Monday, August 2, 2010

Different between NTLMv1 and NTLMv2

In Metasploit source, we can see the clear difference between NTLM and NTLMv2, is about the self.challenge key and self.extended_security flag. This can be observed during the negotiate protocol process, where the server will response with SMB Negotiate Protocol response. From this response, we can check the existence of challenge_key or the extended_security flag.

# Authenticate and establish a session

----def session_setup(*args)
--------if (self.dialect =~ /^(NT LANMAN 1.0|NT LM 0.12)$/)
------------if (self.challenge_key)
----------------return self.session_setup_ntlmv1(*args)
------------if ( self.extended_security )
----------------return self.session_setup_ntlmv2(*args)
--------return self.session_setup_clear(*args)

Too bad blogspot cant display the spacing well and I need to replace it with --- arghh..

Metasploit /lib/rex/proto/smb/client.rb

No comments:

Post a Comment