Analiza działania procesu uwierzytelniania NTLM

L.p.CzasPrzesłane nagłówki HTTPZdekodowane dane uwierzytelniająceKierunek
10User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:24
.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
przeglądarka
=>
serwer
20.0066HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Sun, 20 Oct 2013 13:22:01 GMT
serwer
=>
przeglądarka
310.345User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:24
.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAA
AAAAAAAAAAGAbEdAAAADw==
NTLMSSP 0x00 0x01 0x00 0x00 0x00 0x07 0x82 0x08 0xA2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F
Message type 1

Flags: 0xa2088207
    NEGOTIATE_UNICODE
    NEGOTIATE_OEM
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 6.1 (build 7601)
Domain:
Host:
przeglądarka
=>
serwer
410.3509HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAEgASADgAAAAFgo
mivjvnBNdcRAkAAAAAAAAAAMQAxABKAAAABgGxHQAAAA9LAE8ATgBTAEEATA
BOAEUAVAACABIASwBPAE4AUwBBAEwATgBFAFQAAQAQAE0AUABSAFoAQgBXAD
AAMQAEACQAawBvAG4AcwBhAGwAbgBlAHQALgBpAG4AdABlAHIAbgBhAGwAAw
A2AE0AUABSAFoAQgBXADAAMQAuAGsAbwBuAHMAYQBsAG4AZQB0AC4AaQBuAH
QAZQByAG4AYQBsAAUAJABrAG8AbgBzAGEAbABuAGUAdAAuAGkAbgB0AGUAcg
BuAGEAbAAHAAgAm46EYpfNzgEAAAAA
Date: Sun, 20 Oct 2013 13:22:11 GMT
NTLMSSP 0x00 0x02 0x00 0x00 0x00 0x12 0x00 0x12 0x00 8 0x00 0x00 0x00 0x05 0x82 0x89 0xA2 0xBE ; 0xE7 0x04 0xD7 \D 0x09 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xC4 0x00 0xC4 0x00 J 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x02 0x00 0x12 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x01 0x00 0x10 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 0x04 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x03 0x00 6 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 . 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x05 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x07 0x00 0x08 0x00 0x9B 0x8E 0x84 b 0x97 0xCD 0xCE 0x01 0x00 0x00 0x00 0x00
Message type 2

Flags: 0xa2898205
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    TARGET_TYPE_DOMAIN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
Challenge: 0xbe3be704d75c4409
Context: 0x0000000000000000
Target Information Domain (type: 2): KONSALNET
Target Information Server (type: 1): MPRZBW01
Target Information DNS Domain (type: 4): konsalnet.internal
Target Information DNS Server (type: 3): MPRZBW01.konsalnet.internal
Target Information Unknown (type: 5): konsalnet.internal
Target Information Unknown (type: 7): 0x9b8e846297cdce01
serwer
=>
przeglądarka
510.36User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:24
.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAo
AAAAAAAAABYAAAAFAAUAFgAAAAcABwAbAAAAAAAAAC4AAAABYKIogYBsR0AA
AAP6freIkYVWXYKHwP8qKNAFVAAYQB3AGUAbAAuAFMAawB1AHAASwBPAE4AU
wBBAEwATgBFAFQALQAxADAAMAA0AAMXGn2G6tReAAAAAAAAAAAAAAAAAAAAA
PZ9ch6dQwcUjv7gAZ2TYRzG71onZ7aRGA==
NTLMSSP 0x00 0x03 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x88 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0xA0 0x00 0x00 0x00 0x00 0x00 0x00 0x00 X 0x00 0x00 0x00 0x14 0x00 0x14 0x00 X 0x00 0x00 0x00 0x1C 0x00 0x1C 0x00 l 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xB8 0x00 0x00 0x00 0x05 0x82 0x88 0xA2 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F 0xE9 0xFA 0xDE "F 0x15 Yv 0x0A 0x1F 0x03 0xFC 0xA8 0xA3 @ 0x15 P 0x00 a 0x00 w 0x00 e 0x00 l 0x00 . 0x00 S 0x00 k 0x00 u 0x00 p 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 - 0x00 1 0x00 0 0x00 0 0x00 4 0x00 0x03 0x17 0x1A } 0x86 0xEA 0xD4 ^ 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xF6 }r 0x1E 0x9D C 0x07 0x14 0x8E 0xFE 0xE0 0x01 0x9D 0x93 a 0x1C 0xC6 0xEF Z'g 0xB6 0x91 0x18
Message type 3

Flags: 0xa2888205
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 6.1 (build 7601)
Target Name:
User Name: Pawel.Skup
Workstation Name: KONSALNET-1004
Session Key: 0xb8000000
LM Response: 0x03171a7d86ead45e00000000000000000000000000000000
NTLM Response: 0xf67d721e9d4307148efee0019d93611cc6ef5a2767b69118
przeglądarka
=>
serwer
610.3776HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Sun, 20 Oct 2013 13:22:11 GMT
serwer
=>
przeglądarka