public bool IsPasswordEmpty(AuthenticateMessage message) { // Special case for anonymous authentication, see [MS-NLMP] 3.3.1 - NTLM v1 Authentication if (message.LmChallengeResponse.Length == 1 || message.NtChallengeResponse.Length == 0) { return(true); } byte[] clientChallenge = ByteReader.ReadBytes(message.LmChallengeResponse, 0, 8); byte[] emptyPasswordNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(m_serverChallenge, clientChallenge, String.Empty); if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv1Response, message.NtChallengeResponse)) { return(true); } if (message.NtChallengeResponse.Length > 24) { NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(message.NtChallengeResponse, 16); byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded(); byte[] emptyPasswordNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(m_serverChallenge, clientChallengeStructurePadded, String.Empty, message.UserName, message.DomainName); if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv2Response, message.NtChallengeResponse)) { return(true); } } return(false); }
/// <summary> /// LM v1 / NTLM v1 Extended Security /// </summary> public User AuthenticateV1Extended(string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse) { for (int index = 0; index < this.Count; index++) { string accountName = this[index].AccountName; string password = this[index].Password; if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase)) { byte[] clientChallenge = ByteReader.ReadBytes(lmResponse, 0, 8); byte[] expectedNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(serverChallenge, clientChallenge, password); if (ByteUtils.AreByteArraysEqual(expectedNTLMv1Response, ntlmResponse)) { return(this[index]); } } } return(null); }