mirror of
https://github.com/samba-team/samba.git
synced 2025-12-05 12:23:50 +03:00
you know what? this sort of thing makes me laugh. hmm, what functions
have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal);
This commit is contained in:
Luke Leighton
@@ -74,6 +74,8 @@ struct pwd_info
|
||||
uchar lm_cli_chal[8];
|
||||
uchar nt_cli_chal[128];
|
||||
size_t nt_cli_chal_len;
|
||||
|
||||
uchar sess_key[16];
|
||||
};
|
||||
|
||||
struct cli_state {
|
||||
|
||||
Reference in New Issue
Block a user