summaryrefslogtreecommitdiff
path: root/source3/rpcclient/cmd_samr.c
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-11-21 19:24:01 +0000
committerLuke Leighton <lkcl@samba.org>1999-11-21 19:24:01 +0000
commitdab1a1227873f1a88dc7a4b8f63edcccd60ada85 (patch)
treec73b914c6ed0287542a0760800e3a236484b3892 /source3/rpcclient/cmd_samr.c
parent680dcc934182544aa49a4a426f2263c1aaedd4aa (diff)
downloadsamba-dab1a1227873f1a88dc7a4b8f63edcccd60ada85.tar.gz
samba-dab1a1227873f1a88dc7a4b8f63edcccd60ada85.tar.bz2
samba-dab1a1227873f1a88dc7a4b8f63edcccd60ada85.zip
you know what? this sort of thing makes me laugh. hmm, what functions
have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal); (This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
Diffstat (limited to 'source3/rpcclient/cmd_samr.c')
-rw-r--r--source3/rpcclient/cmd_samr.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 542c0ffe41..0f0a19f2d1 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1891,6 +1891,9 @@ void cmd_sam_set_userinfo(struct client_info *info)
{
encode_pw_buffer(pwbuf, password,
strlen(password), True);
+#ifdef DEBUG_PASSWORD
+ dump_data(100, smb_cli->sess_key, 16);
+#endif
SamOEMhash(pwbuf, smb_cli->sess_key, 1);
}