[jcifs] Wrong LM AND NTLM response ?
Eric Glass
eric.glass at gmail.com
Sun Aug 19 23:39:12 GMT 2007
See:
http://davenport.sourceforge.net/ntlm.html#theNtlm2SessionResponse
The response you are describing is the NTLM2 Session Response.
On 8/18/07, contra1984 contra1984 <contra1984 at googlemail.com> wrote:
>
> Hi,
>
> i've done the following:
> I've used wireshark to sniff the ntlm auth process.
> The challenge is: 2C16C0A8C3BD8E81
> Then the client sends the following response and successfully(!!)
> authenticates:
> LM Response: 7C8C54322317144A00000000000000000000000000000000
> NTLM Response: 8B1E93000E0530AEDCAC6FE545381E097A7E70774DD6FA17
>
> I've used some tools to recalculate that result and I always get a
> different result.
> Btw the password is apollo13.
>
> Using the callenge above and the password I get the following results:
> LM Response: 815070A194807CD1F3991C5438B29709EFA1A920D87FFE73
> NTLM Response: DD530B169C688244BE8C1EA5BAFE356B00FCFB7574907009
>
> You may also know this site: http://davenport.sourceforge.net/ntlm.html#theNtlmResponse
>
> If I use the values from this site (challenge: 0123456789abcdef and
> password: SecREt01) I get exactly the same results as this guy from this
> site so my calculation should be right.
>
> Btw, I'm using the java code from this site :http://davenport.sourceforge.net/ntlm.html#appendixD
> to do the calculation so it's not some code I've written in a few hours.
>
> Please tell me why my calculation ALWAYS differs from the one I sniffed in
> wireshark?
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list