[jcifs] Wrong LM AND NTLM response ?

Eric Glass eric.glass at gmail.com
Sun Aug 19 23:39:12 GMT 2007



The response you are describing is the NTLM2 Session Response.

On 8/18/07, contra1984 contra1984 <contra1984 at googlemail.com> wrote:
> Hi,
> i've done the following:
> I've used wireshark to sniff the ntlm auth process.
> The challenge is: 2C16C0A8C3BD8E81
> Then the client sends the following response and successfully(!!)
> authenticates:
> LM Response:     7C8C54322317144A00000000000000000000000000000000
> NTLM Response: 8B1E93000E0530AEDCAC6FE545381E097A7E70774DD6FA17
> I've used some tools to recalculate that result and I always get a
> different result.
> Btw the password is apollo13.
> Using the callenge above and the password I get the following results:
> LM Response:     815070A194807CD1F3991C5438B29709EFA1A920D87FFE73
> NTLM Response: DD530B169C688244BE8C1EA5BAFE356B00FCFB7574907009
> You may also know this site: http://davenport.sourceforge.net/ntlm.html#theNtlmResponse
> If I use the values from this site (challenge: 0123456789abcdef and
> password: SecREt01) I get exactly the same results as this guy from this
> site so my calculation should be right.
> Btw, I'm using the java code from this site :http://davenport.sourceforge.net/ntlm.html#appendixD
> to do the calculation so it's not some code I've written in a few hours.
> Please tell me why my calculation ALWAYS differs from the one I sniffed in
> wireshark?
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list