public static byte[] GetAuthenticateMessage(byte[] securityBlob, string domainName, string userName, string password, AuthenticationMethod authenticationMethod, out byte[] sessionKey) { sessionKey = null; bool useGSSAPI = false; SimpleProtectedNegotiationTokenResponse inputToken = null; try { inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0, false) as SimpleProtectedNegotiationTokenResponse; } catch { } ChallengeMessage challengeMessage; if (inputToken != null) { challengeMessage = GetChallengeMessage(inputToken.ResponseToken); useGSSAPI = true; } else { challengeMessage = GetChallengeMessage(securityBlob); } if (challengeMessage == null) { return(null); } DateTime time = DateTime.UtcNow; byte[] clientChallenge = new byte[8]; new Random().NextBytes(clientChallenge); AuthenticateMessage authenticateMessage = new AuthenticateMessage(); // https://msdn.microsoft.com/en-us/library/cc236676.aspx authenticateMessage.NegotiateFlags = NegotiateFlags.Sign | NegotiateFlags.NTLMSessionSecurity | NegotiateFlags.AlwaysSign | NegotiateFlags.Version | NegotiateFlags.Use128BitEncryption | NegotiateFlags.Use56BitEncryption; if ((challengeMessage.NegotiateFlags & NegotiateFlags.UnicodeEncoding) > 0) { authenticateMessage.NegotiateFlags |= NegotiateFlags.UnicodeEncoding; } else { authenticateMessage.NegotiateFlags |= NegotiateFlags.OEMEncoding; } if ((challengeMessage.NegotiateFlags & NegotiateFlags.KeyExchange) > 0) { authenticateMessage.NegotiateFlags |= NegotiateFlags.KeyExchange; } if (authenticationMethod == AuthenticationMethod.NTLMv1) { authenticateMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey; } else { authenticateMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity; } authenticateMessage.UserName = userName; authenticateMessage.DomainName = domainName; authenticateMessage.WorkStation = Environment.MachineName; byte[] sessionBaseKey; byte[] keyExchangeKey; if (authenticationMethod == AuthenticationMethod.NTLMv1 || authenticationMethod == AuthenticationMethod.NTLMv1ExtendedSessionSecurity) { if (authenticationMethod == AuthenticationMethod.NTLMv1) { authenticateMessage.LmChallengeResponse = NTLMCryptography.ComputeLMv1Response(challengeMessage.ServerChallenge, password); authenticateMessage.NtChallengeResponse = NTLMCryptography.ComputeNTLMv1Response(challengeMessage.ServerChallenge, password); } else // NTLMv1ExtendedSessionSecurity { authenticateMessage.LmChallengeResponse = ByteUtils.Concatenate(clientChallenge, new byte[16]); authenticateMessage.NtChallengeResponse = NTLMCryptography.ComputeNTLMv1ExtendedSessionSecurityResponse(challengeMessage.ServerChallenge, clientChallenge, password); } // https://msdn.microsoft.com/en-us/library/cc236699.aspx sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password)); byte[] lmowf = NTLMCryptography.LMOWFv1(password); keyExchangeKey = NTLMCryptography.KXKey(sessionBaseKey, authenticateMessage.NegotiateFlags, authenticateMessage.LmChallengeResponse, challengeMessage.ServerChallenge, lmowf); } else // NTLMv2 { NTLMv2ClientChallenge clientChallengeStructure = new NTLMv2ClientChallenge(time, clientChallenge, challengeMessage.TargetInfo); byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded(); byte[] ntProofStr = NTLMCryptography.ComputeNTLMv2Proof(challengeMessage.ServerChallenge, clientChallengeStructurePadded, password, userName, domainName); authenticateMessage.LmChallengeResponse = NTLMCryptography.ComputeLMv2Response(challengeMessage.ServerChallenge, clientChallenge, password, userName, challengeMessage.TargetName); authenticateMessage.NtChallengeResponse = ByteUtils.Concatenate(ntProofStr, clientChallengeStructurePadded); // https://msdn.microsoft.com/en-us/library/cc236700.aspx byte[] responseKeyNT = NTLMCryptography.NTOWFv2(password, userName, domainName); sessionBaseKey = new HMACMD5(responseKeyNT).ComputeHash(ntProofStr); keyExchangeKey = sessionBaseKey; } authenticateMessage.Version = NTLMVersion.Server2003; // https://msdn.microsoft.com/en-us/library/cc236676.aspx if ((challengeMessage.NegotiateFlags & NegotiateFlags.KeyExchange) > 0) { sessionKey = new byte[16]; new Random().NextBytes(sessionKey); authenticateMessage.EncryptedRandomSessionKey = RC4.Encrypt(keyExchangeKey, sessionKey); } else { sessionKey = keyExchangeKey; } if (useGSSAPI) { SimpleProtectedNegotiationTokenResponse outputToken = new SimpleProtectedNegotiationTokenResponse(); outputToken.ResponseToken = authenticateMessage.GetBytes(); return(outputToken.GetBytes()); } else { return(authenticateMessage.GetBytes()); } }