The NTLM Authentication Protocol

最新推荐文章于 2021-03-15 12:20:05 发布
最新推荐文章于 2021-03-15 12:20:05 发布
阅读量1.6k 收藏
点赞数
分类专栏: python 文章标签: AUTH NTLM SMTP python
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/huayucong/article/details/53072075
版权
本文详细介绍了NTLM(NT LAN Manager)认证协议,包括NTLM的用途、挑战响应机制和三个主要消息类型(Type 1、Type 2、Type 3)。NTLM是一种微软网络协议实现中的身份验证协议,通过非对称方式证明客户端用户对账户密码的掌握。文中还涉及到NTLM在SMTP认证中的应用,并提供了一个Java实现Type 3响应计算的示例。
摘要由CSDN通过智能技术生成

Copyright © 2003 Eric Glass

Permission to use, copy, modify, and distribute this document for any purpose and without any fee is hereby granted, provided that the above copyright notice and this list of conditions appear in all copies.

The most current version of this document may be obtained from http://davenport.sourceforge.net/ntlm.html.

Abstract

This article seeks to describe NTLM at an intermediate to advanced level of detail, suitable as a reference for implementors. It is hoped that this document will evolve into a comprehensive description of NTLM; at this time there are omissions, both in the author's knowledge and in his documentation, and almost certainly inaccuracies. However, this document should at least be able to provide a solid foundation for further research. The information presented herein was used as the basis for the implementation of NTLM in the open-source jCIFS library, available at http://jcifs.samba.org.

 


What is NTLM?

NTLM is an authentication protocol used in various Microsoft network protocol implementations and supported by the NTLM Security Support Provider ("NTLMSSP"). Originally used for authentication and negotiation of secure DCE/RPC, NTLM is also used throughout Microsoft's systems as an integrated single sign-on mechanism.

NTLM employs a challenge-response mechanism for authentication, in which clients are able to prove their identities without sending a password to the server. It consists of three messages, commonly referred to as Type 1 (negotiation), Type 2 (challenge) and Type 3 (authentication). It basically works like this:

 

  1. The client sends a Type 1 message to the server. This primarily contains a list of features supported by the client and requested of the server.
  2. The server responds with a Type 2 message. This contains a list of features supported and agreed upon by the server. Most importantly, however, it contains a challenge generated by the server.
  3. The client replies to the challenge with a Type 3 message. This contains several pieces of information about the client, including the domain and username of the client user. It also contains one or more responses to the Type 2 challenge.

The responses in the Type 3 message are the most critical piece, as they prove to the server that the client user has knowledge of the account password.

Local Authentication" section.

The target information is a security buffer containing a Target Information block, which is used in calculating the NTLMv2 response (discussed later). This is composed of a sequence of subblocks, each consisting of:

Field Content Description
Type short Indicates the type of data in this subblock:
1 (0x0100): Server name
2 (0x0200): Domain name
3 (0x0300): Fully-qualified DNS host name (i.e., server.domain.com)
4 (0x0400): DNS domain name (i.e., domain.com)
Length short Length in bytes of this subblock's content field
Content Unicode string Content as indicated by the type field. Always sent in Unicode, even when OEM is indicated by the message flags.

The sequence is terminated by a terminator subblock; this is a subblock of type "0", of zero length. Subblocks of type "5" have also been encountered, apparently containing the "parent" DNS domain for servers in subdomains; it may be that there are other as-yet-unidentified subblock types as well.

The context and target information may be omitted, in which case the data block begins at offset 32 (immediately following the challenge). A minimal Type 2 message would look something like this:

 

    4e544c4d53535000020000000000000000000000020200000123456789abcdef

This message contains the NTLMSSP signature, the NTLM message type, an empty target name, minimal flags (Negotiate NTLM and Negotiate OEM), and the challenge.

datagram-style authentication, however.

The LM/LMv2 and NTLM/NTLMv2 responses are security buffers containing replies created from the user's password in response to the Type 2 challenge; the process for generating these responses is outlined in the next section.

The domain name is a security buffer containing the authentication realm in which the authenticating account has membership. This is either Unicode or OEM, depending on the negotiated encoding.

The user name is a security buffer containing the authenticating account name. This is either Unicode or OEM, depending on the negotiated encoding.

The workstation name is a security buffer containing the client workstation's name. This is either Unicode or OEM, depending on the negotiated encoding.

The session key value is largely unknown, and is often empty when included; it is apparently relevant in newer signing and sealing mechanisms. The Open Group documentation states that it additionally plays a role in datagram-style authentication.

When "Negotiate Local Call" has been established in the Type 2 message, the security buffers in the Type 3 message are typically all empty (zero length). The client "adopts" the SSPI context sent in the Type 2 message, effectively circumventing the need to calculate an appropriate response.

Implementing CIFS, especially  the section on authentication.
The LM Response

The LM response is sent by most clients. This scheme is older than the NTLM response, and less secure. While newer clients support the NTLM response, they typically send both responses for compatibility with legacy servers; hence, the security flaws present in the LM response are still exhibited in many clients supporting the NTLM response.

The LM response is calculated as follows (see

Appendix A for a sample implementation in Java):

  1. The user's password (as an OEM string) is converted to uppercase.
  2. This password is either null-padded or truncated to 14 bytes.
  3. This "fixed" password is split into two 7-byte halves.
  4. These values are used to create two DES keys (one from each 7-byte half).
  5. Each of these keys is used to DES-encrypt the constant ASCII string "KGS!@#$%" (resulting in two 8-byte ciphertext values).
  6. These two ciphertext values are concatenated to form a 16-byte value - the LM hash.
  7. The 16-byte LM hash is null-padded to 21 bytes.
  8. This value is split into three 7-byte thirds.
  9. These values are used to create three DES keys (one from each 7-byte third).
  10. Each of these keys is used to DES-encrypt the challenge from the Type 2 message (resulting in three 8-byte ciphertext values).
  11. These three ciphertext values are concatenated to form a 24-byte value. This is the LM response.

This process is best illustrated with a detailed example. Consider a user with the password "SecREt01", responding to the Type 2 challenge "0x0123456789abcdef".

  1. The password (as an OEM string) is converted to uppercase, giving "SECRET01" (or "0x5345435245543031" in hexadecimal).
  2. This password is null-padded to 14 bytes, giving "0x5345435245543031000000000000".
  3. This value is split into two 7-byte halves, "0x53454352455430" and "0x31000000000000".
  4. These two values are used to create two DES keys. A DES key is 8 bytes long; each byte contains seven bits of key material and one odd-parity bit (the parity bit may or may not be checked, depending on the underlying DES implementation). Our first 7-byte value, "0x53454352455430", would be represented in binary as:

    01010011 01000101 01000011 01010010 01000101 01010100 00110000

    A non-parity-adjusted DES key for this value would be:

    01010010 10100010 01010000 01101010 00100100 00101010 01010000 01100000

    (the parity bits are shown in red above). This is "0x52a2506a242a5060" in hexadecimal. Applying odd-parity to ensure that the total number of set bits in each octet is odd gives:

    01010010 10100010 01010001 01101011 00100101 00101010 01010001 01100001

    This is the first DES key ("0x52a2516b252a5161" in hex). We then apply the same process to our second 7-byte value, "0x31000000000000", represented in binary as:

    00110001 00000000 00000000 00000000 00000000 00000000 00000000

    Creating a non-parity-adjusted DES key gives:

    00110000 10000000 00000000 00000000 00000000 00000000 00000000 00000000

    ("0x3080000000000000" in hexadecimal). Adjusting the parity bits gives:

    00110001 10000000 00000001 00000001 00000001 00000001 00000001 00000001

    This is our second DES key, "0x3180010101010101" in hexadecimal. Note that if our particular DES implementation does not enforce parity (many do not), the parity-adjustment steps can be skipped; the non-parity-adjusted values would then be used as the DES keys. In any case, the parity bits will not affect the encryption process.

  5. Each of our keys is used to DES-encrypt the constant ASCII string "KGS!@#$%" ("0x4b47532140232425" in hex). This gives us "0xff3750bcc2b22412" (using the first key) and "0xc2265b23734e0dac" (using the second).
  6. These ciphertext values are concatenated to form our 16-byte LM hash - "0xff3750bcc2b22412c2265b23734e0dac".
  7. This is null-padded to 21 bytes, giving "0xff3750bcc2b22412c2265b23734e0dac0000000000".
  8. This value is split into three 7-byte thirds, "0xff3750bcc2b224", "0x12c2265b23734e" and "0x0dac0000000000".
  9. These three values are used to create three DES keys. Using the process outlined previously, our first value:

    11111111 00110111 01010000 10111100 11000010 10110010 00100100

    Gives us the parity-adjusted DES key:

    11111110 10011011 11010101 00010110 11001101 00010101 11001000 01001001

    ("0xfe9bd516cd15c849" in hexadecimal). The second value:

    00010010 11000010 00100110 01011011 00100011 01110011 01001110

    Results in the key:

    00010011 01100001 10001001 11001011 10110011 00011010 11001101 10011101

    ("0x136189cbb31acd9d"). Finally, the third value:

    00001101 10101100 00000000 00000000 00000000 00000000 00000000

    Gives us:

    00001101 11010110 00000001 00000001 00000001 00000001 00000001 00000001

    This is the third DES key ("0x0dd6010101010101").

  10. Each of the three keys is used to DES-encrypt the challenge from the Type 2 message (in our example, "0x0123456789abcdef"). This gives the results "0xc337cd5cbd44fc97" (using the first key), "0x82a667af6d427c6d" (using the second) and "0xe67c20c2d3e77c56" (using the third).
  11. These three ciphertext values are concatenated to form the 24-byte LM response:

    0xc337cd5cbd44fc9782a667af6d427c6de67c20c2d3e77c56

There are several weaknesses in this algorithm which make it susceptible to attack. While these are covered in detail in the Hertel text, the most prominent problems are:

 

  • Passwords are converted to upper case before calculating the response. This significantly reduces the set of possible passwords that must be tested in a brute-force attack.
  • If the password is seven or fewer characters, the second value from step 3 above will be 7 null bytes. This effectively compromises half of the LM hash (as it will always be the ciphertext of "KGS!@#$%" encrypted with the DES key "0x0101010101010101" - the constant "0xaad3b435b51404ee"). This in turn compromises the three DES keys used to produce the response; the entire third key and all but one byte of the second will be known constant values.
The NTLM Response

The NTLM response is sent by newer clients. This scheme addresses some of the flaws in the LM response; however, it is still considered fairly weak. Additionally, the NTLM response is nearly always sent in conjunction with the LM response. The weaknesses in that algorithm can be exploited to obtain the case-insensitive password, and trial-and-error used to find the case-sensitive password employed by the NTLM response.

The NTLM response is calculated as follows (see

Appendix A for a sample Java implementation):

  1. The MD4 message-digest algorithm (described in RFC 1320) is applied to the Unicode mixed-case password. This results in a 16-byte value - the NTLM hash.
  2. The 16-byte NTLM hash is null-padded to 21 bytes.
  3. This value is split into three 7-byte thirds.
  4. These values are used to create three DES keys (one from each 7-byte third).
  5. Each of these keys is used to DES-encrypt the challenge from the Type 2 message (resulting in three 8-byte ciphertext values).
  6. These three ciphertext values are concatenated to form a 24-byte value. This is the NTLM response.

Note that only the calculation of the hash value differs from the LM scheme; the response calculation is the same. To illustrate this process, we will apply it to our previous example (a user with the password "SecREt01", responding to the Type 2 challenge "0x0123456789abcdef").

  1. The Unicode mixed-case password is "0x53006500630052004500740030003100" in hexadecimal; the MD4 hash of this value is calculated, giving "0xcd06ca7c7e10c99b1d33b7485a2ed808". This is the NTLM hash.
  2. This is null-padded to 21 bytes, giving "0xcd06ca7c7e10c99b1d33b7485a2ed8080000000000".
  3. This value is split into three 7-byte thirds, "0xcd06ca7c7e10c9", "0x9b1d33b7485a2e" and "0xd8080000000000".
  4. These three values are used to create three DES keys. Our first value:

    11001101 00000110 11001010 01111100 01111110 00010000 11001001

    Results in the parity-adjusted key:

    11001101 10000011 10110011 01001111 11000111 11110001 01000011 10010010

    ("0xcd83b34fc7f14392" in hexadecimal). The second value:

    10011011 00011101 00110011 10110111 01001000 01011010 00101110

    Gives the key:

    10011011 10001111 01001100 01110110 01110101 01000011 01101000 01011101

    ("0x9b8f4c767543685d"). Our third value:

    11011000 00001000 00000000 00000000 00000000 00000000 00000000

    Yields our third key:

    11011001 00000100 00000001 00000001 00000001 00000001 00000001 00000001

    ("0xd904010101010101" in hexadecimal).

  5. Each of the three keys is used to DES-encrypt the challenge from the Type 2 message ("0x0123456789abcdef"). This yields the results "0x25a98c1c31e81847" (using our first key), "0x466b29b2df4680f3" (using the second) and "0x9958fb8c213a9cc6" (using the third key).
  6. These three ciphertext values are concatenated to form the 24-byte NTLM response:

    0x25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6

The NTLMv2 Response

NTLM version 2 ("NTLMv2") was concocted to address the security issues present in NTLM. While its effectiveness in this regard is questionable, it does at least provide a more secure replacement for the LM response. When NTLMv2 is enabled, the NTLM response is replaced with the NTLMv2 response, and the LM response is replaced with the LMv2 response (which we will discuss next).

The NTLMv2 response is c

最低0.47元/天 解锁文章
8.7. NTLM 身份验证
Sumarua的博客
07-30 1456
文章目录8.7. NTLM 身份验证8.7.1. NTLM认证8.7.1.1. 基本流程8.7.1.2. Net-NTLMv18.7.1.3. Net-NTLMv28.7.2. Hash8.7.2.1. LM Hash8.7.2.2. NTLM Hash8.7.3. 攻击8.7.3.1. Pass The Hash8.7.3.2. Pass The Key8.7.3.3. NTLM Relay8.7.4. 参考链接 8.7. NTLM 身份验证 8.7.1. NTLM认证 NTLM是NT LAN Manag
SMB 协议详解之-NTLM身份认证
最新发布
村中少年的专栏
09-12 1195
介绍一下什么是NTLM协议,NTLM协议的交互过程,NTLM协议的实际利用案例
NTLM身份认证
热门推荐
Louisnie
09-11 1万+
NTLM身份认证是微软针对容易破解的Lan Manager Challenge/Response(LM)验证机制,提出的WindowsNT挑战相关验证机制,更新的有:NTLM v2和Kerberos验证体系.在服务器端如果不使用Message Queuing 或是Telnet Server,一般NTLM是被关闭的,一般用户也用不上,但对于入侵者来说,NTLM是一座大山,telnet是一种命令行方式...
Microsoft NTLM认证简介
weixin_34383618的博客
03-11 147
什么是NTLM ============= Windows Challenge/Response (NTLM) 是用在包括着Windows操作系统的网络中的一种认证(authentication)协议, 也用在stand-alone系统上.   在网络环境中, Microsoft Kerberos 比NTLM添加了更多的安全性. 尽管Microsoft Kerberos 是一个不错的选择, NTL...
NTLM Protocol - 1. NTLM 通讯的过程
hankhanti的专栏
10-20 1061
NTLM 认证的过程, Client 需发送或接受三种讯息: Negotiation, Challenge, Authentication, 其过程如下: 1. Client 发送 Negotiation 给 Server, 告知 Server 通讯的信息, 内容含有 NTLM 的表头及 NTLM 标志位, 我们称为 Type 1 Message. 2. Server
java对接ntlm,httpclient 实现自动登录NTLM 域验证(sso) .
weixin_39594457的博客
03-15 1707
最近一个项目拿到客户那运行不了。原来我的这个项目要和另一个系统通过http的接口进行通讯。但在客户的生产环境中,那套系统将web应用的登录和Windows Domain的登录结合,做了一个sso单点登录(jcifs实现)。那么我必须要修改我的程序,好自动登录Windows Domain。通过抓包分析,局域网使用的是NTLM 协议。当通过浏览器访问被NTLM协议保护的资源的时候,NTLM的认证方式和...
httpclient 实现自动登录NTLM 域验证(sso)
godwanglong的专栏
04-10 1万+
最近一个项目拿到客户那运行不了。原来我的这个项目要和另一个系统通过http的接口进行通讯。但在客户的生产环境中,那套系统将web应用的登录和Windows Domain的登录结合,做了一个sso单点登录(jcifs实现)。那么我必须要修改我的程序,好自动登录Windows Domain。   通过抓包分析,局域网使用的是NTLM 协议。  当通过浏览器访问被NTLM协议保护的资源的时候,N
NTLM Type3 message
Leonard的专栏
05-06 1056
NTLM Type3 message
NTLM Authentication
时光·漫步
05-24 1136
NTLM Authentication Scheme for HTTP: [url]http://www.innovation.ch/personal/ronald/ntlm.html[/url] The NTLM Authentication Protocol and Security Support Provider: [url]http://davenport.sourcefo...
The NTLM Authentication Protocol and Security Support Provider (中文翻译)
oxzhao的专栏
07-05 1476
正在学习Windows身份验证方面的东西,觉得这篇文章写的比较深入。没有找到中文版的,就花些时间把它翻译一下,希望对大家有所帮助。仅仅出于个人兴趣进行翻译,限于个人水平,难免有错误纰漏,希望大家指正。文章比较长,我边翻译边更新。The NTLM Authent
AXIS2客户端代码连接C#web service带ntlm认证
hyhbyl的专栏
10-19 1739
搞了两天的AXIS2连接带ntlm认证的web service,要吐血了,百度一堆,不是故作神秘的讲一大堆,就是代码给一半,装吧。。。。 国人就是,知道的不愿意说,说也只说一半,不知道的又装知道,真是气死了。 不得已,问google,不是崇洋媚外,确实国外的程序员比较专业,问的问题无不知无不言的,没有只说一半的,所有的代码,所有的连接全部列得清清楚楚,生怕你做错,所有都罗列的清清楚楚,
Telnet Windows Server时,提示NTLM authenticatio错误解决方法
weixin_33928137的博客
08-05 246
解决方法: 在服务器上单击开始,运行,键入tlntadmn,单击OK. 键入5停止服务; 键入3; 键入7; 键入y并修改此值为0,禁用NTLM,使用明文密码; 连续键入0返回到顶级菜单; 键入4重新启动服务; 退出Telnet服务器管理程序。 在客户端登录。 转载于:https://www.cnblogs.com/chinalantian/arc...
jcifs的NTLMHTTP验证及所犯错误
yongyonglsy的专栏
06-14 471
一、错误提示:0xC0000022: jcifs.smb.SmbAuthException: Access is denied The NTLM HTTP SSO Filter that used to be included withJCIFS cannot support NTLMv2. 1) jcifs.smb.lmCompatibility = 0 or 1: SendLM an...
Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials
05-05
这个错误通常表示在使用NTLM身份验证时,用户名和密码凭证不正确或无法使用。NTLM身份验证是一种Microsoft Windows的身份验证机制,它需要使用Windows凭证来进行身份验证。 如果您正在使用Java的Apache HttpClient库进行HTTP请求,在设置NTLM身份验证时,请确保您提供了正确的用户名和密码。 如果您仍然遇到此错误,请检查您的代理服务器是否支持NTLM身份验证,并且您的代理配置是否正确。您可能需要联系您的网络管理员以获取更多帮助。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值