encrypted DCE/RPC - progress.
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Feb 17 17:43:22 GMT 1998
On Wed, 18 Feb 1998, Luke Kenneth Casson Leighton wrote:
> paul ashton is exploring the nt lm ssp interface, and the password
> changing (samr commands 0x38 and 0x37). i've added dce/rpc parsing
> support for the "authentication verification" (to be tested shortly :-) in
> the bind / bind ack, but not the encryption of the "stub data".
just noticed that this is a 16 byte key from the server, 8 bytes of which
are zero. there's nothing from the client in the bind request.
client-> rpc bind req (negotiate nt lm ssp)
server-> rpc bind resp (confirm nt lm ssp, send 16 byte stuff)
client-> rpc request - stub data plus 16 byte "authenticator".
server-> rpc response - stub data plus 16 byte "authenticator".
More information about the samba-ntdom