/// <summary>
/// LM v2 / NTLM v2
/// </summary>
public User AuthenticateV2(string domainNameToAuth, string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse)
{
for (int index = 0; index < this.Count; index++)
{
string accountName = this[index].AccountName;
string password = this[index].Password;
if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase))
{
byte[] _LMv2ClientChallenge = ByteReader.ReadBytes(lmResponse, 16, 8);
byte[] expectedLMv2Response = NTAuthentication.ComputeLMv2Response(serverChallenge, _LMv2ClientChallenge, password, accountName, domainNameToAuth);
if (ByteUtils.AreByteArraysEqual(expectedLMv2Response, lmResponse))
{
return(this[index]);
}
if (ntlmResponse.Length > 24)
{
NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(ntlmResponse, 16);
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
byte[] expectedNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(serverChallenge, clientChallengeStructurePadded, password, accountName, domainNameToAuth);
if (ByteUtils.AreByteArraysEqual(expectedNTLMv2Response, ntlmResponse))
{
return(this[index]);
}
}
}
}
return(null);
}
public bool IsPasswordEmpty(AuthenticateMessage message)
{
// Special case for anonymous authentication, see [MS-NLMP] 3.3.1 - NTLM v1 Authentication
if (message.LmChallengeResponse.Length == 1 || message.NtChallengeResponse.Length == 0)
{
return(true);
}
byte[] clientChallenge = ByteReader.ReadBytes(message.LmChallengeResponse, 0, 8);
byte[] emptyPasswordNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(m_serverChallenge, clientChallenge, String.Empty);
if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv1Response, message.NtChallengeResponse))
{
return(true);
}
if (message.NtChallengeResponse.Length > 24)
{
NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(message.NtChallengeResponse, 16);
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
byte[] emptyPasswordNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(m_serverChallenge, clientChallengeStructurePadded, String.Empty, message.UserName, message.DomainName);
if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv2Response, message.NtChallengeResponse))
{
return(true);
}
}
return(false);
}
public static bool NTLMv2ResponseTest()
{
byte[] serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
byte[] clientChallenge = new byte[] { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
DateTime time = DateTime.FromFileTimeUtc(0); // same as new byte[8]
NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(time, clientChallenge, "Domain", "Server");
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
byte[] response = NTAuthentication.ComputeNTLMv2Response(serverChallenge, clientChallengeStructurePadded, "Password", "User", "Domain");
byte[] expectedHash = new byte[] { 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96, 0xaa, 0xbc, 0x92, 0x7b, 0xeb, 0xef, 0x6a, 0x1c };
byte[] expected = ByteUtils.Concatenate(expectedHash, clientChallengeStructurePadded);
bool success = ByteUtils.AreByteArraysEqual(response, expected);
return(success);
}
public static bool NTLMv2AuthenticateMessageTest()
{
byte[] expected = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,
0x6c, 0x00, 0x00, 0x00, 0x54, 0x00, 0x54, 0x00, 0x84, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00,
0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x54, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00,
0x5c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xd8, 0x00, 0x00, 0x00, 0x35, 0x82, 0x88, 0xe2,
0x05, 0x01, 0x28, 0x0a, 0x00, 0x00, 0x00, 0x0f, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00,
0x69, 0x00, 0x6e, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x43, 0x00, 0x4f, 0x00,
0x4d, 0x00, 0x50, 0x00, 0x55, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x86, 0xc3, 0x50, 0x97,
0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a, 0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96, 0xaa, 0xbc, 0x92, 0x7b,
0xeb, 0xef, 0x6a, 0x1c, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00,
0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90,
0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e };
AuthenticateMessage cmp = new AuthenticateMessage(expected);
byte[] sessionKey = { 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90, 0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e };
byte[] serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
byte[] clientChallenge = new byte[] { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
byte[] serverAVPair = AVPairUtils.GetAVPairSequence("Domain", "Server");
DateTime time = DateTime.FromFileTimeUtc(0); // same as new byte[8]
NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(time, clientChallenge, "Domain", "Server");
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
AuthenticateMessage message = new AuthenticateMessage();
message.EncryptedRandomSessionKey = sessionKey;
message.Version = new Authentication.Version(5, 1, 2600, Authentication.Version.NTLMSSP_REVISION_W2K3);
message.NegotiateFlags = NegotiateFlags.NegotiateUnicode | NegotiateFlags.RequestTarget | NegotiateFlags.NegotiateSign | NegotiateFlags.NegotiateSeal | NegotiateFlags.NegotiateNTLMKey | NegotiateFlags.NegotiateAlwaysSign | NegotiateFlags.NegotiateExtendedSecurity | NegotiateFlags.NegotiateTargetInfo | NegotiateFlags.NegotiateVersion | NegotiateFlags.Negotiate128 | NegotiateFlags.NegotiateKeyExchange | NegotiateFlags.Negotiate56;
message.DomainName = "Domain";
message.WorkStation = "COMPUTER";
message.UserName = "******";
message.LmChallengeResponse = NTAuthentication.ComputeLMv2Response(serverChallenge, clientChallenge, "Password", "User", "Domain");
message.NtChallengeResponse = NTAuthentication.ComputeNTLMv2Response(serverChallenge, clientChallengeStructurePadded, "Password", "User", "Domain");
byte[] messageBytes = message.GetBytes();
// The payload entries may be distributed differently so we use cmp.GetBytes()
bool success = ByteUtils.AreByteArraysEqual(messageBytes, cmp.GetBytes());
return(success);
}
