/// <summary> /// compute response /// </summary> /// <param name="flags">the flags for challenge</param> /// <param name="serverChallenge">the server challenge</param> /// <param name="targetInfo">the target info contains avpairs</param> /// <param name="responseKeyNT">the response nt key</param> /// <param name="responseKeyLM">the response lm key</param> /// <param name="lmChallengeResponse">the challenge response lm</param> /// <param name="ntChallengeResponse">the challenge response nt</param> private void ComputeResponse( NegotiateTypes flags, ulong serverChallenge, ICollection <AV_PAIR> targetInfo, byte[] responseKeyNT, byte[] responseKeyLM, out byte[] lmChallengeResponse, out byte[] ntChallengeResponse ) { // clientChallenge, a random 8 bytes. ulong clientChallenge = NlmpUtility.BytesToSecurityUInt64(NlmpUtility.Nonce(8)); // time ulong time = 0; if (!NlmpUtility.IsNtlmV1(this.client.Config.Version)) { time = NlmpUtility.GetTime(targetInfo); } byte[] sessionBaseKey = null; // compute response NlmpUtility.ComputeResponse( this.client.Config.Version, flags, responseKeyNT, responseKeyLM, serverChallenge, clientChallenge, time, NlmpUtility.AvPairCollectionGetBytes(targetInfo), out ntChallengeResponse, out lmChallengeResponse, out sessionBaseKey); // save key to context this.client.Context.SessionBaseKey = sessionBaseKey; }
/// <summary> /// create a challenge packet. This packet contains CHALLENGE_MESSAGE. The CHALLENGE_MESSAGE defines an NTLM /// challenge message that is sent from the server to the client. The CHALLENGE_MESSAGE is used by the server /// to challenge the client to prove its identity. /// </summary> /// <param name="negotiateFlags">The client sets flags to indicate options it supports.</param> /// <param name="version"> /// This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is /// ignored and does not affect the NTLM message processing. /// </param> /// <param name="serverChallenge">contains the NTLM challenge. The challenge is a 64-bit nonce.</param> /// <param name="targetName"> /// TargetName contains the name of the server authentication realm, and MUST be expressed in the negotiated /// character set. A server that is a member of a domain returns the domain of which it is a member, and a /// server that is not a member of a domain returns the server name. This param can be null. /// </param> /// <param name="targetInfo"> /// TargetInfo contains a sequence of AV_PAIR structures.This param can be null. /// </param> /// <returns>the NlmpChallengePacket</returns> /// <noException></noException> public NlmpChallengePacket CreateChallengePacket( NegotiateTypes negotiateFlags, VERSION version, ulong serverChallenge, string targetName, ICollection <AV_PAIR> targetInfo ) { NlmpChallengePacket packet = new NlmpChallengePacket(); packet.SetNegotiateFlags(negotiateFlags); if (NlmpUtility.IsVersionRequired(negotiateFlags)) { packet.SetVersion(version); } packet.SetServerChallenge(serverChallenge); if (NlmpUtility.IsDomainType(negotiateFlags) || NlmpUtility.IsServerType(negotiateFlags)) { packet.SetTargetName(targetName); } // generate bytes of targetinfo byte[] targetInfoBytes = NlmpUtility.AvPairCollectionGetBytes(targetInfo); // initialize targetinfofield packet.SetTargetInfo(targetInfoBytes); return(packet); }
public void GetSecurityToken( NlmpVersion ntlmVersion, string domainName, string userName, string password, ulong serverTime, ulong serverChallenge, out byte[] caseInsensitivePassword, out byte[] caseSensitivePassword) { if (ntlmVersion != NlmpVersion.v1 && ntlmVersion != NlmpVersion.v2) { throw new ArgumentException( string.Format("the ntlmVersion({0}) must be valid NlmpVersion value", ntlmVersion), "ntlmVersion"); } caseInsensitivePassword = null; caseSensitivePassword = null; #region Prepare the TargetInfo byte[] targetInfo = null; List <AV_PAIR> pairs = new List <AV_PAIR>(); NlmpUtility.AddAVPair(pairs, AV_PAIR_IDs.MsvAvEOL, 0x00, null); targetInfo = NlmpUtility.AvPairCollectionGetBytes(pairs); #endregion #region Prepare the Nlmp Negotiate Flags // the flags for negotiate NegotiateTypes nlmpFlags = NegotiateTypes.NTLMSSP_NEGOTIATE_NTLM | NegotiateTypes.NTLM_NEGOTIATE_OEM; #endregion // exported to application for the SessionKey. byte[] sessionBaseKey = null; #region Prepare the keys // responseKeyNT byte[] responseKeyNT = NlmpUtility.GetResponseKeyNt(ntlmVersion, domainName, userName, password); // responseKeyLM byte[] responseKeyLM = NlmpUtility.GetResponseKeyLm(ntlmVersion, domainName, userName, password); #endregion #region Compute Response // clientChallenge, a 8 bytes random number. ulong clientChallenge = BitConverter.ToUInt64(NlmpUtility.Nonce(8), 0); // compute response NlmpUtility.ComputeResponse( ntlmVersion, nlmpFlags, responseKeyNT, responseKeyLM, serverChallenge, clientChallenge, serverTime, targetInfo, out caseSensitivePassword, out caseInsensitivePassword, out sessionBaseKey); #endregion }