从NTLM auth标头获取用户名? [英] get username from NTLM auth header?

查看:152
本文介绍了从NTLM auth标头获取用户名?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有没有办法通过嗅探NTLM标头来计算用户的名字?

Is there any way to work out what a user's name is just by sniffing the NTLM header?

我有一个应用程序访问NTLM auth'd站点,然后打开一个Auth提示,供用户输入用户名/密码进行身份验证。

I have an app, that accesses a NTLM auth'd site, and so an Auth prompt opens for the user to authenticate with the site by entering their username / password.

有没有办法,只需访问标题,找出输入的用户名是什么?

Is there any way, just with access to the headers, to find out what the entered username is?

是否可以?

谢谢,

Jonsie

推荐答案

当然,即使使用简单的JSP文件也可以做到这一点。 。(这只适用于NTLMv1,而不是v2,我还在寻找那个..)

sure, you can do this even with a simple JSP file... (this only works with NTLMv1, not v2, I'm still looking for that..)

所以JSP的代码是(我已经尝试过了Apache Tomcat 6)

So the code for the JSP is (I've tried it on Apache Tomcat 6)

<%@ page import="sun.misc.BASE64Encoder" %>
<%
String auth = request.getHeader("Authorization");
String s = "";

//no auth, request NTLM
if (auth == null) {
        response.setStatus(response.SC_UNAUTHORIZED);
        response.setHeader("WWW-Authenticate", "NTLM");
        return;
}
//check what client sent
if (auth.startsWith("NTLM ")) { 
        out.println(auth);

        byte[] msg = 
           new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
        int off = 0, length, offset;
        out.println("<br>"+msg);
        out.println("<br>"+msg[1]+" "+msg[2]+" "+msg[3]+" "+msg[4]+" "+msg[5]+" "+msg[6]+" "+msg[7]+" "+msg[8]+" "+msg[9]+" "+msg[10]+"<br>");

        if (msg[8] == 1) { 
            off = 18;

            byte z = 0;
            byte[] msg1 =
                {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',(byte)'S', (byte)'P', 
                z,(byte)2, z, z, z, z, z, z, z,
                (byte)40, z, z, z, (byte)1, (byte)130, z, z,
                z, (byte)2, (byte)2, (byte)2, z, z, z, z, // 
                z, z, z, z, z, z, z, z};
            // send ntlm type2 msg

            response.setStatus(response.SC_UNAUTHORIZED);
            response.setHeader("WWW-Authenticate", "NTLM " 
               + new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());

               return;
        } 
        else if (msg[8] == 3) { 
                off = 30;
                length = msg[off+17]*256 + msg[off+16];
                offset = msg[off+19]*256 + msg[off+8];
                s = new String(msg, offset, length);
                // print computer name // out.println(s + " ");
        } 
        else
        return;

        length = msg[off+1]*256 + msg[off];
        offset = msg[off+3]*256 + msg[off+2];
        s = new String(msg, offset, length);
        //domain//out.println(s + " ");
        length = msg[off+9]*256 + msg[off+8];
        offset = msg[off+11]*256 + msg[off+10];

        s = new String(msg, offset, length);
        out.println("Hello  <span style='position:relative; width:190;" 
            + " height:10;filter:glow(Color=#009966,Strength=1)'>");
        out.println(s + "</SPAN>");
}
%>

这篇关于从NTLM auth标头获取用户名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆