+ }
+
+
+ /**
+ * An implementation of Microsoft's proprietary NTLM authentication protocol. This code was derived from Eric
+ * Glass's work, and is copyright as follows:
+ *
+ * Copyright (c) 2003 Eric Glass (eglass1 at comcast.net).
+ *
+ * Permission to use, copy, modify, and distribute this document for any purpose and without any fee is hereby
+ * granted, provided that the above copyright notice and this list of conditions appear in all copies.
+ * The most current version of this document may be obtained from http://davenport.sourceforge.net/ntlm.html .
+ */
+ public static class NTLM {
+
+ public static final byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x02, 0x02, 0x00 };
+
+ /**
+ * Calculates the NTLM Response for the given challenge, using the
+ * specified password.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ *
+ * @return The NTLM Response.
+ */
+ public static byte[] getNTLMResponse(String password, byte[] challenge)
+ throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ return lmResponse(ntlmHash, challenge);
+ }
+
+ /**
+ * Calculates the LM Response for the given challenge, using the specified
+ * password.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ *
+ * @return The LM Response.
+ */
+ public static byte[] getLMResponse(String password, byte[] challenge)
+ throws Exception {
+ byte[] lmHash = lmHash(password);
+ return lmResponse(lmHash, challenge);
+ }
+
+ /**
+ * Calculates the NTLMv2 Response for the given challenge, using the
+ * specified authentication target, username, password, target information
+ * block, and client challenge.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The user's password.
+ * @param targetInformation The target information block from the Type 2
+ * message.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The NTLMv2 Response.
+ */
+ public static byte[] getNTLMv2Response(String target, String user,
+ String password, byte[] targetInformation, byte[] challenge,
+ byte[] clientChallenge) throws Exception {
+ byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+ byte[] blob = createBlob(targetInformation, clientChallenge);
+ return lmv2Response(ntlmv2Hash, blob, challenge);
+ }
+
+ /**
+ * Calculates the LMv2 Response for the given challenge, using the
+ * specified authentication target, username, password, and client
+ * challenge.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The LMv2 Response.
+ */
+ public static byte[] getLMv2Response(String target, String user,
+ String password, byte[] challenge, byte[] clientChallenge)
+ throws Exception {
+ byte[] ntlmv2Hash = ntlmv2Hash(target, user, password);
+ return lmv2Response(ntlmv2Hash, clientChallenge, challenge);
+ }
+
+ /**
+ * Calculates the NTLM2 Session Response for the given challenge, using the
+ * specified password and client challenge.
+ *
+ * @param password The user's password.
+ * @param challenge The Type 2 challenge from the server.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The NTLM2 Session Response. This is placed in the NTLM
+ * response field of the Type 3 message; the LM response field contains
+ * the client challenge, null-padded to 24 bytes.
+ */
+ public static byte[] getNTLM2SessionResponse(String password,
+ byte[] challenge, byte[] clientChallenge) throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ MD5Digest md5 = new MD5Digest();
+ md5.update(challenge, 0, challenge.length);
+ md5.update(clientChallenge, 0, clientChallenge.length);
+ byte[] sessionHash = new byte[8];
+ byte[] md5_out = new byte[md5.getDigestSize()];
+ md5.doFinal(md5_out, 0);
+ System.arraycopy(md5_out, 0, sessionHash, 0, 8);
+ return lmResponse(ntlmHash, sessionHash);
+ }
+
+ /**
+ * Creates the LM Hash of the user's password.
+ *
+ * @param password The password.
+ *
+ * @return The LM Hash of the given password, used in the calculation
+ * of the LM Response.
+ */
+ private static byte[] lmHash(String password) throws Exception {
+ /*
+ byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII");
+ int length = java.lang.Math.min(oemPassword.length, 14);
+ byte[] keyBytes = new byte[14];
+ System.arraycopy(oemPassword, 0, keyBytes, 0, length);
+ Key lowKey = createDESKey(keyBytes, 0);
+ Key highKey = createDESKey(keyBytes, 7);
+ byte[] magicConstant = "KGS!@#$%".getBytes("US-ASCII");
+ Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+ des.init(Cipher.ENCRYPT_MODE, lowKey);
+ byte[] lowHash = des.doFinal(magicConstant);
+ des.init(Cipher.ENCRYPT_MODE, highKey);
+ byte[] highHash = des.doFinal(magicConstant);
+ byte[] lmHash = new byte[16];
+ System.arraycopy(lowHash, 0, lmHash, 0, 8);
+ System.arraycopy(highHash, 0, lmHash, 8, 8);
+ return lmHash;
+ */
+ return null;
+ }
+
+ /**
+ * Creates the NTLM Hash of the user's password.
+ *
+ * @param password The password.
+ *
+ * @return The NTLM Hash of the given password, used in the calculation
+ * of the NTLM Response and the NTLMv2 and LMv2 Hashes.
+ */
+ private static byte[] ntlmHash(String password) throws Exception {
+ byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
+ MD4Digest md4 = new MD4Digest();
+ md4.update(unicodePassword, 0, unicodePassword.length);
+ byte[] ret = new byte[md4.getDigestSize()];
+ return ret;
+ }
+
+ /**
+ * Creates the NTLMv2 Hash of the user's password.
+ *
+ * @param target The authentication target (i.e., domain).
+ * @param user The username.
+ * @param password The password.
+ *
+ * @return The NTLMv2 Hash, used in the calculation of the NTLMv2
+ * and LMv2 Responses.
+ */
+ private static byte[] ntlmv2Hash(String target, String user,
+ String password) throws Exception {
+ byte[] ntlmHash = ntlmHash(password);
+ String identity = user.toUpperCase() + target.toUpperCase();
+ return hmacMD5(identity.getBytes("UnicodeLittleUnmarked"), ntlmHash);
+ }
+
+ /**
+ * Creates the LM Response from the given hash and Type 2 challenge.
+ *
+ * @param hash The LM or NTLM Hash.
+ * @param challenge The server challenge from the Type 2 message.
+ *
+ * @return The response (either LM or NTLM, depending on the provided
+ * hash).
+ */
+ private static byte[] lmResponse(byte[] hash, byte[] challenge)
+ throws Exception {
+ /*
+ byte[] keyBytes = new byte[21];
+ System.arraycopy(hash, 0, keyBytes, 0, 16);
+ Key lowKey = createDESKey(keyBytes, 0);
+ Key middleKey = createDESKey(keyBytes, 7);
+ Key highKey = createDESKey(keyBytes, 14);
+ Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
+ des.init(Cipher.ENCRYPT_MODE, lowKey);
+ byte[] lowResponse = des.doFinal(challenge);
+ des.init(Cipher.ENCRYPT_MODE, middleKey);
+ byte[] middleResponse = des.doFinal(challenge);
+ des.init(Cipher.ENCRYPT_MODE, highKey);
+ byte[] highResponse = des.doFinal(challenge);
+ byte[] lmResponse = new byte[24];
+ System.arraycopy(lowResponse, 0, lmResponse, 0, 8);
+ System.arraycopy(middleResponse, 0, lmResponse, 8, 8);
+ System.arraycopy(highResponse, 0, lmResponse, 16, 8);
+ return lmResponse;
+ */
+ return null;
+ }
+
+ /**
+ * Creates the LMv2 Response from the given hash, client data, and
+ * Type 2 challenge.
+ *
+ * @param hash The NTLMv2 Hash.
+ * @param clientData The client data (blob or client challenge).
+ * @param challenge The server challenge from the Type 2 message.
+ *
+ * @return The response (either NTLMv2 or LMv2, depending on the
+ * client data).
+ */
+ private static byte[] lmv2Response(byte[] hash, byte[] clientData,
+ byte[] challenge) throws Exception {
+ byte[] data = new byte[challenge.length + clientData.length];
+ System.arraycopy(challenge, 0, data, 0, challenge.length);
+ System.arraycopy(clientData, 0, data, challenge.length,
+ clientData.length);
+ byte[] mac = hmacMD5(data, hash);
+ byte[] lmv2Response = new byte[mac.length + clientData.length];
+ System.arraycopy(mac, 0, lmv2Response, 0, mac.length);
+ System.arraycopy(clientData, 0, lmv2Response, mac.length,
+ clientData.length);
+ return lmv2Response;
+ }
+
+ /**
+ * Creates the NTLMv2 blob from the given target information block and
+ * client challenge.
+ *
+ * @param targetInformation The target information block from the Type 2
+ * message.
+ * @param clientChallenge The random 8-byte client challenge.
+ *
+ * @return The blob, used in the calculation of the NTLMv2 Response.
+ */
+ private static byte[] createBlob(byte[] targetInformation,
+ byte[] clientChallenge) {
+ byte[] blobSignature = new byte[] {
+ (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00