Analiza działania procesu uwierzytelniania NTLM

L.p.CzasPrzesłane nagłówki HTTPZdekodowane dane uwierzytelniająceKierunek
10User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:24
.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
przeglądarka
=>
serwer
20.0175HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Sun, 20 Oct 2013 17:35:26 GMT
serwer
=>
przeglądarka
30.0312User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:24
.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAABAAAAB7IIogkACQA2AAAAD
gAOACgAAAAGAbEdAAAAD0tPTlNBTE5FVC0xMDA0S09OU0FMTkVU
NTLMSSP 0x00 0x01 0x00 0x00 0x00 0x07 0xB2 0x08 0xA2 0x09 0x00 0x09 0x00 6 0x00 0x00 0x00 0x0E 0x00 0x0E 0x00 ( 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F KONSALNET-1004KONSALNET
Message type 1

Flags: 0xa208b207
    NEGOTIATE_UNICODE
    NEGOTIATE_OEM
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_DOMAIN_SUPPLIED
    NEGOTIATE_WORKSTATION_SUPPLIED
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 6.1 (build 7601)
Domain: KONSALNET
Host: KONSALNET-1004
przeglądarka
=>
serwer
40.0371HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAEgASADgAAAAFgo
mir4qkxNZe2H8AAAAAAAAAAMQAxABKAAAABgGxHQAAAA9LAE8ATgBTAEEATA
BOAEUAVAACABIASwBPAE4AUwBBAEwATgBFAFQAAQAQAE0AUABSAFoAQgBXAD
AAMQAEACQAawBvAG4AcwBhAGwAbgBlAHQALgBpAG4AdABlAHIAbgBhAGwAAw
A2AE0AUABSAFoAQgBXADAAMQAuAGsAbwBuAHMAYQBsAG4AZQB0AC4AaQBuAH
QAZQByAG4AYQBsAAUAJABrAG8AbgBzAGEAbABuAGUAdAAuAGkAbgB0AGUAcg
BuAGEAbAAHAAgAmA0Yw7rNzgEAAAAA
Date: Sun, 20 Oct 2013 17:35:26 GMT
NTLMSSP 0x00 0x02 0x00 0x00 0x00 0x12 0x00 0x12 0x00 8 0x00 0x00 0x00 0x05 0x82 0x89 0xA2 0xAF 0x8A 0xA4 0xC4 0xD6 ^ 0xD8  0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xC4 0x00 0xC4 0x00 J 0x00 0x00 0x00 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x02 0x00 0x12 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 0x01 0x00 0x10 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 0x04 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x03 0x00 6 0x00 M 0x00 P 0x00 R 0x00 Z 0x00 B 0x00 W 0x00 0 0x00 1 0x00 . 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x05 0x00 $ 0x00 k 0x00 o 0x00 n 0x00 s 0x00 a 0x00 l 0x00 n 0x00 e 0x00 t 0x00 . 0x00 i 0x00 n 0x00 t 0x00 e 0x00 r 0x00 n 0x00 a 0x00 l 0x00 0x07 0x00 0x08 0x00 0x98 0x0D 0x18 0xC3 0xBA 0xCD 0xCE 0x01 0x00 0x00 0x00 0x00
Message type 2

Flags: 0xa2898205
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    TARGET_TYPE_DOMAIN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
Challenge: 0xaf8aa4c4d65ed87f
Context: 0x0000000000000000
Target Information Domain (type: 2): KONSALNET
Target Information Server (type: 1): MPRZBW01
Target Information DNS Domain (type: 4): konsalnet.internal
Target Information DNS Server (type: 3): MPRZBW01.konsalnet.internal
Target Information Unknown (type: 5): konsalnet.internal
Target Information Unknown (type: 7): 0x980d18c3bacdce01
serwer
=>
przeglądarka
50.0442User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:24
.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/x
ml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJoAAAAYABgAs
gAAABIAEgBYAAAAFAAUAGoAAAAcABwAfgAAAAAAAADKAAAABYKIogYBsR0AA
AAPu1pXQsJFVVJAP4m0GeUm3ksATwBOAFMAQQBMAE4ARQBUAHAAYQB3AGUAb
AAuAHMAawB1AHAASwBPAE4AUwBBAEwATgBFAFQALQAxADAAMAA0AHWMwMwY4
VHnAAAAAAAAAAAAAAAAAAAAANh59I64c8IatOCrzuEWuf15I4ukP1+FzA==
NTLMSSP 0x00 0x03 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x9A 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0xB2 0x00 0x00 0x00 0x12 0x00 0x12 0x00 X 0x00 0x00 0x00 0x14 0x00 0x14 0x00 j 0x00 0x00 0x00 0x1C 0x00 0x1C 0x00 ~ 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xCA 0x00 0x00 0x00 0x05 0x82 0x88 0xA2 0x06 0x01 0xB1 0x1D 0x00 0x00 0x00 0x0F 0xBB ZWB 0xC2 EUR@? 0x89 0xB4 0x19 0xE5 & 0xDE K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 p 0x00 a 0x00 w 0x00 e 0x00 l 0x00 . 0x00 s 0x00 k 0x00 u 0x00 p 0x00 K 0x00 O 0x00 N 0x00 S 0x00 A 0x00 L 0x00 N 0x00 E 0x00 T 0x00 - 0x00 1 0x00 0 0x00 0 0x00 4 0x00 u 0x8C 0xC0 0xCC 0x18 0xE1 Q 0xE7 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xD8 y 0xF4 0x8E 0xB8 s 0xC2 0x1A 0xB4 0xE0 0xAB 0xCE 0xE1 0x16 0xB9 0xFD y# 0x8B 0xA4 ?_ 0x85 0xCC
Message type 3

Flags: 0xa2888205
    NEGOTIATE_UNICODE
    REQUEST_SERVER_AUTH_REALM
    NEGOTIATE_NTLM
    NEGOTIATE_ALWAYS_SIGN
    NEGOTIATE_NTLM2
    NEGOTIATE_TARGET_INFO
    bit #25
    NEGOTIATE_128_BIT_ENCRYPTION

OS Version: 6.1 (build 7601)
Target Name: KONSALNET
User Name: pawel.skup
Workstation Name: KONSALNET-1004
Session Key: 0xca000000
LM Response: 0x758cc0cc18e151e700000000000000000000000000000000
NTLM Response: 0xd879f48eb873c21ab4e0abcee116b9fd79238ba43f5f85cc
przeglądarka
=>
serwer
60.1592HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 14115
Content-Type: text/html; charset=utf-8
Expires: Sun, 20 Oct 2013 17:34:26 GMT
Server: Microsoft-HTTPAPI/2.0
X-AspNet-Version: 2.0.50727
Date: Sun, 20 Oct 2013 17:35:26 GMT
serwer
=>
przeglądarka