encrypted DCE/RPC - progress.

Luke Kenneth Casson Leighton lkcl at switchboard.net
Tue Feb 17 17:43:22 GMT 1998

On Wed, 18 Feb 1998, Luke Kenneth Casson Leighton wrote:

> paul ashton is exploring the nt lm ssp interface, and the password
> changing (samr commands 0x38 and 0x37).  i've added dce/rpc parsing
> support for the "authentication verification" (to be tested shortly :-) in
> the bind / bind ack, but not the encryption of the "stub data".

just noticed that this is a 16 byte key from the server, 8 bytes of which
are zero.  there's nothing from the client in the bind request.

client-> rpc bind req (negotiate nt lm ssp)
server-> rpc bind resp (confirm nt lm ssp, send 16 byte stuff)

client-> rpc request  - stub data plus 16 byte "authenticator".
server-> rpc response - stub data plus 16 byte "authenticator".


More information about the samba-ntdom mailing list