A legacy authentication protocol for Active Directory over the network, where nowadays Kerberos is used instead. NTLM hashes are used but not sent over the network. Instead, hashes are used for challenge-response authentication. When a user authenticates into a server, the server serves as a jumping pad for the authentication request since only the DC knows the user hash. The server forwards the client’s response to the DC and DC replies with whether or not the client is authenticated.
sequenceDiagram
participant A as Client
participant B as App Server
participant C as DC
A->>B: Username
B->>A: Nonce
A->>B: Nonce encrypted with hash
B->>C: Username, Nonce, Response
C->>B: Approve/deny authentication
B->>A: Approve/deny authentication
NetNTLMv1
NetNTLMv1 is a legacy and insecure version of NetNTLM.
Example client response:
u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c
Client response composition:
C = 8-byte server challenge, random
K1 | K2 | K3 = LM/NT-hash | 5-bytes-0
response = DES(K1,C) | DES(K2,C) | DES(K3,C)
To crack NetNTLMv1 with john and hashcat:
john --format=netntlm hash.txt
hashcat -m 5500 -a 3 hash.txtNetNTLMv2
NetNTLMv2 is a newer challenge-response authentication method based on HMAC-MD5 instead of DES.
Example client response:
admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030Client response composition:
SC = 8-byte server challenge, random
CC = 8-byte client challenge, random
CC* = (X, time, CC2, domain name)
v2-Hash = HMAC-MD5(NT-Hash, user name, domain name)
LMv2 = HMAC-MD5(v2-Hash, SC, CC)
NTv2 = HMAC-MD5(v2-Hash, SC, CC*)
response = LMv2 | CC | NTv2 | CC*To crack NetNTLMv2 with john and hashcat:
john --format=netntlmv2 hash.txt
hashcat -m 5600 -a 3 hash.txt