[jcifs] Wrong LM AND NTLM response ?

contra1984 contra1984 contra1984 at googlemail.com
Sun Aug 19 02:19:52 GMT 2007


i've done the following:
I've used wireshark to sniff the ntlm auth process.
The challenge is: 2C16C0A8C3BD8E81
Then the client sends the following response and successfully(!!)
LM Response:     7C8C54322317144A00000000000000000000000000000000
NTLM Response: 8B1E93000E0530AEDCAC6FE545381E097A7E70774DD6FA17

I've used some tools to recalculate that result and I always get a different
Btw the password is apollo13.

Using the callenge above and the password I get the following results:
LM Response:     815070A194807CD1F3991C5438B29709EFA1A920D87FFE73
NTLM Response: DD530B169C688244BE8C1EA5BAFE356B00FCFB7574907009

You may also know this site:
If I use the values from this site (challenge: 0123456789abcdef and
password: SecREt01) I get exactly the same results as this guy from this
site so my calculation should be right.

Btw, I'm using the java code from this site :
http://davenport.sourceforge.net/ntlm.html#appendixD to do the calculation
so it's not some code I've written in a few hours.

Please tell me why my calculation ALWAYS differs from the one I sniffed in
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list