mirror of
https://github.com/samba-team/samba.git
synced 2025-01-07 17:18:11 +03:00
dab1a12278
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit
|
||
|---|---|---|
| .. | ||
| cmd_atsvc.c | ||
| cmd_brs.c | ||
| cmd_eventlog.c | ||
| cmd_lsarpc.c | ||
| cmd_netlogon.c | ||
| cmd_reg.c | ||
| cmd_samr.c | ||
| cmd_spoolss.c | ||
| cmd_srvsvc.c | ||
| cmd_svcctl.c | ||
| cmd_wkssvc.c | ||
| display.c | ||
| rpcclient.c | ||