encrypted DCE/RPC - progress.
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Feb 17 15:48:40 GMT 1998
paul ashton is exploring the nt lm ssp interface, and the password
changing (samr commands 0x38 and 0x37). i've added dce/rpc parsing
support for the "authentication verification" (to be tested shortly :-) in
the bind / bind ack, but not the encryption of the "stub data".
we don't know what the nt lm ssp encryption is: the default appears to be
rc4, but we don't know what the key is. 8 bytes come from the client, 8
from the server, and there should be some fancy function to create a key
for the rc4 decryption.
absolutely no idea.
onward and upwards...
<a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk" > Samba and Network Consultancy </a>
More information about the samba-ntdom