Security Memo

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1423 more sorted by tag →

NetNTLM

created Jan 08, 2024updated Aug 31, 20242 min read

NetNTLMv1/v2 are legacy authentication protocols for Active Directory environments, where nowadays Kerberos is preferred instead. NTLM hashes are used but not sent over the network. Instead, hashes are used for challenge-response authentication. When a user authenticates into a server, the server serves as a jumping pad for the authentication request since only the DC knows the user hash. The server forwards the client’s response to the DC and DC replies with whether or not the client is authenticated. Alternatively, the process can be done locally if the server knows the hash (using SAM).

sequenceDiagram
    participant A as Client
    participant B as App Server
    participant C as DC
    A->>B: Username
    B->>A: Nonce
    A->>B: Nonce encrypted with hash
    B->>C: Username, Nonce, Response
    C->>B: Approve/deny authentication
    B->>A: Approve/deny authentication

Note that crack.sh also offers to crack hashes for a small fee.

The following explanations are taken from this Medium article.

NetNTLMv1

NetNTLMv1 is a legacy and insecure version of NetNTLM.

Example client response:

u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c

Client response composition:

C = 8-byte server challenge, random
K1 | K2 | K3 = LM/NT-hash | 5-bytes-0
response = DES(K1,C) | DES(K2,C) | DES(K3,C)

To crack NetNTLMv1 with john and hashcat:

john --format=netntlm hash.txt
hashcat -m 5500 -a 3 hash.txt

NetNTLMv2

NetNTLMv2 is a newer challenge-response authentication method based on HMAC-MD5 instead of DES.

Example client response:

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030

Client response composition:

SC = 8-byte server challenge, random
CC = 8-byte client challenge, random
CC* = (X, time, CC2, domain name)
v2-Hash = HMAC-MD5(NT-Hash, user name, domain name)
LMv2 = HMAC-MD5(v2-Hash, SC, CC)
NTv2 = HMAC-MD5(v2-Hash, SC, CC*)
response = LMv2 | CC | NTv2 | CC*

To crack NetNTLMv2 with john and hashcat:

john --format=netntlmv2 hash.txt
hashcat -m 5600 -a 3 hash.txt

Graph View

Sources

Backlinks