NTLM (NT LAN manager)

• has been replaced with Kerberos but still used either when the client is authenicating to a server using an IP address, or when the client is authenicating to a server that does not belong to the same domain.

How is NTLM work?

NTLM authenciation is a challenge/response protocol and consists of three messages:

1.Type 1 (negotation)

• Client sends the Type 1 message, which contains username. (plaintext)

2. Type 2 ( challenege)

• The server geneerates the challenege and sends it back to the client.

3. Type 3 ( authentication).

• Client encrypts the challenege with the hash of the user password and returns the results of the computation to the server.
• the hash algo has to change due to security:
  1. LM which turned out to be very simple and easy to crack.
  2. replaced by NTLM
  3. NTLMv2
  4. Kerberos. (latest)
• The recent Windows operating systems might still store LM hashes for backward compatibility and send them with the NTLM protocol.

Type 3 response

LM/NTLMv1 protocols

• DES LM hash.

  1. Password is turned into UPPER CASE
  2. add Null chars until it is 14-bytes long
  3. Split the password in two blocks ( 7 bytes chunks plus 1 byte of parity)
  4. Each of the two keys is used to encrypt the fixed string "KGS!@#$%" ( 8 bytes server)
  5. Concatenate two block to form a 16-byte value.
  6. Computation of NTLM hash password converted to UNICODE, and MD4 ised to get a 16-byte long hash.
  7. NTLM response is sent together with the LM response, most of the time.

  NTLM hash

  1. 5 more bytes is added to the end of the 16 bytes hash.

  

  9. Then the 21 bytes is split in 3 blocks, 7 bytes long each + 1 parity byte. = 24 bytes long.

  10. each of the key will be used to encrypt the server challenge.

  

  

  Weakness :

  1. the block 1 and block 2 are not dependent.
  2. DES is old instrinsic weaknesses. The block 3 DES key is much weaker than the others since it has 5 null bytes for padding.

  NTLMv2

  • Contains HMAC-MD5 of the NT hash + the pair < USERNAME, Server> where USERNAME is in UPPER CASE.

  NTLMv2 Response

  • NTLMv2 HASH= HMAC-MD5(NTLMHASH, USERNAME, DOMAIN)
  • contains HMAC-MD5 (NTLMv2 Hash, <BLOB, Server_challenge>) sent along with the BLOB.

  

  the blob is

  1. BLOB sig ( 4)
  2. Reserved (4)
  3. Timestamp (8)
  4. Client nonce (Random 8 )
  5. Unknown (4)
  6. Target Info (Var)
  7. Unknown (4)

SMB relay

• mitigation
  • Network Security: LAN Manager authentication level.