Analiza działania procesu uwierzytelniania NTLM

L.p.CzasPrzesłane nagłówki HTTPZdekodowane dane uwierzytelniająceKierunek
10Accept: image/gif, image/jpeg, image/pjpeg, image/pjp
eg, application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, applicat
ion/x-ms-application, application/x-ms-xbap, application/vnd
.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: pl
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Window
s NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506
.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
przeglądarka
=>
serwer
20.0365HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Sun, 20 Oct 2013 11:49:16 GMT
serwer
=>
przeglądarka
30.0638Accept: image/gif, image/jpeg, image/pjpeg, image/pjp
eg, application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, applicat
ion/x-ms-application, application/x-ms-xbap, application/vnd
.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: pl
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Window
s NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506
.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Authorization: Negotiate TlRMTVNTUAABAAAAB7IIogkACQAy
AAAACgAKACgAAAAFASgKAAAAD1FBQ0lFU0xJS05LT05TQUxORVQ=
NTLMSSP 0x00 0x01 0x00 0x00 0x00 0x07 0xB2 0x08 0xA2 0x09 0x00 0x09 0x00 2 0x00 0x00 0x00 0x0A 0x00 0x0A 0x00 ( 0x00 0x00 0x00 0x05 0x01 ( 0x0A 0x00 0x00 0x00 0x0F QACIESLIKNKONSALNET
Message type 1

Flags: 0xa208b207
    NEGOTIATE_UNICODE
    NEGOTIATE_OEM
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_DOMAIN_SUPPLIED
    NEGOTIATE_WORKSTATION_SUPPLIED
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 5.1 (build 2600)
Domain: KONSALNET
Host: QACIESLIKN
przeglądarka
=>
serwer
40.0913HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAA
AAFgomiVGvs4mBUaOIAAAAAAAAAAMQAxABKAAAABgGxHQAAAA9LAE8ATgBTA
EEATABOAEUAVAACABIASwBPAE4AUwBBAEwATgBFAFQAAQAQAE0AUABSAFoAQ
gBXADAAMQAEACQAawBvAG4AcwBhAGwAbgBlAHQALgBpAG4AdABlAHIAbgBhA
GwAAwA2AE0AUABSAFoAQgBXADAAMQAuAGsAbwBuAHMAYQBsAG4AZQB0AC4Aa
QBuAHQAZQByAG4AYQBsAAUAJABrAG8AbgBzAGEAbABuAGUAdAAuAGkAbgB0A
GUAcgBuAGEAbAAHAAgAcTSxZ4rNzgEAAAAA
Date: Sun, 20 Oct 2013 11:49:16 GMT
NTLMSSP 0x00 0x02 0x00 0x00 0x00 0x12 0x00 0x12 0x00 8 0x00 0x00 0x00 0x05 0x82 0x89 0xA2 Tk 0xEC 0xE2 `Th 0xE2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xC4 0x00 0xC4 0x00 J 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x02 0x00 0x12 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x01 0x00 0x10 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 0x04 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x03 0x00 6 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 . 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x05 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x07 0x00 0x08 0x00 q4 0xB1 g 0x8A 0xCD 0xCE 0x01 0x00 0x00 0x00 0x00
Message type 2

Flags: 0xa2898205
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    TARGET_TYPE_DOMAIN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
Challenge: 0x546bece2605468e2
Context: 0x0000000000000000
Target Information Domain (type: 2): KONSALNET
Target Information Server (type: 1): MPRZBW01
Target Information DNS Domain (type: 4): konsalnet.internal
Target Information DNS Server (type: 3): MPRZBW01.konsalnet.internal
Target Information Unknown (type: 5): konsalnet.internal
Target Information Unknown (type: 7): 0x7134b1678acdce01
serwer
=>
przeglądarka
50.1352Accept: image/gif, image/jpeg, image/pjpeg, image/pjp
eg, application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, applicat
ion/x-ms-application, application/x-ms-xbap, application/vnd
.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: pl
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Window
s NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506
.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAIIAAAAY
ABgAmgAAABIAEgBIAAAAFAAUAFoAAAAUABQAbgAAAAAAAACyAAAABYKIogUB
KAoAAAAPSwBPAE4AUwBBAEwATgBFAFQAcABhAHcAZQBsAC4AcwBrAHUAcABR
AEEAQwBJAEUAUwBMAEkASwBOAEkCm1w/XcHNAAAAAAAAAAAAAAAAAAAAAHGK
bvjvQ0LdtqRn0ThcNfe1Hmjv3pNvbw==
NTLMSSP 0x00 0x03 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x82 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x9A 0x00 0x00 0x00 0x12 0x00 0x12 0x00 H 0x00 0x00 0x00 0x14 0x00 0x14 0x00 Z 0x00 0x00 0x00 0x14 0x00 0x14 0x00 n 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xB2 0x00 0x00 0x00 0x05 0x82 0x88 0xA2 0x05 0x01 ( 0x0A 0x00 0x00 0x00 0x0F K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 p 0x00 a 0x00 w 0x00 e 0x00 l 0x00 . 0x00 s 0x00 k 0x00 u 0x00 p 0x00 Q 0x00 A 0x00 C 0x00 I 0x00 E 0x00 S 0x00 L 0x00 I 0x00 K 0x00 N 0x00 I 0x02 0x9B \?] 0xC1 0xCD 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 q 0x8A n 0xF8 0xEF CB 0xDD 0xB6 0xA4 g 0xD1 8\5 0xF7 0xB5 0x1E h 0xEF 0xDE 0x93 oo
Message type 3

Flags: 0xa2888205
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 5.1 (build 2600)
Target Name: KONSALNET
User Name: pawel.skup
Workstation Name: QACIESLIKN
Session Key: 0xb2000000
LM Response: 0x49029b5c3f5dc1cd00000000000000000000000000000000
NTLM Response: 0x718a6ef8ef4342ddb6a467d1385c35f7b51e68efde936f6f
przeglądarka
=>
serwer
60.2645HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 14115
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Oct 2013 11:48:17 GMT
Server: Microsoft-HTTPAPI/2.0
X-AspNet-Version: 2.0.50727
Date: Sun, 20 Oct 2013 11:49:16 GMT
serwer
=>
przeglądarka