ntlmv2Hash, challenge + blob))) =    0x1c4c7aaa7403acf01b1fa565bc950810Key is *not* weakened (NTLM1 only weakens Lan Manager Session Keys).Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:01000000ffffff0051cefea77f098ee3CRC32(0x0102030405060708) = 0xc588ca3fSequence number is 0.0x00000000 + crc32 + seqnum = 0x00000000c588ca3f00000000RC4(key, 0x00000000c588ca3f00000000) = 0x8661cb7d51cefea77f098ee3version num + first 4 bytes overwritten with counter value (0xffffff00 here):01000000ffffff0051cefea77f098ee3 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:f483b904264d83060100000098010700bd9719c0b34f5362022cc2127f9e206e01000000800307001855ec8494231273same RC4 cipher is used from previous signing operation (i.e., not reset):RC4(0x0102030405060708) = sealed message = 0xf483b904264d8306trailer buffer gets signature; again uses same RC4 cipher(sequence number is now 1 because of previous signing):RC4(0x00000000c588ca3f01000000) = 0x2246e9cbbd9719c0b34f5362version num + first 4 bytes overwritten w/counter (0x98010700):0100000098010700bd9719c0b34f5362 = trailer signaturesecond message is same:RC4(0x0102030405060708) = sealed message = 0x022cc2127f9e206etrailer buffer signature with sequence 2:RC4(0x00000000c588ca3f02000000) = 0x6fde4d031855ec8494231273version num + first 4 bytes overwritten w/counter (0x80030700)01000000800307001855ec8494231273 = trailer signature

NTLMv2 Authentication; NTLM2 Signing and Sealing Using the 56-bit NTLMv2 User Session Key

Demonstration of NTLMv2 authentication with 56-bit NTLMv2 User Session Key NTLM2 signing and sealing (without key exchange).

LMCompatibilityLevel set to 3 (LMv2/NTLMv2).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Following flags were masked off of resulting Type 1message:    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)4e544c4d5353500001000000b7820880000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 messageb7820880            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate 56                   (0x80000000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c003000000035828980514246973ea892c10000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)35828980            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 56                   (0x80000000)514246973ea892c1    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000076007600780000000c000c0040000000080008004c0000000c000c005400000000000000ee0000003582888054004500530054004e00540074006500730074004d0045004d00420045005200bf2e015119f6bdb3f6fdb768aa12d478f5ce3d2401c8f6e9caa4da8f25d5e840974ed8976d3ada46010100000000000030fa7e3c677bc301f5ce3d2401c8f6e90000000002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d0000000000000000004e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)7600760078000000    NTLM/NTLMv2 Response header (length 118, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)00000000ee000000    Session Key header (empty)35828880            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 56                   (0x80000000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")bf2e015119f6bdb3f6fdb768aa12d478f5ce3d2401c8f6e9    LM/LMv2 ResponseNTLM/NTLMv2 Response:caa4da8f25d5e840974ed8976d3ada46010100000000000030fa7e3c677bc301f5ce3d2401c8f6e90000000002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d000000000000000000--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper35828981    flags0000000000000000282e09002c2e0900a82e0900b82f09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f20010000f7301e5d23f1d578c51ec0728b67453e    outbound signing key06403212f9e8c05ce1739938c200eca5    inbound verifying key3d6483dce52cd6c4d7553545e607d92d    outbound encrypting keyccc6efbcea980c0ac685753a4c9bbe0c    inbound decrypting key0000000000000000000000003a6d27764b2010cdeda24d421b961cb92835eac0ecd6bf50375d308219362975443ce13be9d2621d1283dc484f3e6ae66c4e8851f12632c3c1d9d5808763770b9b61ebf7b7152252da1ff484b611732e3dcca15e9567939ce48bac450c7d46df14ff026557a49db4dbe54cde538c21c6d0a59a24d87a06498dd74340bc4a13ab6f851aa070a7587f9fa86b560d16d4e3b22d97b33147eefccbc87c6e3479f53fbab898af09865aa3692f5b330a99f600c2b118cec766fec903a6551ecfe0e225e77bae642ad3c5fa0fbb0e5caac4bd9e07ef2b602c1754f2908eb501be5991fd41ad688add8f392308f3f974f881783872b07ee8fb7104055fa99289d1f0ca940000000000000000000000000000000021a58f9635cee06b4f94512adc8125717aa7a877750d646503e17073b1e5c1a6d874c3a2b0499f905bebef1a3f5f8bee8e8ce69c4b87c900bf2f41ea72167f911dfc82a959862708575caf3a0a7bbbd7f337ba5ab6fae7c69734e9a1e367a44ecfc5292ed9da1f5e0f2d01a0ae0214b58a1eb8619b524c7dbe47d41bc83bb3460983d533dd40ab76c742ca45c0e4c2cbf5e8f6f7f222b76658a31c795005193ef17812d0c4247e806e4afddb10cc68d6b90c2807b20e9860549318621130ac06bc15e2f8232b9aec20fb95decd89d2f43d0b69bdd3136f382644888d533284b492feedaa7c9df9393c55316cffd1489ead172cdf43995636636a85f05d6d044d000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"ntlmHash = md4(password) = 0x3b1b47e42e0463276e3ded6cef349f93ntlmv2Hash = hmac(ntlmHash, "TESTTESTNT") = 0xc4ea95cb148df11bf9d7c3611ad6d722challenge (from Type 2) = 0x514246973ea892c1blob (from Type 3) = 0x010100000000000030fa7e3c677bc301f5ce3d2401c8f6e90000000002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d000000000000000000NTLMv2UserSessionKey = HMAC(ntlmv2Hash(HMAC(ntlmv2Hash, challenge + blob))) =    0x62ff13231f566f5dadf7391e183b5f39We are using server context:serverSigningConstant =    "session key to server-to-client signing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207369676e696e67206b6579206d6167696320636f6e7374616e7400serverSealingConstant =    "session key to server-to-client sealing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207365616c696e67206b6579206d6167696320636f6e7374616e7400signingKey = MD5(key + serverSigningConstant) =    0xf7301e5d23f1d578c51ec0728b67453eUser Session Key is weakened to 56-bit for sealing by truncating =    0x62ff13231f566fsealingKey = MD5(weakenedKey + serverSealingConstant) =    0x3d6483dce52cd6c4d7553545e607d92dCalled MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:01000000fa317a333d8f510c00000000Sequence number is 0.seqnum + message = 0x000000000102030405060708HMAC(signingKey, 0x000000000102030405060708) =    0xfa317a333d8f510cccab257d9f2193c4version num + first 8 bytes + seqnum:01000000fa317a333d8f510c00000000 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:a8e6671c79cf265701000000673773407fb60b42010000002fe89f6c6ea06d4b01000000244e0bcbce6ec16c02000000RC4(sealingKey, 0x0102030405060708) = sealed message = 0xa8e6671c79cf2657trailer buffer gets signature (sequence number is now 1 because of previoussigning):HMAC(signingKey, 0x010000000102030405060708) =    0x673773407fb60b428f70358ca67720baversion num + first 8 bytes + seqnum:01000000673773407fb60b4201000000 = trailer signaturesecond message is same, using RC4 cipher from previous sealing operation:RC4(0x0102030405060708) = sealed message = 0x2fe89f6c6ea06d4btrailer buffer signature with sequence 2:HMAC(signingKey, 0x020000000102030405060708) =    0x244e0bcbce6ec16ce3493f55854bcc5cversion num + first 8 bytes + seqnum:01000000244e0bcbce6ec16c02000000 = trailer signature

Anonymous NTLMv1 Authentication; NTLM2 Signing and Sealing Using the 128-bit Null User Session Key With Key Exchange Negotiated

Demonstration of anonymous authentication with signing and sealing.

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with empty string ("") for domain, user, andpassword.--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Produces Type 1 message:4e544c4d5353500001000000b78208e0000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 messageb78208e0            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c0030000000358289e05bce6f12f47ddbdf0000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)358289e0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)5bce6f12f47ddbdf    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000010001004c000000000000004d000000000000004000000000000000400000000c000c0040000000100010004d000000358a88e04d0045004d0042004500520000c1442e6cca8c010e77138430aa35738e4e544c4d53535000    "NTLMSSP"03000000            Type 3 message010001004c000000    LM/LMv2 Response header (length 1, offset 76)000000004d000000    NTLM/NTLMv2 Response header (empty)0000000040000000    Domain Name header (empty)0000000040000000    User Name header (empty)0c000c0040000000    Workstation Name header (length 12, offset 64)100010004d000000    Session Key header (length 16, offset 77)358a88e0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Anonymous            (0x00000800)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)4d0045004d00420045005200            Workstation Name ("MEMBER")00                                  LM/LMv2 Responsec1442e6cca8c010e77138430aa35738e    Session Key--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export (on Win2k, appears to vary by OS):40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper358a89e1    flags0000000000000000e8290900ec290900682a0900782b090000000000000000000000000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f000000009128c3e5df618a48a83b44cfd92d58fe    outbound signing key594757aaa803afd943de25e087e3f9f1    inbound verifying keyfc52e8bf1605ab57e89c6d6b4ffa92f6    outbound encrypting key96465577ba181d141711572e5e15fe5d    inbound decrypting key00000000000000000000000053a979fb1564d02ea0c33a32b0a1b2015f261b6ee6207804aa4f88fc57826b615a9fe8764931f9903efea3e1d258cddda292d6da10b536287a9859ff212d6781f51a0eb439afc1f30cf0a75d4b54145c5bf4e7036a95c573dc0a3b479dcbbb096c4c698b1fc22acc8eeb8f7183ea99182274d1e4dfe5bf8d13382941f6ca25b77084a56216c906ad7da891fa42082b9b170733b65ef23437a4fd667e5686c6de87240080ec89d3d4bc194e759aaebde302d55550f83f1d0b46303545c71eb3b13c2f6f7b9eb8ab6d1c4011f12c51baf77fcec00fd7e07248e2604485be238aef77b91265ac5227ee944ded8cd868634a973dc4db439c0dc8a696937ccfd9e9050000000000000000000000000000000009dd12ae4213ac358896e19a9d26cfc8957750b5f557bae5f3ef98d891a4059ff25ed0195d141aea3d62e31fd7a9aa1e07fd83cb4d3f7401825b7e66a14b28cd52d6e8a2049036756dfcb929d220d5463499ca3368a071634c0c9cd10dcc4ef911d30f108a45648979477f0641c2b485f6adc0a8922be91dde847c93278040a6b886c6605ac132fe731c589467a76131c9498db13beb2f9baf2c59e06f6c6af0bbc4b00e6bce78da2de602e797f103b2b6bf4f1b388c0816dfbde2258bd9a3b7157b5600c55ffaf79e3ac78e48ee55308737ff43817d515cf83e6e70c317bcec2aed21442e24d465a56923be0b53f4fb8fb3e454ab18760a7adc2239723c4adb0000000000000000Anonymous User Session Key = 0x00000000000000000000000000000000Key exchange performed:type3Key (from Type 3) = 0xc1442e6cca8c010e77138430aa35738ekey = RC4(AnonymousUserSessionKey, type3Key) =    0x1f5ca72d69bb5c34fd159a57fd5be1e3We are using server context:serverSigningConstant =    "session key to server-to-client signing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74207369676e696e67206b6579206d6167696320636f6e7374616e7400serverSealingConstant =    "session key to server-to-client sealing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74207365616c696e67206b6579206d6167696320636f6e7374616e7400signingKey = MD5(key + serverSigningConstant) =    0x9128c3e5df618a48a83b44cfd92d58fesealingKey = MD5(key + serverSealingConstant) =    0xfc52e8bf1605ab57e89c6d6b4ffa92f6Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:01000000ae0cbe0dd0b2110300000000Sequence number is 0.seqnum + message = 0x000000000102030405060708HMAC(signingKey, 0x000000000102030405060708) =    0xc14074817421530195b4532d61a4e625sig = RC4(sealingKey, first 8 bytes) = 0xae0cbe0dd0b21103version num + sig + seqnum:01000000ae0cbe0dd0b2110300000000 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:fb2e1d6ff8a3569a01000000cc2c5bf59319e7ca010000001e2216588e5a7d9801000000e9a3066b8fab0bf102000000Uses RC4 cipher from previous signing operation (key exchange encryptssignature with sealing key as well).RC4(0x0102030405060708) = sealed message = 0xfb2e1d6ff8a3569atrailer buffer gets signature (sequence number is now 1 because of previoussigning, same RC4 cipher used for this signature too):HMAC(signingKey, 0x010000000102030405060708) =    0x25141e76f441b10622cfaf0e61450663sig = RC4(first 8 bytes) = 0xcc2c5bf59319e7caversion num + sig + seqnum:01000000cc2c5bf59319e7ca01000000 = trailer signaturesecond message is same, using RC4 cipher from previous operations:RC4(0x0102030405060708) = sealed message = 0x1e2216588e5a7d98trailer buffer signature with sequence 2:HMAC(signingKey, 0x020000000102030405060708) =   0x7efa2ba18ed911696a0f4d571b05a244sig = RC4(first 8 bytes) = 0xe9a3066b8fab0bf1version num + sig + seqnum:01000000e9a3066b8fab0bf102000000 = trailer signature

Local NTLMv1 Authentication; NTLM2 Signing and Sealing Using an Unknown Session Key With Key Exchange Negotiated (Analysis Incomplete)

Demonstration of local authentication with signing and sealing. It is assumed that the User Session Key derivation and Key Exchange processes are performed normally offline within the established local context (in the absence of the required information being provided over-the-wire).

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with NULL identity (using default credentialshandle for authenticated local user).--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Produces Type 1 message:4e544c4d5353500001000000b7b208e0060006002600000006000600200000004d454d424552544553544e544e544c4d53535000    "NTLMSSP"01000000            Type 1 messageb7b208e0            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM                 (0x00000200)    Negotiate Domain Supplied      (0x00001000)    Negotiate Workstation Supplied (0x00002000)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)0600060026000000    Supplied Domain header (length 6, offset 38)0600060020000000    Supplied Workstation header (length 6, offset 32)4d454d424552    Supplied Workstation ("MEMBER")544553544e54    Supplied Domain ("TESTNT")--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c003000000035c289e0d7ef496afa05535208ee0b0000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)35c289e0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Local Call           (0x00004000)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)d7ef496afa055352    Challenge08ee0b0000000000    Context (equal to server context handle's dwUpper field)460046003c000000    Target Information header (length 70, offset 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d535350000300000000000000400000000000000040000000000000004000000000000000400000000000000040000000000000004000000035c288e04e544c4d53535000    "NTLMSSP"03000000            Type 3 message0000000040000000    LM/LMv2 Response header (empty, local authentication)0000000040000000    NTLM/NTLMv2 Response header (empty, local authentication)0000000040000000    Domain Name header (empty, local authentication)0000000040000000    User Name header (empty, local authentication)0000000040000000    Workstation Name header (empty, local authentication)0000000040000000    Session Key header (empty)35c288e0            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Local Call           (0x00004000)    Negotiate Always Sign          (0x00008000)    Negotiate NTLM2 Key            (0x00080000)    Negotiate Target Info          (0x00800000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper35c289e1    flags0000000000000000182e09001c2e0900982e0900a82f09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f0000000065836771d7bf52df502634e521b3154b    outbound signing key9ed7ce6558f0f26db1fbf5163d7b24f9    inbound verifying keyf56d6b81749b7adaf3467f37bc36224e    outbound encrypting key65adf5ede40e84e7338d681e6cbc38ff    inbound decrypting key0000000000000000000000007263d05c01f686ab2717e06f35c91b7a10fd0f5289ced6b6c423a213e6256a4d3d128d30290899cbb502412f2d77ae1d4e55cf3fa6df5a785ded4aa3504c5484155396d88345ff065beab3b738956e07f2b0ad36b8a80ba9f49305753e14e5403428b4ccd3641ad18b037e9b67be3c1e70a17d816520565e744bd587bfc5b27f8558099048ec800af1a5bbef92cdd2afe8c3042e510026f3bac7579ec8db5fbdeb24bc43a742fc6111def922666dfe9d4791e9c60ef0d431d98cc259e2162b7c49c0da1c2af5ee8e4f440c9a60ca4668391f3b213288f7a46be1c19f198a9c79699737aadcfb829476f8d7b17be42c73338f71a0fa986c0dac18b9e3e73add6200000000000000000000000000000000651771fae2f5fc6da8973bd149126e92212b2f896101d23c568e40b325a383bd42ec2752b295e5d09e36c899a94fffb8e053ac1c5c72d4de7c66b14b8d862977bf5f47cfb76a81201f829098a067df7b78dc51630d8f790e0985316cb459e7d57f466b6f5a13948b38434ac54c7ee9ab340a6926d75d2aa523d81d0bc23ae4ccaa1a419fc303cd88f6a4be04e100bb32e6cbf4feae9ab04808d9a111f937fb7650104dc1c696b6c0740528f193f87d14cedd3f442e15d324454e64c7733e0f9cea0c163de8f3c92d1eebed33ba30f7f2350757d6b98abccafd7568229d1bef7a5519da065e709be3ad2c8418dbb5f002a2eea68c395891c454af62806087a75b000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"User Session Key = ????Key exchange performed somehow?  Shows up in signatures.We are using server context:serverSigningConstant =    "session key to server-to-client signing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207369676e696e67206b6579206d6167696320636f6e7374616e7400serverSealingConstant =    "session key to server-to-client sealing key magic constant" =        0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74        207365616c696e67206b6579206d6167696320636f6e7374616e7400signingKey = MD5(key + serverSigningConstant) =    0x65836771d7bf52df502634e521b3154b (from context export)sealingKey = MD5(key + serverSealingConstant) =    0xf56d6b81749b7adaf3467f37bc36224e (from context export)Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:01000000adc70c8bd4834ae800000000Sequence number is 0.seqnum + message = 0x000000000102030405060708HMAC(signingKey, 0x000000000102030405060708) =    0xb0bd637382da53f4ad3edf2c5a2c9592sig = RC4(sealingKey, first 8 bytes) = 0xadc70c8bd4834ae8version num + sig + seqnum:01000000adc70c8bd4834ae800000000 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:9c89720008251ab601000000d4af70567f5ab1df01000000a8950e40b10e9af501000000c5447ccf7102d98c02000000Uses RC4 cipher from previous signing operation (key exchange encryptssignature with sealing key as well).RC4(0x0102030405060708) = sealed message = 0x9c89720008251ab6trailer buffer gets signature (sequence number is now 1 because of previoussigning, same RC4 cipher used for this signature too):HMAC(signingKey, 0x010000000102030405060708) =    0xcd1d04a1962b7d82e6ffd7c37871bf15sig = RC4(first 8 bytes) = 0xd4af70567f5ab1dfversion num + sig + seqnum:01000000d4af70567f5ab1df01000000 = trailer signaturesecond message is same, using RC4 cipher from previous operations:RC4(0x0102030405060708) = sealed message = 0xa8950e40b10e9af5trailer buffer signature with sequence 2:HMAC(signingKey, 0x020000000102030405060708) =   0x3011549106db10de5694f567749cb9ebsig = RC4(first 8 bytes) = 0xc5447ccf7102d98cversion num + sig + seqnum:01000000c5447ccf7102d98c02000000 = trailer signature

Appendix D: Java Implementation of the Type 3 Response Calculations

Listed below is an annotated sample implementation of the various Type 3 response calculations in Java. This example requires a JCE provider implementing the MD4 message-digest algorithm; the author recommends GNU Crypto, available at

http://www.gnu.org/software/gnu-crypto/.

import java.security.Key;import java.security.MessageDigest;import javax.crypto.Cipher;import javax.crypto.spec.SecretKeySpec;/** * Calculates the various Type 3 responses. */public class Responses {    /**     * Calculates the LM Response for the given challenge, using the specified     * password.     *     * @param password The user's password.     * @param challenge The Type 2 challenge from the server.     *     * @return The LM Response.     */    public static byte[] getLMResponse(String password, byte[] challenge)            throws Exception {        byte[] lmHash = lmHash(password);        return lmResponse(lmHash, challenge);    }    /**     * Calculates the NTLM Response for the given challenge, using the     * specified password.     *     * @param password The user's password.     * @param challenge The Type 2 challenge from the server.     *     * @return The NTLM Response.     */    public static byte[] getNTLMResponse(String password, byte[] challenge)            throws Exception {        byte[] ntlmHash = ntlmHash(password);        return lmResponse(ntlmHash, challenge);    }    /**     * Calculates the NTLMv2 Response for the given challenge, using the     * specified authentication target, username, password, target information     * block, and client nonce.     *     * @param target The authentication target (i.e., domain).     * @param user The username.      * @param password The user's password.     * @param targetInformation The target information block from the Type 2     * message.     * @param challenge The Type 2 challenge from the server.     * @param clientNonce The random 8-byte client nonce.      *     * @return The NTLMv2 Response.     */    public static byte[] getNTLMv2Response(String target, String user,            String password, byte[] targetInformation, byte[] challenge,                    byte[] clientNonce) throws Exception {        byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);        byte[] blob = createBlob(targetInformation, clientNonce);        return lmv2Response(ntlmv2Hash, blob, challenge);    }    /**     * Calculates the LMv2 Response for the given challenge, using the     * specified authentication target, username, password, and client     * challenge.     *     * @param target The authentication target (i.e., domain).     * @param user The username.     * @param password The user's password.     * @param challenge The Type 2 challenge from the server.     * @param clientNonce The random 8-byte client nonce.     *     * @return The LMv2 Response.      */    public static byte[] getLMv2Response(String target, String user,            String password, byte[] challenge, byte[] clientNonce)                    throws Exception {        byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);        return lmv2Response(ntlmv2Hash, clientNonce, challenge);    }    /**     * Calculates the NTLM2 Session Response for the given challenge, using the     * specified password and client nonce.     *     * @param password The user's password.     * @param challenge The Type 2 challenge from the server.     * @param clientNonce The random 8-byte client nonce.     *     * @return The NTLM2 Session Response.  This is placed in the NTLM     * response field of the Type 3 message; the LM response field contains     * the client nonce, null-padded to 24 bytes.     */    public static byte[] getNTLM2SessionResponse(String password,            byte[] challenge, byte[] clientNonce) throws Exception {        byte[] ntlmHash = ntlmHash(password);        MessageDigest md5 = MessageDigest.getInstance("MD5");        md5.update(challenge);        md5.update(clientNonce);        byte[] sessionHash = new byte[8];        System.arraycopy(md5.digest(), 0, sessionHash, 0, 8);        return lmResponse(ntlmHash, sessionHash);    }    /**     * Creates the LM Hash of the user's password.     *     * @param password The password.     *     * @return The LM Hash of the given password, used in the calculation     * of the LM Response.     */    private static byte[] lmHash(String password) throws Exception {        byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");        int length = Math.min(oemPassword.length, 14);        byte[] keyBytes = new byte[14];        System.arraycopy(oemPassword, 0, keyBytes, 0, length);        Key lowKey = createDESKey(keyBytes, 0);        Key highKey = createDESKey(keyBytes, 7);        byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");        Cipher des = Cipher.getInstance("DES/ECB/NoPadding");        des.init(Cipher.ENCRYPT_MODE, lowKey);        byte[] lowHash = des.doFinal(magicConstant);        des.init(Cipher.ENCRYPT_MODE, highKey);        byte[] highHash = des.doFinal(magicConstant);        byte[] lmHash = new byte[16];        System.arraycopy(lowHash, 0, lmHash, 0, 8);        System.arraycopy(highHash, 0, lmHash, 8, 8);        return lmHash;    }    /**     * Creates the NTLM Hash of the user's password.     *     * @param password The password.     *     * @return The NTLM Hash of the given password, used in the calculation     * of the NTLM Response and the NTLMv2 and LMv2 Hashes.     */    private static byte[] ntlmHash(String password) throws Exception {        byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");        MessageDigest md4 = MessageDigest.getInstance("MD4");        return md4.digest(unicodePassword);    }    /**     * Creates the NTLMv2 Hash of the user's password.     *     * @param target The authentication target (i.e., domain).     * @param user The username.     * @param password The password.     *     * @return The NTLMv2 Hash, used in the calculation of the NTLMv2     * and LMv2 Responses.      */    private static byte[] ntlmv2Hash(String target, String user,            String password) throws Exception {        byte[] ntlmHash = ntlmHash(password);        String identity = user.toUpperCase() + target;        return hmacMD5(identity.getBytes("UnicodeLittleUnmarked"), ntlmHash);    }    /**     * Creates the LM Response from the given hash and Type 2 challenge.     *     * @param hash The LM or NTLM Hash.     * @param challenge The server challenge from the Type 2 message.     *     * @return The response (either LM or NTLM, depending on the provided     * hash).     */    private static byte[] lmResponse(byte[] hash, byte[] challenge)            throws Exception {        byte[] keyBytes = new byte[21];        System.arraycopy(hash, 0, keyBytes, 0, 16);        Key lowKey = createDESKey(keyBytes, 0);        Key middleKey = createDESKey(keyBytes, 7);        Key highKey = createDESKey(keyBytes, 14);        Cipher des = Cipher.getInstance("DES/ECB/NoPadding");        des.init(Cipher.ENCRYPT_MODE, lowKey);        byte[] lowResponse = des.doFinal(challenge);        des.init(Cipher.ENCRYPT_MODE, middleKey);        byte[] middleResponse = des.doFinal(challenge);        des.init(Cipher.ENCRYPT_MODE, highKey);        byte[] highResponse = des.doFinal(challenge);        byte[] lmResponse = new byte[24];        System.arraycopy(lowResponse, 0, lmResponse, 0, 8);        System.arraycopy(middleResponse, 0, lmResponse, 8, 8);        System.arraycopy(highResponse, 0, lmResponse, 16, 8);        return lmResponse;    }    /**     * Creates the LMv2 Response from the given hash, client data, and     * Type 2 challenge.     *     * @param hash The NTLMv2 Hash.     * @param clientData The client data (blob or client nonce).     * @param challenge The server challenge from the Type 2 message.     *     * @return The response (either NTLMv2 or LMv2, depending on the     * client data).     */    private static byte[] lmv2Response(byte[] hash, byte[] clientData,            byte[] challenge) throws Exception {        byte[] data = new byte[challenge.length + clientData.length];        System.arraycopy(challenge, 0, data, 0, challenge.length);        System.arraycopy(clientData, 0, data, challenge.length,                         clientData.length);        byte[] mac = hmacMD5(data, hash);        byte[] lmv2Response = new byte[mac.length + clientData.length];        System.arraycopy(mac, 0, lmv2Response, 0, mac.length);        System.arraycopy(clientData, 0, lmv2Response, mac.length,                         clientData.length);        return lmv2Response;    }    /**     * Creates the NTLMv2 blob from the given target information block and     * client nonce.     *     * @param targetInformation The target information block from the Type 2     * message.     * @param clientNonce The random 8-byte client nonce.     *     * @return The blob, used in the calculation of the NTLMv2 Response.     */    private static byte[] createBlob(byte[] targetInformation,            byte[] clientNonce) {        byte[] blobSignature = new byte[] {            (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00        };        byte[] reserved = new byte[] {            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00        };        byte[] unknown1 = new byte[] {            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00        };        byte[] unknown2 = new byte[] {            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00        };        long time = System.currentTimeMillis();        time += 11644473600000l; // milliseconds from January 1, 1601 -> epoch.        time *= 10000; // tenths of a microsecond.        // convert to little-endian byte array.        byte[] timestamp = new byte[8];        for (int i = 0; i < 8; i++) {            timestamp[i] = (byte) time;            time >>>= 8;        }        byte[] blob = new byte[blobSignature.length + reserved.length +                               timestamp.length + clientNonce.length +                               unknown1.length + targetInformation.length +                               unknown2.length];        int offset = 0;        System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length);        offset += blobSignature.length;        System.arraycopy(reserved, 0, blob, offset, reserved.length);        offset += reserved.length;        System.arraycopy(timestamp, 0, blob, offset, timestamp.length);        offset += timestamp.length;        System.arraycopy(clientNonce, 0, blob, offset,                         clientNonce.length);        offset += clientNonce.length;        System.arraycopy(unknown1, 0, blob, offset, unknown1.length);        offset += unknown1.length;        System.arraycopy(targetInformation, 0, blob, offset,                         targetInformation.length);        offset += targetInformation.length;        System.arraycopy(unknown2, 0, blob, offset, unknown2.length);        return blob;    }    /**     * Calculates the HMAC-MD5 hash of the given data using the specified     * hashing key.     *     * @param data The data for which the hash will be calculated.      * @param key The hashing key.     *     * @return The HMAC-MD5 hash of the given data.     */    private static byte[] hmacMD5(byte[] data, byte[] key) throws Exception {        byte[] ipad = new byte[64];        byte[] opad = new byte[64];        for (int i = 0; i < 64; i++) {            ipad[i] = (byte) 0x36;            opad[i] = (byte) 0x5c;        }        for (int i = key.length - 1; i >= 0; i--) {            ipad[i] ^= key[i];            opad[i] ^= key[i];        }        byte[] content = new byte[data.length + 64];        System.arraycopy(ipad, 0, content, 0, 64);        System.arraycopy(data, 0, content, 64, data.length);        MessageDigest md5 = MessageDigest.getInstance("MD5");        data = md5.digest(content);        content = new byte[data.length + 64];        System.arraycopy(opad, 0, content, 0, 64);        System.arraycopy(data, 0, content, 64, data.length);        return md5.digest(content);    }    /**     * Creates a DES encryption key from the given key material.     *     * @param bytes A byte array containing the DES key material.     * @param offset The offset in the given byte array at which     * the 7-byte key material starts.     *     * @return A DES encryption key created from the key material     * starting at the specified offset in the given byte array.     */    private static Key createDESKey(byte[] bytes, int offset) {        byte[] keyBytes = new byte[7];        System.arraycopy(bytes, offset, keyBytes, 0, 7);        byte[] material = new byte[8];        material[0] = keyBytes[0];        material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1);        material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2);        material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3);        material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4);        material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5);        material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6);        material[7] = (byte) (keyBytes[6] << 1);        oddParity(material);        return new SecretKeySpec(material, "DES");    }    /**     * Applies odd parity to the given byte array.     *     * @param bytes The data whose parity bits are to be adjusted for     * odd parity.     */    private static void oddParity(byte[] bytes) {        for (int i = 0; i < bytes.length; i++) {            byte b = bytes[i];            boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^                                    (b >>> 4) ^ (b >>> 3) ^ (b >>> 2) ^                                    (b >>> 1)) & 0x01) == 0;            if (needsParity) {                bytes[i] |= (byte) 0x01;            } else {                bytes[i] &= (byte) 0xfe;            }        }    }}

Appendix C: Sample NTLMSSP Operation Decompositions

This section contains detailed analysis and decomposition of various authentication and signing/sealing operations. This is by no means a comprehensive catalog of possible scenarios, but does include some of the more interesting variants. These were produced by calling the InitializeSecurityContext and AcceptSecurityContext SSPI functions between two peers, and applying subtle manipulations to the resulting NTLM messages. After the context was established, the ExportSecurityContext function was called to dump the contents of the context to a file, for use in subsequent offline analysis. Additionally, the MakeSignature and EncryptMessage functions were used to perform signing and sealing, respectively.

NTLMv1 Authentication; NTLM1 Signing and Sealing Using the NTLM User Session Key

Demonstration of NTLMv1 authentication with NTLM User Session Key NTLM1 signing and sealing (without key exchange).

LMCompatibilityLevel set to 0 (LM/NTLM).AcquireCredentialsHandle called with domain "TESTNT", user "test", password"test1234".--------------------------------------------------------------------------------InitializeSecurityContext called with ISC_REQ_INTEGRITY andISC_REQ_CONFIDENTIALITY.  Following flags were masked off of resulting Type 1message:    Negotiate Lan Manager Key      (0x00000080)    Negotiate NTLM2 Key            (0x00080000)    Negotiate 128                  (0x20000000)    Negotiate Key Exchange         (0x40000000)    Negotiate 56                   (0x80000000)4e544c4d535350000100000037820000000000000000000000000000000000004e544c4d53535000    "NTLMSSP"01000000            Type 1 message37820000            Flags    Negotiate Unicode              (0x00000001)    Negotiate OEM                  (0x00000002)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)0000000000000000    Supplied Domain header (empty, supplied credentials)0000000000000000    Supplied Workstation header (empty, supplied credentials)--------------------------------------------------------------------------------AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY.Produces Type 2 message:4e544c4d53535000020000000c000c003000000035828100b019d38bad875c9d0000000000000000460046003c00000054004500530054004e00540002000c0054004500530054004e00540001000c004d0045004d0042004500520003001e006d0065006d006200650072002e0074006500730074002e0063006f006d00000000004e544c4d53535000    "NTLMSSP"02000000            Type 2 message0c000c0030000000    Target Name header (length 12, offset 48)35828100            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Target Type Domain             (0x00010000)    Negotiate Target Info          (0x00800000)b019d38bad875c9d    Challenge0000000000000000    Context460046003c000000    Target Information header (length 70, length 60)54004500530054004e005400    Target Name ("TESTNT")Target Information block:    02000c00    NetBIOS Domain Name (length 12)    54004500530054004e005400    "TESTNT"    01000c00    NetBIOS Server Name (length 12)    4d0045004d00420045005200    "MEMBER"    03001e00    DNS Server Name (length 30)    6d0065006d006200650072002e0074006500730074002e0063006f006d00        "member.test.com"    00000000    Target Information Terminator--------------------------------------------------------------------------------InitializeSecurityContext called.  Produces a Type 3 message:4e544c4d5353500003000000180018006000000018001800780000000c000c0040000000080008004c0000000c000c005400000000000000900000003582800054004500530054004e00540074006500730074004d0045004d004200450052001879f60127f8a877022132ec221bcbf3ca016a9f76095606e6285df3287c5d194f84df1a94817c7282d09754b6f9e02a4e544c4d53535000    "NTLMSSP"03000000            Type 3 message1800180060000000    LM/LMv2 Response header (length 24, offset 96)1800180078000000    NTLM/NTLMv2 Response header (length 24, offset 120)0c000c0040000000    Domain Name header (length 12, offset 64)080008004c000000    User Name header (length 8, offset 76)0c000c0054000000    Workstation Name header (length 12, offset 84)0000000090000000    Session Key header (empty)35828000            Flags    Negotiate Unicode              (0x00000001)    Request Target                 (0x00000004)    Negotiate Sign                 (0x00000010)    Negotiate Seal                 (0x00000020)    Negotiate NTLM                 (0x00000200)    Negotiate Always Sign          (0x00008000)    Negotiate Target Info          (0x00800000)54004500530054004e005400                            Domain Name ("TESTNT")7400650073007400                                    User Name ("test")4d0045004d00420045005200                            Workstation Name ("MEMBER")1879f60127f8a877022132ec221bcbf3ca016a9f76095606    LM/LMv2 Responsee6285df3287c5d194f84df1a94817c7282d09754b6f9e02a    NTLM/NTLMv2 Response--------------------------------------------------------------------------------AcceptSecurityContext called to complete the server-side context.Server Context Export:40a42e7840a42e780000000000000000000000000000000008ee0b00    server context handle dwUpper35828101    flags0000000000000000e8290900e8290900682a0900682a09000000000000000000d002000000000000000000000000000000000000000000000200000000000000ffffffffffffff7f20010000ae33a32dca8c9821844f740d5b3f4d6c    outbound signing keyae33a32dca8c9821844f740d5b3f4d6c    inbound verifying keyae33a32dca8c9821844f740d5b3f4d6c    outbound encrypting keyae33a32dca8c9821844f740d5b3f4d6c    inbound decrypting key000000000000000000000000ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e2908cf90e0057f622d31a92b7d0ca6f586d5d36e24af70cdbe52ea49d067aa4ffae85a5cb1a41e3241a288f8de8a4c8909593cc698b657750af014b26f13778eee855310d716f61ce5c795a0a3bbac358bb02611c954a54b2791d6e297f1fd8c6d18fffc190b9c69b80122f7c8fb036146c2b581443960fe239b967b17e33de15b73e445401f1db3a8c5ad51f48d665e38796b8263b9ca363f763aef71d1ec12d8a76cb46a333b0fddab7850ba3493dcd4077299d22515eb5f300221e9e79a80d91a1b4d2865e6ccc3470eda7c4ace04bfbddbedc1cb207483f343c4a1422c7a9200000000000000000000000000000000ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e2908cf90e0057f622d31a92b7d0ca6f586d5d36e24af70cdbe52ea49d067aa4ffae85a5cb1a41e3241a288f8de8a4c8909593cc698b657750af014b26f13778eee855310d716f61ce5c795a0a3bbac358bb02611c954a54b2791d6e297f1fd8c6d18fffc190b9c69b80122f7c8fb036146c2b581443960fe239b967b17e33de15b73e445401f1db3a8c5ad51f48d665e38796b8263b9ca363f763aef71d1ec12d8a76cb46a333b0fddab7850ba3493dcd4077299d22515eb5f300221e9e79a80d91a1b4d2865e6ccc3470eda7c4ace04bfbddbedc1cb207483f343c4a1422c7a92000000000000000054004500530054004e0054005c007400650073007400    "TESTNT/test"ntlmHash = md4(password) = 0x3b1b47e42e0463276e3ded6cef349f93NTLMUserSessionKey = md4(ntlmHash) = 0xae33a32dca8c9821844f740d5b3f4d6cKey is *not* weakened (NTLM1 only weakens Lan Manager Session Keys).Called MakeSignature on the server-side context for message"0x0102030405060708".Yields signature:0100000090010700087de41e039ae5c5CRC32(0x0102030405060708) = 0xc588ca3fSequence number is 0.0x00000000 + crc32 + seqnum = 0x00000000c588ca3f00000000RC4(key, 0x00000000c588ca3f00000000) = 0x20961389087de41e039ae5c5version num + first 4 bytes overwritten with counter value (0x90010700 here):0100000090010700087de41e039ae5c5 = signature--------------------------------------------------------------------------------Called EncryptMessage twice on the server-side context for message"0x0102030405060708".Yields encrypted messages:3ec555aea59eb55001000000a0030700f64393466a9317f71caf3c9a114ca2f4010000008803070095c1958123ecafcesame RC4 cipher is used from previous signing operation (i.e., not reset):RC4(0x0102030405060708) = sealed message = 0x3ec555aea59eb550trailer buffer gets signature; again uses same RC4 cipher(sequence number is now 1 because of previous signing):RC4(0x00000000c588ca3f01000000) = 0x8e8adf2bf64393466a9317f7version num + first 4 bytes overwritten w/counter (0xa0030700):01000000a0030700f64393466a9317f7 = trailer signaturesecond message is same:RC4(0x0102030405060708) = sealed message = 0x1caf3c9a114ca2f4trailer buffer signature with sequence 2:RC4(0x00000000c588ca3f02000000) = 0xf23fc1e495c1958123ecafceversion num + first 4 bytes overwritten w/counter (0x88030700)010000008803070095c1958123ecafce = trailer signature