从 NTLM 身份验证标头获取用户名? [英] get username from NTLM auth header?

问题描述

有没有什么方法可以通过嗅探 NTLM 标头来确定用户的名称?

Is there any way to work out what a user's name is just by sniffing the NTLM header?

我有一个应用程序，它访问一个 NTLM 身份验证的站点，因此会打开一个身份验证提示，让用户通过输入他们的用户名/密码来对该站点进行身份验证.

I have an app, that accesses a NTLM auth'd site, and so an Auth prompt opens for the user to authenticate with the site by entering their username / password.

有什么方法，只要访问标题，就可以找出输入的用户名是什么?

Is there any way, just with access to the headers, to find out what the entered username is?

有可能吗?

谢谢，

乔西

推荐答案

当然，即使使用简单的 JSP 文件也可以做到这一点...(这只适用于 NTLMv1，不适用于 v2，我仍在寻找它..)

sure, you can do this even with a simple JSP file... (this only works with NTLMv1, not v2, I'm still looking for that..)

所以 JSP 的代码是(我在 Apache Tomcat 6 上试过)

So the code for the JSP is (I've tried it on Apache Tomcat 6)

<%@ page import="sun.misc.BASE64Encoder" %>
<%
String auth = request.getHeader("Authorization");
String s = "";

//no auth, request NTLM
if (auth == null) {
        response.setStatus(response.SC_UNAUTHORIZED);
        response.setHeader("WWW-Authenticate", "NTLM");
        return;
}
//check what client sent
if (auth.startsWith("NTLM ")) { 
        out.println(auth);

        byte[] msg = 
           new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
        int off = 0, length, offset;
        out.println("<br>"+msg);
        out.println("<br>"+msg[1]+" "+msg[2]+" "+msg[3]+" "+msg[4]+" "+msg[5]+" "+msg[6]+" "+msg[7]+" "+msg[8]+" "+msg[9]+" "+msg[10]+"<br>");

        if (msg[8] == 1) { 
            off = 18;

            byte z = 0;
            byte[] msg1 =
                {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',(byte)'S', (byte)'P', 
                z,(byte)2, z, z, z, z, z, z, z,
                (byte)40, z, z, z, (byte)1, (byte)130, z, z,
                z, (byte)2, (byte)2, (byte)2, z, z, z, z, // 
                z, z, z, z, z, z, z, z};
            // send ntlm type2 msg

            response.setStatus(response.SC_UNAUTHORIZED);
            response.setHeader("WWW-Authenticate", "NTLM " 
               + new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());

               return;
        } 
        else if (msg[8] == 3) { 
                off = 30;
                length = msg[off+17]*256 + msg[off+16];
                offset = msg[off+19]*256 + msg[off+8];
                s = new String(msg, offset, length);
                // print computer name // out.println(s + " ");
        } 
        else
        return;

        length = msg[off+1]*256 + msg[off];
        offset = msg[off+3]*256 + msg[off+2];
        s = new String(msg, offset, length);
        //domain//out.println(s + " ");
        length = msg[off+9]*256 + msg[off+8];
        offset = msg[off+11]*256 + msg[off+10];

        s = new String(msg, offset, length);
        out.println("Hello  <span style='position:relative; width:190;" 
            + " height:10;filter:glow(Color=#009966,Strength=1)'>");
        out.println(s + "</SPAN>");
}
%>

这篇关于从 NTLM 身份验证标头获取用户名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！