Analiza działania procesu uwierzytelniania NTLM

L.p.CzasPrzesłane nagłówki HTTPZdekodowane dane uwierzytelniająceKierunek
10Accept: text/html, application/xhtml+xml, */*
Accept-Language: pl-PL
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Window
s NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
przeglądarka
=>
serwer
20.0079HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Sun, 20 Oct 2013 13:13:05 GMT
serwer
=>
przeglądarka
30.025Accept: text/html, application/xhtml+xml, */*
Accept-Language: pl-PL
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Window
s NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Authorization: Negotiate YIGBBgYrBgEFBQKgdzB1oDAwLgYK
KwYBBAGCNwICCgYJKoZIgvcSAQICBgkqhkiG9xIBAgIGCisGAQQBgjcCAh6i
QQQ/TlRMTVNTUAABAAAAl7II4gkACQA2AAAADgAOACgAAAAGAbEdAAAAD0tP
TlNBTE5FVC0xMDA0S09OU0FMTkVU
` 0x81 0x81 0x06 0x06 + 0x06 0x01 0x05 0x05 0x02 0xA0 w0u 0xA0 00. 0x06 0x0A + 0x06 0x01 0x04 0x01 0x82 7 0x02 0x02 0x0A 0x06 0x09 * 0x86 H 0x82 0xF7 0x12 0x01 0x02 0x02 0x06 0x09 * 0x86 H 0x86 0xF7 0x12 0x01 0x02 0x02 0x06 0x0A + 0x06 0x01 0x04 0x01 0x82 7 0x02 0x02 0x1E 0xA2 A 0x04 ?NTLMSSP 0x00 0x01 0x00 0x00 0x00 0x97 0xB2 0x08 0xE2 0x09 0x00 0x09 0x00 6 0x00 0x00 0x00 0x0E 0x00 0x0E 0x00 ( 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F KONSALNET-1004KONSALNET
Message type 1

Flags: 0xe208b297
    NEGOTIATE_UNICODE
    NEGOTIATE_OEM
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_SIGN
    NEGOTIATE_LAN_MANAGER_KEY
    NEGOTIATE_NTLM
    NEGOTIATE_DOMAIN_SUPPLIED
    NEGOTIATE_WORKSTATION_SUPPLIED
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION
    NEGOTIATE_KEY_EXCHANGE

OS Version: 6.1 (build 7601)
Domain: KONSALNET
Host: KONSALNET-1004
przeglądarka
=>
serwer
40.0692HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate oYIBLTCCASmgAwoBAaEMBgorB
gEEAYI3AgIKooIBEgSCAQ5OVExNU1NQAAIAAAASABIAOAAAABWCieK+sp0tv
wAw6gAAAAAAAAAAxADEAEoAAAAGAbEdAAAAD0sATwBOAFMAQQBMAE4ARQBUA
AIAEgBLAE8ATgBTAEEATABOAEUAVAABABAATQBQAFIAWgBCAFcAMAAxAAQAJ
ABrAG8AbgBzAGEAbABuAGUAdAAuAGkAbgB0AGUAcgBuAGEAbAADADYATQBQA
FIAWgBCAFcAMAAxAC4AawBvAG4AcwBhAGwAbgBlAHQALgBpAG4AdABlAHIAb
gBhAGwABQAkAGsAbwBuAHMAYQBsAG4AZQB0AC4AaQBuAHQAZQByAG4AYQBsA
AcACACS3cscls3OAQAAAAA=
Date: Sun, 20 Oct 2013 13:13:05 GMT
0xA1 0x82 0x01 -0 0x82 0x01 ) 0xA0 0x03 0x0A 0x01 0x01 0xA1 0x0C 0x06 0x0A + 0x06 0x01 0x04 0x01 0x82 7 0x02 0x02 0x0A 0xA2 0x82 0x01 0x12 0x04 0x82 0x01 0x0E NTLMSSP 0x00 0x02 0x00 0x00 0x00 0x12 0x00 0x12 0x00 8 0x00 0x00 0x00 0x15 0x82 0x89 0xE2 0xBE 0xB2 0x9D - 0xBF 0x00 0 0xEA 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xC4 0x00 0xC4 0x00 J 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x02 0x00 0x12 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x01 0x00 0x10 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 0x04 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x03 0x00 6 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 . 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x05 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x07 0x00 0x08 0x00 0x92 0xDD 0xCB 0x1C 0x96 0xCD 0xCE 0x01 0x00 0x00 0x00 0x00
Message type 2

Flags: 0xe2898215
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_SIGN
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    TARGET_TYPE_DOMAIN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION
    NEGOTIATE_KEY_EXCHANGE

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
Challenge: 0xbeb29d2dbf0030ea
Context: 0x0000000000000000
Target Information Domain (type: 2): KONSALNET
Target Information Server (type: 1): MPRZBW01
Target Information DNS Domain (type: 4): konsalnet.internal
Target Information DNS Server (type: 3): MPRZBW01.konsalnet.internal
Target Information Unknown (type: 5): konsalnet.internal
Target Information Unknown (type: 7): 0x92ddcb1c96cdce01
serwer
=>
przeglądarka
50.081Accept: text/html, application/xhtml+xml, */*
Accept-Language: pl-PL
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Window
s NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Authorization: Negotiate oYH8MIH5oAMKAQGigd0EgdpOVExN
U1NQAAMAAAAYABgAmgAAABgAGACyAAAAEgASAFgAAAAUABQAagAAABwAHAB+
AAAAEAAQAMoAAAAVgojiBgGxHQAAAA/PPuPCieAZi6Euvh+OHs7ZSwBPAE4A
UwBBAEwATgBFAFQAcABhAHcAZQBsAC4AcwBrAHUAcABLAE8ATgBTAEEATABO
AEUAVAAtADEAMAAwADQAQHcwG06AR8EAAAAAAAAAAAAAAAAAAAAAgbj+4+T8
JW+n+CfA6Ok40j2IE/HBckWmgFwR+aC8LtONLmXlQ+zHU6MSBBABAAAATOJy
E/yYT6MAAAAA
0xA1 0x81 0xFC 0 0x81 0xF9 0xA0 0x03 0x0A 0x01 0x01 0xA2 0x81 0xDD 0x04 0x81 0xDA NTLMSSP 0x00 0x03 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x9A 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0xB2 0x00 0x00 0x00 0x12 0x00 0x12 0x00 X 0x00 0x00 0x00 0x14 0x00 0x14 0x00 j 0x00 0x00 0x00 0x1C 0x00 0x1C 0x00 ~ 0x00 0x00 0x00 0x10 0x00 0x10 0x00 0xCA 0x00 0x00 0x00 0x15 0x82 0x88 0xE2 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F 0xCF > 0xE3 0xC2 0x89 0xE0 0x19 0x8B 0xA1 . 0xBE 0x1F 0x8E 0x1E 0xCE 0xD9 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 p 0x00 a 0x00 w 0x00 e 0x00 l 0x00 . 0x00 s 0x00 k 0x00 u 0x00 p 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 - 0x00 1 0x00 0 0x00 0 0x00 4 0x00 @w0 0x1B N 0x80 G 0xC1 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x81 0xB8 0xFE 0xE3 0xE4 0xFC %o 0xA7 0xF8 ' 0xC0 0xE8 0xE9 8 0xD2 = 0x88 0x13 0xF1 0xC1 rE 0xA6 0x80 \ 0x11 0xF9 0xA0 0xBC . 0xD3 0x8D .e 0xE5 C 0xEC 0xC7 S 0xA3 0x12 0x04 0x10 0x01 0x00 0x00 0x00 L 0xE2 r 0x13 0xFC 0x98 O 0xA3 0x00 0x00 0x00 0x00
Message type 3

Flags: 0xe2888215
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_SIGN
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION
    NEGOTIATE_KEY_EXCHANGE

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
User Name: pawel.skup
Workstation Name: KONSALNET-1004
Session Key: 0xca000000
LM Response: 0x4077301b4e8047c100000000000000000000000000000000
NTLM Response: 0x81b8fee3e4fc256fa7f827c0e8e938d23d8813f1c17245a6
przeglądarka
=>
serwer
60.2293HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 14115
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Oct 2013 13:12:05 GMT
Server: Microsoft-HTTPAPI/2.0
X-AspNet-Version: 2.0.50727
Date: Sun, 20 Oct 2013 13:13:05 GMT
serwer
=>
przeglądarka