public byte[] ProcessChallenge(byte[] Challenge) { byte[] bytes; RdpPacket packet = new RdpPacket(); this.m_ChallengeMsg = Challenge; packet.Write(Challenge, 0, Challenge.Length); packet.Position = 0L; long position = packet.Position; if (packet.ReadString(8) != "NTLMSSP\0") { throw new Exception("Invalid negotiation token!"); } if (packet.getLittleEndian32() != 2) { throw new Exception("Expected challenge!"); } int count = packet.getLittleEndian16(); packet.getLittleEndian16(); int num4 = packet.getLittleEndian32(); uint flags = (uint)packet.getLittleEndian32(); DumpFlags(flags); byte[] buffer = new byte[8]; packet.Read(buffer, 0, 8); byte[] buffer2 = new byte[8]; packet.Read(buffer2, 0, 8); int num5 = packet.getLittleEndian16(); packet.getLittleEndian16(); int num6 = packet.getLittleEndian32(); if ((flags & 0x2000000) != 0) { byte[] buffer3 = new byte[8]; packet.Read(buffer3, 0, 8); } if ((flags & 0x20000000) == 0) { throw new Exception("Strong Encryption not supported by server"); } byte[] buffer4 = null; if (count > 0) { buffer4 = new byte[count]; packet.Position = position + num4; packet.Read(buffer4, 0, count); Encoding.Unicode.GetString(buffer4, 0, buffer4.Length); } AV_PAIRS av_pairs = new AV_PAIRS(); byte[] buffer5 = null; if (num5 <= 0) { throw new Exception("No TargetInfo!"); } packet.Position = position + num6; buffer5 = new byte[num5]; packet.Read(buffer5, 0, num5); packet = new RdpPacket(); packet.Write(buffer5, 0, buffer5.Length); packet.Position = 0L; av_pairs.Parse(packet); byte[] data = nTOWFv2(this.m_sDomain, this.m_sUsername, this.m_sPassword); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ResponseKeyNT, data); byte[] blob = new byte[8]; RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider(); provider.GetBytes(blob); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ClientChallenge, blob); byte[] buffer8 = getLMv2Response(data, buffer, blob); if (this.m_bNTLMv2) { Array.Clear(buffer8, 0, buffer8.Length); } bool bGenerateMIC = false; if ((av_pairs.Timestamp.length <= 0) || !this.m_bNTLMv2) { bytes = BitConverter.GetBytes(DateTime.UtcNow.ToFileTimeUtc()); } else { bytes = av_pairs.Timestamp.value; bGenerateMIC = true; av_pairs.ProcessForNTLMv2(); buffer5 = av_pairs.Serialise(); } byte[] keyExchangeKey = null; byte[] buffer11 = getNTLMv2Response(data, buffer, blob, bytes, buffer5, out keyExchangeKey); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_KeyExchangeKey, keyExchangeKey); byte[] encryptedRandomSessionKey = null; byte[] buffer13 = null; buffer13 = new byte[0x10]; provider.GetBytes(buffer13); m_Socket.AddBlob(PacketLogger.PacketType.NTLM_ExportedSessionKey, buffer13); encryptedRandomSessionKey = new byte[0x10]; RC4 rc = new RC4(); rc.engineInitEncrypt(keyExchangeKey); encryptedRandomSessionKey = rc.crypt(buffer13); if ((flags & 0x40000000) == 0) { encryptedRandomSessionKey = new byte[0]; buffer13 = keyExchangeKey; } this.InitSignKeys(buffer13); return(this.Authenticate(buffer8, buffer11, this.m_sDomain, this.m_sUsername, this.m_sWorkstation, encryptedRandomSessionKey, buffer13, bGenerateMIC)); }