Analiza działania procesu uwierzytelniania NTLM

L.p.CzasPrzesłane nagłówki HTTPZdekodowane dane uwierzytelniająceKierunek
10Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) Apple
WebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safar
i/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4
przeglądarka
=>
serwer
20.0084HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Sun, 20 Oct 2013 13:20:13 GMT
serwer
=>
przeglądarka
30.5238Connection: keep-alive
Authorization: Negotiate YIGBBgYrBgEFBQKgdzB1oDAwLgYK
KwYBBAGCNwICCgYJKoZIgvcSAQICBgkqhkiG9xIBAgIGCisGAQQBgjcCAh6i
QQQ/TlRMTVNTUAABAAAAl7II4gkACQA2AAAADgAOACgAAAAGAbEdAAAAD0tP
TlNBTE5FVC0xMDA0S09OU0FMTkVU
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) Apple
WebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safar
i/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4
` 0x81 0x81 0x06 0x06 + 0x06 0x01 0x05 0x05 0x02 0xA0 w0u 0xA0 00. 0x06 0x0A + 0x06 0x01 0x04 0x01 0x82 7 0x02 0x02 0x0A 0x06 0x09 * 0x86 H 0x82 0xF7 0x12 0x01 0x02 0x02 0x06 0x09 * 0x86 H 0x86 0xF7 0x12 0x01 0x02 0x02 0x06 0x0A + 0x06 0x01 0x04 0x01 0x82 7 0x02 0x02 0x1E 0xA2 A 0x04 ?NTLMSSP 0x00 0x01 0x00 0x00 0x00 0x97 0xB2 0x08 0xE2 0x09 0x00 0x09 0x00 6 0x00 0x00 0x00 0x0E 0x00 0x0E 0x00 ( 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F KONSALNET-1004KONSALNET
Message type 1

Flags: 0xe208b297
    NEGOTIATE_UNICODE
    NEGOTIATE_OEM
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_SIGN
    NEGOTIATE_LAN_MANAGER_KEY
    NEGOTIATE_NTLM
    NEGOTIATE_DOMAIN_SUPPLIED
    NEGOTIATE_WORKSTATION_SUPPLIED
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION
    NEGOTIATE_KEY_EXCHANGE

OS Version: 6.1 (build 7601)
Domain: KONSALNET
Host: KONSALNET-1004
przeglądarka
=>
serwer
40.5316HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate oYIBLTCCASmgAwoBAaEMBgorB
gEEAYI3AgIKooIBEgSCAQ5OVExNU1NQAAIAAAASABIAOAAAABWCieJl67WQ2
v02BwAAAAAAAAAAxADEAEoAAAAGAbEdAAAAD0sATwBOAFMAQQBMAE4ARQBUA
AIAEgBLAE8ATgBTAEEATABOAEUAVAABABAATQBQAFIAWgBCAFcAMAAxAAQAJ
ABrAG8AbgBzAGEAbABuAGUAdAAuAGkAbgB0AGUAcgBuAGEAbAADADYATQBQA
FIAWgBCAFcAMAAxAC4AawBvAG4AcwBhAGwAbgBlAHQALgBpAG4AdABlAHIAb
gBhAGwABQAkAGsAbwBuAHMAYQBsAG4AZQB0AC4AaQBuAHQAZQByAG4AYQBsA
AcACAA3zxscl83OAQAAAAA=
Date: Sun, 20 Oct 2013 13:20:13 GMT
0xA1 0x82 0x01 -0 0x82 0x01 ) 0xA0 0x03 0x0A 0x01 0x01 0xA1 0x0C 0x06 0x0A + 0x06 0x01 0x04 0x01 0x82 7 0x02 0x02 0x0A 0xA2 0x82 0x01 0x12 0x04 0x82 0x01 0x0E NTLMSSP 0x00 0x02 0x00 0x00 0x00 0x12 0x00 0x12 0x00 8 0x00 0x00 0x00 0x15 0x82 0x89 0xE2 e 0xEB 0xB5 0x90 0xDA 0xFD 6 0x07 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xC4 0x00 0xC4 0x00 J 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x02 0x00 0x12 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x01 0x00 0x10 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 0x04 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x03 0x00 6 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 . 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x05 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x07 0x00 0x08 0x00 7 0xCF 0x1B 0x1C 0x97 0xCD 0xCE 0x01 0x00 0x00 0x00 0x00
Message type 2

Flags: 0xe2898215
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_SIGN
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    TARGET_TYPE_DOMAIN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION
    NEGOTIATE_KEY_EXCHANGE

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
Challenge: 0x65ebb590dafd3607
Context: 0x0000000000000000
Target Information Domain (type: 2): KONSALNET
Target Information Server (type: 1): MPRZBW01
Target Information DNS Domain (type: 4): konsalnet.internal
Target Information DNS Server (type: 3): MPRZBW01.konsalnet.internal
Target Information Unknown (type: 5): konsalnet.internal
Target Information Unknown (type: 7): 0x37cf1b1c97cdce01
serwer
=>
przeglądarka
51.0429Connection: keep-alive
Authorization: Negotiate oYH8MIH5oAMKAQGigd0EgdpOVExN
U1NQAAMAAAAYABgAmgAAABgAGACyAAAAEgASAFgAAAAUABQAagAAABwAHAB+
AAAAEAAQAMoAAAAVgojiBgGxHQAAAA/VMwv6Rs+CFFzkeCb3sIw1SwBPAE4A
UwBBAEwATgBFAFQAcABhAHcAZQBsAC4AcwBrAHUAcABLAE8ATgBTAEEATABO
AEUAVAAtADEAMAAwADQAvvsivabBzrMAAAAAAAAAAAAAAAAAAAAAhAfArZSM
E6zxb2yW8pyP9piqwg9K4KTovX0RX91rPt9KEZqiYWlzc6MSBBABAAAAGbIz
GUOz+swAAAAA
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) Apple
WebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safar
i/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4
0xA1 0x81 0xFC 0 0x81 0xF9 0xA0 0x03 0x0A 0x01 0x01 0xA2 0x81 0xDD 0x04 0x81 0xDA NTLMSSP 0x00 0x03 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x9A 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0xB2 0x00 0x00 0x00 0x12 0x00 0x12 0x00 X 0x00 0x00 0x00 0x14 0x00 0x14 0x00 j 0x00 0x00 0x00 0x1C 0x00 0x1C 0x00 ~ 0x00 0x00 0x00 0x10 0x00 0x10 0x00 0xCA 0x00 0x00 0x00 0x15 0x82 0x88 0xE2 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F 0xD5 3 0x0B 0xFA F 0xCF 0x82 0x14 \ 0xE4 x& 0xF7 0xB0 0x8C 5K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 p 0x00 a 0x00 w 0x00 e 0x00 l 0x00 . 0x00 s 0x00 k 0x00 u 0x00 p 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 - 0x00 1 0x00 0 0x00 0 0x00 4 0x00 0xBE 0xFB " 0xBD 0xA6 0xC1 0xCE 0xB3 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x84 0x07 0xC0 0xAD 0x94 0x8C 0x13 0xAC 0xF1 ol 0x96 0xF2 0x9C 0x8F 0xF6 0x98 0xAA 0xC2 0x0F J 0xE0 0xA4 0xE8 0xBD } 0x11 _ 0xDD k> 0xDF J 0x11 0x9A 0xA2 aiss 0xA3 0x12 0x04 0x10 0x01 0x00 0x00 0x00 0x19 0xB2 3 0x19 C 0xB3 0xFA 0xCC 0x00 0x00 0x00 0x00
Message type 3

Flags: 0xe2888215
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_SIGN
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION
    NEGOTIATE_KEY_EXCHANGE

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
User Name: pawel.skup
Workstation Name: KONSALNET-1004
Session Key: 0xca000000
LM Response: 0xbefb22bda6c1ceb300000000000000000000000000000000
NTLM Response: 0x8407c0ad948c13acf16f6c96f29c8ff698aac20f4ae0a4e8
przeglądarka
=>
serwer
61.1374HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 14115
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Oct 2013 13:19:14 GMT
Server: Microsoft-HTTPAPI/2.0
X-AspNet-Version: 2.0.50727
Date: Sun, 20 Oct 2013 13:20:14 GMT
serwer
=>
przeglądarka