ghost
commented
4 years ago
All CLA requirements met.
Closed ropnop closed 4 years ago
ghost
commented
4 years ago
All CLA requirements met.
paulmey
commented
4 years ago Thanks for this PR, @ropnop! I am entirely unfamiliar with this particular flow of the protocol, but I your addition read well like this. I don't think there is much value in factoring out the shared code from these two functions. It sounds like you have a use-case for this functionality? I realize we don't have any tests for this part of the code, but would you mind adding one for the code you added?
ropnop
commented
4 years ago Thanks! I come from a pentesting/security background, so a common use case is that during security assessments an NTLM hash is recovered (instead of the platinext password), and we need to use that hash to authenticate to services instead of the password ("pass-the-hash"). A lot of well known security tools/scanners support this functionality, and by having this function exported in the library it would open the door to more security tools written in Go. I've integrated a fork of this into my own AD scanning tool tool (https://github.com/ropnop/go-windapsearch) for example.
I'll take a look at your other tests and see how we can test this function as well!
ropnop
commented
4 years ago I added a TestCalculateNTLMv2ResponseWithHash function to the tests, which calcuates the same expected challenge responses as the other tests, but with a hardcoded hex NT hash of the password instead of the string. Let me know if you think that's sufficient? I couldn't think of a really good way to test the whole flow otherwise
paulmey
commented
4 years ago Thanks, this looks good. These tests will at least detect code drift, and hopefully bugs... 😉
Great library! Totally helped me out with a project I’m working on.
Wanted to open this to start a conversation around exposing a function to process a challenge message when you already have an NTLM hash instead of just a password. This would make it easier to implement with other tools that already start with a user’s NT hash.
Let me know what you think? I decided to basically reimplement the whole function, but could also split up both functions into shared code as well.
Thanks!