ianclegg
commented
6 years ago Yeah, I would not expect that to work, all your are doing there is calling ntowfv1() which is the implementation of the NTLMv1 MD4 hash in the Microsoft Protocol Spec. NTLM is more than just a DIGEST mechanism.
NTLM operates on a challenge response, you'll to need do a context exchange like cntlm does. That means opening a HTTP connection and sending and receiving the authorisation headers back and fortch over that channel. Don't forget NTLM is connection oriented - so you need to use the same TCP connection for that.
Also, I would also expect the results to be different, the bytes of the NTLM token depends on a large number of variables - it is a negotiation and depends on how the client has been configured as well as the target server.
Have you tried the steps outline on the readme.md?
auth = PasswordAuthentication('SERVER2012', 'Administrator', 'Pa55w0rd')
ntlm_context = NtlmContext(auth, session_security='none')
# Generate the initial negotiate token
context = ntlm_context.initialize_security_context()
negotiate = context.send(None)
# < Now send the negotiate token to the sever and receive the challenge >
# Generate the authenticate token from the challenge
authenticate = context.send(challenge)
#< Now send the authenticate token to the server to complete authentication >
...`
pktehgm
Hello Ian,
I would like to use ntmlib library as I would use cntlm. The problem with cntlm is that apparently it doesn't support special characters (§,Ω, chinese characters etc) in passwords, only ascii.
The result from your library is different from that obtained with cntlm. Am I using it wrongly?
python code: from ntlmlib.authentication import PasswordAuthentication import binascii print(binascii.hexlify(PasswordAuthentication.ntowfv1('password123')).upper())
cntlm command: echo "password123" | cntlm -H -u username -d domain.com
If you could help me with some directions or a more detailed guide for using the lib.
All the best, Mihai