[jcifs] Getting domain info from one server to another
Michael B Allen
ioplex at gmail.com
Fri Jun 5 00:03:58 GMT 2009
2009/6/4 Someone wrote:
>> PS: Pay attention that this is not real authentication. If the credentials
>> are prompted to the user on the client side, what he puts in the
>> authentication box is what you will get on the server side.
<snip>
>> // Step 3: Authentication message received
>> if (msg[8] == 3) {
>> int off = 30;
>> int length, offset;
>> length = (msg[off+1]<<8) + msg[off];
>> offset = (msg[off+3]<<8) + msg[off+2];
>> String domain = new String(msg, offset, length);
>> length = (msg[off+9]<<8) + msg[off+8];
>> offset = (msg[off+11]<<8) + msg[off+10];
>> String user = new String(msg, offset, length);
>> length = (msg[off+17]<<8) + msg[off+16];
>> offset = (msg[off+19]<<8) + msg[off+18];
>> String ws = new String(msg, offset, length);
OMG. The notorious NTLMSSP username hack. Please don't post this crap
to the list. Otherwise, someone might think it's ok to actually use
it.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the jcifs
mailing list