SharpLdapRelayScan icon indicating copy to clipboard operation
SharpLdapRelayScan copied to clipboard
verified publisher icon klezVirus

NTLMChallenge() parsing data incorrectly

Open ibaiC opened this issue 1 year ago • 1 comments

The constructor in NtlmChallenge.cs ( NTLMSSP/Messages/NtlmChallenge.cs ) is parsing the Negotiate Flags and Server Challenge in the wrong order. First it parses the Challenge and then the Flags when it should be the other way around. See the corrected code in the image below.

image

I realised as I am using the modified Novell library for another project and the ToString() function was showing values for the Flags and Challenge that were offset by 4 bytes. Not sure how it affects this tool, but I imagine if the credentials being passed are valid, this would prevent authentication from completing as the NTLM Challenge is malformed (in the case of relay attacks at least).

ibaiC avatar Oct 12 '24 22:10 ibaiC

Oh wow, good spot! Thanks for letting me know! Gonna give it a look!

klezVirus avatar Oct 14 '24 10:10 klezVirus