http://www.tekritisoftware.com/android-ntlm-authentication
With the increasing usage of smart phone in our daily life, this usage is getting more quantitative as well as qualitative by each passing day. It started with basic telephony then gaming and now it has graduated to Apps which helps in managing and exchanging important data like mails, financial details, payrolls and many more. Such heavy exchanges from or to the outer world is done by interacting with different server through legacy communication protocols and that involves different types of authentication handshakes.
Recently we came across a requirement of communicating to a server which is using NTLM authentication protocol. Now some of you would think “What is NTLM” so here is the answer::
NTLM is a suite of Microsoft security protocol and is successor to the authentication protocol in Microsoft LAN Manager. It is used for the authentication and negotiation of secure DCE purpose.
NTLM Security Service Provider (NTLMSSP) implements some core operations and these are::
1) Authentication :: Clients would be able to prove their respective identities
2) Signing :: It provides digital “signature” security.
3) Sealing :: It keeps the data confidential by providing symmetric-Key encryption.
More about NTLM and its authentication mechanism can be read in details at
http://www.innovation.ch/personal/ronald/ntlm.html
http://davenport.sourceforge.net/ntlm.html#whatIsNtlm
Here is the solution for successfully authenticating and communicating with a server using NTLM authentication protocol:
Step 1: We need to have the JCIF library.
JCIFS can be downloaded from: http://jcifs.samba.org/
Step 2: Create a class which is the AuthSchemeFactory interface:
NTLMSchemeFactory.java:
package com.movit.util;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeFactory;
import org.apache.http.impl.auth.NTLMScheme;
import org.apache.http.params.HttpParams;
public class NTLMSchemeFactory implements AuthSchemeFactory {
public AuthScheme newInstance(HttpParams params) {
return new NTLMScheme(new JCIFSEngine());
}
}
Step 3. Create a class for acting as a NTLM engine interface, which does all the type message validation and verification.
JCIFSEngine.java
package com.movit.util;
import java.io.IOException;
import jcifs.ntlmssp.NtlmFlags;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import org.apache.http.impl.auth.NTLMEngine;
import org.apache.http.impl.auth.NTLMEngineException;
public class JCIFSEngine implements NTLMEngine {
private static final int TYPE_1_FLAGS = NtlmFlags.NTLMSSP_NEGOTIATE_56 | NtlmFlags.NTLMSSP_NEGOTIATE_128
| NtlmFlags.NTLMSSP_NEGOTIATE_NTLM2
| NtlmFlags.NTLMSSP_NEGOTIATE_ALWAYS_SIGN
| NtlmFlags.NTLMSSP_REQUEST_TARGET;
public String generateType1Msg(String domain, String workstation) throws NTLMEngineException {
final Type1Message type1Message = new Type1Message(TYPE_1_FLAGS, domain, workstation);
return Base64.encode(type1Message.toByteArray());
}
public String generateType3Msg(String username, String password, String domain, String workstation, String challenge)
throws NTLMEngineException {
Type2Message type2Message;
try {
type2Message = new Type2Message(Base64.decode(challenge));
} catch (final IOException exception) {
throw new NTLMEngineException("Error in type2 message", exception);
}
final int type2Flags = type2Message.getFlags();
final int type3Flags = type2Flags
& (0xffffffff ^ (NtlmFlags.NTLMSSP_TARGET_TYPE_DOMAIN | NtlmFlags.NTLMSSP_TARGET_TYPE_SERVER));
final Type3Message type3Message = new Type3Message(type2Message, password, domain, username, workstation, type3Flags);
return Base64.encode(type3Message.toByteArray());
}
}
step 4. Register the NTLM Scheme Factory with HttpClient instance and other domain credentials to do the handshake. It has been observed that deviceIP and domainName is not required on a mandatory basis. These can be set as null also.
/*
* authentication method 7
* webserviceUrl,
* url of the web service.
* webserviceIP,
* IP of the server.
* username, Domain username
* password, Domain password
*/
public int getFileSize(String webserviceUrl, String username, String password) {
int fileSize = 0;
try {
String deviceIP = null;// getLocalIpAddress(); Device IP
String domainName = FileUtils.DOMAIN_NAME;
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());
AuthScope authScope = new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT);
AuthScope authScope1 = new AuthScope(null, -1);
httpclient.getCredentialsProvider().setCredentials(authScope,
new NTCredentials(username, password, deviceIP, domainName));
HttpGet httpGet = new HttpGet(webserviceUrl);
httpGet.getParams().setBooleanParameter(CoreProtocolPNames.USE_EXPECT_CONTINUE, false);
HttpResponse response = httpclient.execute(httpGet);
// String responseXML = EntityUtils.toString(response.getEntity());
if (HttpStatus.SC_OK == response.getStatusLine().getStatusCode()) {
HttpEntity entity = response.getEntity();
//fileSize = (int) entity.getContentLength();
fileSize = getfileSizeByInputStream(entity.getContent());
entity.consumeContent();
return fileSize;
}
} catch (Exception e) {
e.printStackTrace();
}
return fileSize;
}
public int getfileSizeByInputStream(InputStream input) {
BufferedInputStream bis = new BufferedInputStream(input);
int progress = 0;
try {
int length;
byte buffer[] = new byte[6 * 1024];
while (-1 != (length = bis.read(buffer))) {
progress += length;
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (null != bis) {
bis.close();
bis = null;
}
} catch (Exception e) {
e.printStackTrace();
}
}
return progress;
}
public String getLocalIpAddress() {
String deviceIp = null;
boolean keepLookupOn = true;
try {
Enumeration availableNetwork = NetworkInterface.getNetworkInterfaces();
while (availableNetwork.hasMoreElements() && keepLookupOn) {
NetworkInterface intf = (NetworkInterface) availableNetwork.nextElement();
Enumeration enumIpAddr = intf.getInetAddresses();
while (enumIpAddr.hasMoreElements()) {
InetAddress inetAddress = (InetAddress) enumIpAddr.nextElement();
deviceIp = inetAddress.getHostAddress().toString();
if (!inetAddress.isLoopbackAddress() && InetAddressUtils.isIPv4Address(deviceIp)) {
keepLookupOn = false;
break;
}
}
}
} catch (SocketException ex) {
ex.printStackTrace();
}
return deviceIp;
}
相关推荐
NTLM (NT LAN Manager) 是一种身份验证协议,主要用于Windows操作系统环境中的网络认证。它基于挑战-响应机制,提供了一种安全的用户身份验证方式。在Delphi编程中,使用NTLM进行身份验证通常涉及到系统安全支持提供...
NTLM(NT LAN Manager)是一种身份验证协议,广泛用于Windows网络环境,特别是在与Microsoft Active Directory集成的环境中。在Java编程中,如果你需要访问一个只接受NTLM身份验证的Web服务或者资源,你就需要实现...
Python library that provides NTLM support, including an authentication handler for urllib2. Works with pass-the-hash in additon to password authentication.
在IT行业中,尤其是在Web服务和企业级应用集成的领域,NTLM(NT LAN Manager)认证是一种常见的身份验证机制,尤其在Windows环境中。Axis2是一个流行的Java Web服务框架,它允许开发人员创建、部署和消费Web服务。本...
NT LAN Manager(NTLM)是一种微软实现的身份验证协议,常用于Windows环境下的AD域身份验证。下面我们将详细探讨如何在Java环境中利用NTLM协议集成AD域进行登录,并了解相关文件的作用。 首先,让我们理解NTLM协议...
LM和NTLM哈希是两种广泛用于Windows身份验证的安全机制,它们主要用于存储用户密码的不可逆版本,以保护用户凭证不被轻易破解。C++作为一种强大的编程语言,可以用来实现这两种哈希算法。在Visual Studio 2008环境下...
NTLM验证机制主要包括三个阶段:挑战(Challenge)、响应(Response)和认证(Authentication)。下面将详细解释这三个阶段以及NTLM的工作原理。 1. 挑战阶段: 在用户尝试访问受保护的资源时,服务器会发送一个...
NTLM 认证基本原理及编程简介 NTLM 认证是一种广泛使用的身份验证机制,它在 Windows NT 系统中广泛应用。NTLM 认证机制是基于挑战/响应模式的,它可以 garantir 服务器和客户机之间的身份验证。下面是 NTLM 认证的...
NTLM(NT LAN Manager)是Windows操作系统中使用的一种身份验证协议,主要负责在网络环境中提供安全认证服务。在本文中,我们将深入探讨NTLM的工作原理、挑战模式、散列认证过程以及NTLM算法的实现。 NTLM协议是...
requests-ntlm, 请求的NTLM身份验证支持 请求 ntlm 这个包允许使用请求库进行 HTTP NTLM身份验证。用法HttpNtlmAuth 扩展请求 AuthBase,因此使用很简单:import requestsfrom requests_ntlm
### 绕过NTLM认证方式的另一种方法 #### 背景与意义 NTLM (NT LAN Manager) 是一种由Microsoft开发的安全协议,用于Windows环境中用户的认证。在默认配置下,许多Windows系统的telnet服务会启用NTLM认证,这对于...
关于NTLM验证 由于Telnet功能太强大,而且也是入侵者使用最频繁的登录手段之一,因此微软公司为Telnet添加了身份验证,称为NTLM验证,它要求Telnet终端除了需要有Telnet服务主机的用户名和密码外,还需要满足NTLM...
NTLM工作流程包括三个步骤:挑战(Challenge)、响应(Response)和验证(Authentication)。当用户尝试访问受保护的资源时,服务器会发送一个随机的挑战值,客户端使用该挑战值和用户的凭据(如密码)生成一个加密...
包括源代码 <br>Version 6.0.26.0 (8 February 2007) <br>Implemented Features: <br>HTTP Client - HTTPS (SSL / TLS) protocol, NTLM and Negotiate authentication were implemented. FTP Server -...
interface declarations for SMB authentication code 只要将此头文件放入VC文件夹中的“Include”文件中即可。相信,这对大家都挺好的。
用于突破Telnet中的NTLM权限认证:先和目标计算机建立一个IPC$连接,将ntlm.exe复制到目标计算机上,再通过at命令执行即可。
Once you're behind those cold steel bars of a corporate proxy server requiring NTLM authentication, you're done with. The same even applies to 3rd party Windows applications, which don't support NTLM...
NTLM协议(NT LAN Manager)是一种广泛应用于Windows系统的身份验证机制,但由于其设计上的缺陷,经常成为攻击者利用的对象,特别是NTLM中继攻击(NTLM Relay)问题。 NTLM中继攻击是指攻击者通过监听网络上的NTLM...
本代码实现了网络代理通信,包含复杂的网络环境,ntlm认证等
除了基本的认证功能,requests_ntlm2还支持一些高级特性,如多目标认证(Mutual Authentication),这在处理需要双向验证的场景中非常有用。此外,它还兼容requests库的各种特性,如超时、重试策略等,让开发者可以...