Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong NTLMv2 hash when username contains non-ASCI characters #55

Closed
cdelafuente-r7 opened this issue Sep 22, 2022 · 0 comments · Fixed by #56
Closed

Wrong NTLMv2 hash when username contains non-ASCI characters #55

cdelafuente-r7 opened this issue Sep 22, 2022 · 0 comments · Fixed by #56

Comments

@cdelafuente-r7
Copy link
Contributor

Using usernames with non-ASCII characters breaks NTLMv2 authentication. The ntlmv2_hash method, which generates a NTLMv2 hash, transforms the unicode encoded username to uppercase. This encoding is previously done with EncodeUtil.encode_utf16le. Uppercase operation on such encoded username containing non-ASCII characters generates a wrong NTLMv2 and breaks authentication.

This can be replicated using the ruby_smb's authenticate.rb example script against a Windows system with such users:

> ruby examples/authenticate.rb 10.0.0.68 юзер 123456
SMB3 : (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.
Netbios Name: MYWYN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0311
OS Version: 10.0.14393
SMB2 : (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.
Netbios Name: MYWYN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0210
OS Version: 10.0.14393
SMB1 : (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.
Native OS: Windows Server 2016 Standard 14393
Native LAN Manager: Windows Server 2016 Standard 6.3
Netbios Name: MYWYN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: NT LM 0.12
OS Version: 10.0.14393
SMB2 : (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.
Netbios Name: MYWYN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0210
OS Version: 10.0.14393
SMB3 : (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.
Netbios Name: MYWYN2016
Netbios Domain: TESTLAB
FQDN of the computer: mywin2016.testlab.local
FQDN of the domain: testlab.local
FQDN of the forest: testlab.local
Dialect: 0x0311
OS Version: 10.0.14393

I've already fixed this and a PR will be submitted soon.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix NTLMv2 hash when username contains non-ASCII characters cdelafuente-r7/rubyntlm
1 participant
@cdelafuente-r7