Ntml hash authentication process

Enterprise 2022-04-27 16:01:40 views: null

Ntml hash authentication process

1 Introduction

  The password is stored in %SystemRoot%\system32\config\ sam . When we log in to the Windows system, the system automatically reads the password in the SAM and compares it with the password we entered. If it is the same, the authentication is successful.

2. The generation of NTML HASH

  NTLM Hash supports Net NTLM authentication protocol and local authentication. It is 32 digits long and consists of numbers and letters. Windows itself does not store the user's plaintext password. It stores the user's plaintext password in the SAM database after encrypting it. When the user logs in, the plaintext password entered by the user is also encrypted into NTLM Hash and compared with the NTLM Hash in the SAM database. The predecessor of NTLM Hash is LMHash.
  Convert plaintext password to ASCII code - "hexadecimal encoding - "Unicode encoding - "MD4

3. Windows local authentication

insert image description here

4. Windows network authentication

(1) The first step of negotiation: The client mainly confirms the version of the protocol to the server in this step, whether it is v1 or v2.
(2) The client sends a request for user information (username) to the server, and the server receives the request and generates a 16-bit random number, which is called "Challenge", and uses the NTLM Hash corresponding to the login username to encrypt the Challenge (16 random characters), generate Challenge1. At the same time, after generating Challenge1, send the Challenge (16-bit random character) to the client. After the client receives the Challenge, it uses the NTLMHash encrypted Challenge to log in to the account to generate the Response, and then sends the Response to the server
. After receiving the Response from the client, the server compares Challenge1 and Response to see if they are equal. If they are equal, the authentication is passed. .
insert image description here
①After the server receives the username sent by the client, it determines whether there is a username in the local account list. If not, it returns the authentication failure. If so, it generates a challenge, and finds the NTLM Hash corresponding to the username locally, and uses the NTLM Hash to encrypt the challenge. Generate a Net-NTLM Hash in memory and send the Challenge to the Client.
② After the Client receives the Challenge, it converts the password of the user name provided by itself into NTLM Hash, and uses the NTLM Hash to encrypt the Challenge. The result is called Response, which is expressed in the form of Net-NTLM Hash, and finally sends the Response to the Server.
③The Server receives the Response sent by the Client, and compares the Response with the previous Net-NTLM Hash. If they are equal, the authentication is passed.
Tip: Challenge is a 16-byte random number generated by the server. Each authentication is different. The representation of Response is Net-NTLM Hash, which is the result of the challenge returned by the server encrypted by the password hash provided by the client.

Guess you like

Origin blog.csdn.net/qq_45697116/article/details/123970662
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com