NAME
Authen::NTLM - Perl extension for NTLM related computations
SYNOPSIS
use Authen::NTLM qw(nt_resp lm_resp negotiate_msg auth_msg);
# To compose a NTLM Negotiate Packet $flags =
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_80000000 |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_128 |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_NTLM |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_UNICODE |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_OEM |
Authen::Perl::NTLM::NTLMSSP_REQUEST_TARGET; $negotiate_msg =
negotiate_msg("my_domain", "my_ws", $flags);
# To compute the LM Response and NT Response based on password $my_pass
= "mypassword"; $lm_hpw = lm_hash($my_pass); $lm_resp =
calc_resp($lm_hpw, $nonce); $nt_hpw = nt_hash($my_pass); $nt_resp =
calc_resp($nt_hpw, $nonce);
# To compose a NTLM Response Packet $flags =
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_NTLM |
Authen::Perl::NTLM::NTLMSSP_NEGOTIATE_UNICODE |
Authen::Perl::NTLM::NTLMSSP_REQUEST_TARGET; $auth_msg =
auth_msg($lm_resp, $nt_resp, "my_userdomain", "my_username" "my_ws", "",
$flags);
# To compute a nonce at the server side to create NTLM Challenge Packet
$nonce = compute_nonce();
DESCRIPTION
The NTLM (Windows NT LAN Manager) authentication scheme is the
authentication algorithm used by Microsoft.
NTLM authentication scheme is used in DCOM and HTTP environment. It is
used to authenticate DCE RPC packets in DCOM. It is also used to
authenticate HTTP packets to MS Web Proxy or MS Web Server.
Currently, it is the authentication scheme Internet Explorer chooses to
authenticate itself to proxies/web servers that supports NTLM.
As of this version, NTLM module only provides the client side functions
to calculate NT response and LM response. The next revision will provide
the server side functions that computes the nonce and verify the NTLM
responses.
This module was written without the knowledge of Mark Bush's (MARKBUSH)
NTLM implementation. It was used by Yee Man Chan to implement a Perl
DCOM client.
DEPENDENCIES
To use this module, please install the one of the following two sets of
DES and MD4 modules:
1) Crypt::DES module by Dave Paris (DPARIS) and Digest::MD4 module by
Mike McCauley (MIKEM) first. These two modules are implemented in C.
2) Crypt::DES_PP module by Guido Flohr (GUIDO) and Digest::Perl::MD4
module by Ted Anderson (OTAKA). These two modules are implemented in
Perl.
The first set of modules will be preferred by NTLM because they are
supposedly faster.
TO-DO
1) A function to compose NTLM challenge packet for DCE RPC.
2) A function to parse NTLM negotiation packet for DCE RPC.
3) A function to parse NTLM challenge packet for DCE RPC.
4) A function to parse NTLM response packet for DCE RPC.
5) A function to compute session key for DCE RPC.
6) Implement the module in C.
BUGS
Nothing known. For security reasons, I decided to deprecate the nt_resp
and lm_resp functions. From now on, you have to call the corresponding
hash functions (either nt_hash or lm_hash) and supply the password hash
to calc_resp to get the respective NTLM response. It is recommended that
after you obtained the NT and LM hashes of your password, you zero it
out with s/./chr(0)/ge; This is to reduce the time that allows people to
look at the password by doing a memory dump.
AUTHOR
This implementation was written by Yee Man Chan (
[email protected]).
Copyright (c) 2002 Yee Man Chan. All rights reserved. This program is
free software; you can redistribute it and/or modify it under the same
terms as Perl itself.
SEE ALSO
Digest::MD4(3), Crypt::DES(3), perl(1), m4(1).
