[lm/ntlm/ntlmv2] - proxy http
- proxy http [lm/ntlm/ntlmv2] - Infrastructures serveurs - Systèmes & Réseaux Pro
Marsh Posté le 27-04-2007 à 10:18:56
Je précise au cas où les informations suivantes :
1/ capture sur le PC client
frame 1 : source XP - destination proxy
frame 2 : source proxy - destination XP
frame 3 : source XP - destination proxy
frame 4 : source proxy - destination XP
frame 5 : source XP - destination proxy
2/ capture sur le DC
frame 1 : source proxy - destination DC
frame 2 : source DC - destination PROXY
frame 3 : source proxy - destination DC
frame 4 : source DC - destination PROXY
Sujets relatifs:
- Boitier UTM et proxy
- Bloquer les messageries instantanées (HTTP/HTTPS) en entreprise
- Utilité d'un proxy sur les connexions https (port 443)
- ntlmaps + putty + squid = passer un proxy/firewall ISA ?
- Interdire la désactivation du proxy par GPO
Marsh Posté le 27-04-2007 à 10:14:50
Hello,
Dans un environnement AD j'ai le problème suivant :
- un client WinXP
- un AD 2000 mode mixte
- un proxy en coupure avec authentification sur l'AD
Le proxy est basé sur Apache et Samba pour l'authentification : la configuration est minimale dans les propriétés, les champs du fichier smb.conf sont volontairement restreints.
La GPO du domaine impose ceci : Send NTLMv2 response only\refuse LM
les ordinateurs et DC reçoivent tous cette même stratégie.
Pourtant, dans les captures faites j'ai ces informations :
1/ captures faites sur le PC client
frame 1
Hypertext Transfer Protocol
GET http://www.google.fr/ HTTP/1.0\r\n
Request Method: GET
Request URI: http://www.google.fr/
Request Version: HTTP/1.0
Accept: */*\r\n
Accept-Language: fr\r\n
Cookie: PREF=ID=4f2f24a992704cee:TM=1175527850:LM=1175527850:S=812IWxaYE95YFLBz\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n
Host: www.google.frrn
Proxy-Connection: Keep-Alive\r\n
\r\n
Request: True
frame 2
Hypertext Transfer Protocol
HTTP/1.1 407 Proxy Authentication Required\r\n
Request Version: HTTP/1.1
Response Code: 407
Date: Mon, 02 Apr 2007 16:54:24 GMT\r\n
Proxy-Authenticate: NTLM\r\n
Proxy-Authenticate: Basic realm="Proxy-Access"\r\n
Content-Length: 355\r\n
Keep-Alive: timeout=15, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=iso-8859-1\r\n
\r\n
Response: True
Line-based text data: text/html
<HTML><HEAD>
<TITLE>407 Proxy Authentication Required</TITLE> </HEAD><BODY><H1>Proxy Authentication Required</H1>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad>
frame 3
Hypertext Transfer Protocol
GET http://www.google.fr/ HTTP/1.0\r\n
Request Method: GET
Request URI: http://www.google.fr/
Request Version: HTTP/1.0
Accept: */*\r\n
Accept-Language: fr\r\n
Cookie: PREF=ID=4f2f24a992704cee:TM=1175527850:LM=1175527850:S=812IWxaYE95YFLBz\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n
Host: www.google.frrn
Proxy-Connection: Keep-Alive\r\n
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIogUABQAsAAAABAAEACgAAAAFASgKAAAAD1RPVE9FU1NBSQ==\r\n
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa208b207
1... .... .... .... .... .... .... .... = Negotiate 56: Set
.0.. .... .... .... .... .... .... .... = Negotiate Key Exchange: Not set
..1. .... .... .... .... .... .... .... = Negotiate 128: Set
...0 .... .... .... .... .... .... .... = Negotiate 0x10000000: Not set
.... 0... .... .... .... .... .... .... = Negotiate 0x08000000: Not set
.... .0.. .... .... .... .... .... .... = Negotiate 0x04000000: Not set
.... ..1. .... .... .... .... .... .... = Negotiate 0x02000000: Set
.... ...0 .... .... .... .... .... .... = Negotiate 0x01000000: Not set
.... .... 0... .... .... .... .... .... = Negotiate Target Info: Not set
.... .... .0.. .... .... .... .... .... = Negotiate 0x00400000: Not set
.... .... ..0. .... .... .... .... .... = Negotiate 0x00200000: Not set
.... .... ...0 .... .... .... .... .... = Negotiate 0x00100000: Not set
.... .... .... 1... .... .... .... .... = Negotiate NTLM2 key: Set
.... .... .... .0.. .... .... .... .... = Negotiate Challenge Non NT Session Key: Not set
.... .... .... ..0. .... .... .... .... = Negotiate Challenge Accept Response: Not set
.... .... .... ...0 .... .... .... .... = Negotiate Challenge Init Response: Not set
.... .... .... .... 1... .... .... .... = Negotiate Always Sign: Set
.... .... .... .... .0.. .... .... .... = Negotiate This is Local Call: Not set
.... .... .... .... ..1. .... .... .... = Negotiate Workstation Supplied: Set
.... .... .... .... ...1 .... .... .... = Negotiate Domain Supplied: Set
.... .... .... .... .... 0... .... .... = Negotiate 0x00000800: Not set
.... .... .... .... .... .0.. .... .... = Negotiate 0x00000400: Not set
.... .... .... .... .... ..1. .... .... = Negotiate NTLM key: Set
.... .... .... .... .... ...0 .... .... = Negotiate Netware: Not set
.... .... .... .... .... .... 0... .... = Negotiate Lan Manager Key: Not set
.... .... .... .... .... .... .0.. .... = Negotiate Datagram Style: Not set
.... .... .... .... .... .... ..0. .... = Negotiate Seal: Not set
.... .... .... .... .... .... ...0 .... = Negotiate Sign: Not set
.... .... .... .... .... .... .... 0... = Request 0x00000008: Not set
.... .... .... .... .... .... .... .1.. = Request Target: Set
.... .... .... .... .... .... .... ..1. = Negotiate OEM: Set
.... .... .... .... .... .... .... ...1 = Negotiate UNICODE: Set
Calling workstation domain: DOMAINE_AD
Length: 5
Maxlen: 5
Offset: 44
Calling workstation name: COMPTE_CLIENT_AD
Length: 4
Maxlen: 4
Offset: 40
\r\n
Request: True
frame 4
Hypertext Transfer Protocol
HTTP/1.1 407 Proxy Authentication Required\r\n
Request Version: HTTP/1.1
Response Code: 407
Date: Mon, 02 Apr 2007 16:54:24 GMT\r\n
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAN7Mlkqo9X1YAAAAAAAAAAA==\r\n
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: NULL
Flags: 0x00008201
0... .... .... .... .... .... .... .... = Negotiate 56: Not set
.0.. .... .... .... .... .... .... .... = Negotiate Key Exchange: Not set
..0. .... .... .... .... .... .... .... = Negotiate 128: Not set
...0 .... .... .... .... .... .... .... = Negotiate 0x10000000: Not set
.... 0... .... .... .... .... .... .... = Negotiate 0x08000000: Not set
.... .0.. .... .... .... .... .... .... = Negotiate 0x04000000: Not set
.... ..0. .... .... .... .... .... .... = Negotiate 0x02000000: Not set
.... ...0 .... .... .... .... .... .... = Negotiate 0x01000000: Not set
.... .... 0... .... .... .... .... .... = Negotiate Target Info: Not set
.... .... .0.. .... .... .... .... .... = Negotiate 0x00400000: Not set
.... .... ..0. .... .... .... .... .... = Negotiate 0x00200000: Not set
.... .... ...0 .... .... .... .... .... = Negotiate 0x00100000: Not set
.... .... .... 0... .... .... .... .... = Negotiate NTLM2 key: Not set
.... .... .... .0.. .... .... .... .... = Negotiate Challenge Non NT Session Key: Not set
.... .... .... ..0. .... .... .... .... = Negotiate Challenge Accept Response: Not set
.... .... .... ...0 .... .... .... .... = Negotiate Challenge Init Response: Not set
.... .... .... .... 1... .... .... .... = Negotiate Always Sign: Set
.... .... .... .... .0.. .... .... .... = Negotiate This is Local Call: Not set
.... .... .... .... ..0. .... .... .... = Negotiate Workstation Supplied: Not set
.... .... .... .... ...0 .... .... .... = Negotiate Domain Supplied: Not set
.... .... .... .... .... 0... .... .... = Negotiate 0x00000800: Not set
.... .... .... .... .... .0.. .... .... = Negotiate 0x00000400: Not set
.... .... .... .... .... ..1. .... .... = Negotiate NTLM key: Set
.... .... .... .... .... ...0 .... .... = Negotiate Netware: Not set
.... .... .... .... .... .... 0... .... = Negotiate Lan Manager Key: Not set
.... .... .... .... .... .... .0.. .... = Negotiate Datagram Style: Not set
.... .... .... .... .... .... ..0. .... = Negotiate Seal: Not set
.... .... .... .... .... .... ...0 .... = Negotiate Sign: Not set
.... .... .... .... .... .... .... 0... = Request 0x00000008: Not set
.... .... .... .... .... .... .... .0.. = Request Target: Not set
.... .... .... .... .... .... .... ..0. = Negotiate OEM: Not set
.... .... .... .... .... .... .... ...1 = Negotiate UNICODE: Set
NTLM Challenge: 37B32592AA3D5F56
Reserved: 0000000000000000
Content-Length: 355\r\n
Keep-Alive: timeout=15, max=99\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=iso-8859-1\r\n
\r\n
Response: True
Line-based text data: text/html
<HTML><HEAD>
<TITLE>407 Proxy Authentication Required</TITLE> </HEAD><BODY><H1>Proxy Authentication Required</H1>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad
frame 5
Hypertext Transfer Protocol
GET http://www.google.fr/ HTTP/1.0\r\n
Request Method: GET
Request URI: http://www.google.fr/
Request Version: HTTP/1.0
Accept: */*\r\n
Accept-Language: fr\r\n
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAGAAAAA4ADgAeAAAAAoACgBIAAAABgAGAFIAAAAIAAgAWAAAAAAAAACwAAAABYIAAgUBKAoAAAAPRQBTAFMAQQBJAGMAbgBpAFQATwBUAE8Axit47ls5gTH9FOOEwdRpscm0+GSfHWZKlwQVXV+91iF8f/kAf8eroQEBAAAAAAAAWrmPgUd1xwHJtPhknx1mS
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: C62B78EE5B398131FD14E384C1D469B1C9B4F8649F1D664A
Length: 24
Maxlen: 24
Offset: 96
NTLM Response: 9704155D5FBDD6217C7FF9007FC7ABA10101000000000000...
Length: 56
Maxlen: 56
Offset: 120
NTLMv2 Response: 9704155D5FBDD6217C7FF9007FC7ABA10101000000000000...
HMAC: 9704155D5FBDD6217C7FF9007FC7ABA1
Header: 0x00000101
Reserved: 0x00000000
Time: Apr 2, 2007 18:53:58.015625000
Client challenge: C9B4F8649F1D664A
Unknown: 0x00000000
Name: NetBIOS domain name, NULL
Name type: NetBIOS domain name (2)
Name len: 0
Name: End of list
Name type: End of list (0)
Name len: 0
Domain name: DOMAINE_AD
Length: 10
Maxlen: 10
Offset: 72
User name: COMPTE_UTILISATEUR
Length: 6
Maxlen: 6
Offset: 82
Host name: COMPTE_CLIENT_AD
Length: 8
Maxlen: 8
Offset: 88
Session Key: Empty
Flags: 0x02008205
0... .... .... .... .... .... .... .... = Negotiate 56: Not set
.0.. .... .... .... .... .... .... .... = Negotiate Key Exchange: Not set
..0. .... .... .... .... .... .... .... = Negotiate 128: Not set
...0 .... .... .... .... .... .... .... = Negotiate 0x10000000: Not set
.... 0... .... .... .... .... .... .... = Negotiate 0x08000000: Not set
.... .0.. .... .... .... .... .... .... = Negotiate 0x04000000: Not set
.... ..1. .... .... .... .... .... .... = Negotiate 0x02000000: Set
.... ...0 .... .... .... .... .... .... = Negotiate 0x01000000: Not set
.... .... 0... .... .... .... .... .... = Negotiate Target Info: Not set
.... .... .0.. .... .... .... .... .... = Negotiate 0x00400000: Not set
.... .... ..0. .... .... .... .... .... = Negotiate 0x00200000: Not set
.... .... ...0 .... .... .... .... .... = Negotiate 0x00100000: Not set
.... .... .... 0... .... .... .... .... = Negotiate NTLM2 key: Not set
.... .... .... .0.. .... .... .... .... = Negotiate Challenge Non NT Session Key: Not set
.... .... .... ..0. .... .... .... .... = Negotiate Challenge Accept Response: Not set
.... .... .... ...0 .... .... .... .... = Negotiate Challenge Init Response: Not set
.... .... .... .... 1... .... .... .... = Negotiate Always Sign: Set
.... .... .... .... .0.. .... .... .... = Negotiate This is Local Call: Not set
.... .... .... .... ..0. .... .... .... = Negotiate Workstation Supplied: Not set
.... .... .... .... ...0 .... .... .... = Negotiate Domain Supplied: Not set
.... .... .... .... .... 0... .... .... = Negotiate 0x00000800: Not set
.... .... .... .... .... .0.. .... .... = Negotiate 0x00000400: Not set
.... .... .... .... .... ..1. .... .... = Negotiate NTLM key: Set
.... .... .... .... .... ...0 .... .... = Negotiate Netware: Not set
.... .... .... .... .... .... 0... .... = Negotiate Lan Manager Key: Not set
.... .... .... .... .... .... .0.. .... = Negotiate Datagram Style: Not set
.... .... .... .... .... .... ..0. .... = Negotiate Seal: Not set
.... .... .... .... .... .... ...0 .... = Negotiate Sign: Not set
.... .... .... .... .... .... .... 0... = Request 0x00000008: Not set
.... .... .... .... .... .... .... .1.. = Request Target: Set
.... .... .... .... .... .... .... ..0. = Negotiate OEM: Not set
.... .... .... .... .... .... .... ...1 = Negotiate UNICODE: Set
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n
Host: www.google.frrn
Proxy-Connection: Keep-Alive\r\n
Cookie: PREF=ID=4f2f24a992704cee:TM=1175527850:LM=1175527850:S=812IWxaYE95YFLBz\r\n
\r\n
Request: True.
2/ captures faites sur le DC
frame 1
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x08
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 30341
User ID: 2049
Multiplex ID: 72
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 306
Max Parameter Count: 0
Max Data Count: 4280
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 82
Data Count: 306
Data Offset: 82
Setup Count: 2
Reserved: 00
Byte Count (BCC): 321
Transaction Name: \PIPE\
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4000
DCE RPC
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 306
Auth Length: 0
Call ID: 113
Alloc hint: 290
Context ID: 0
Opnum: 2
Microsoft Network Logon, NetrLogonSamLogon
Operation: NetrLogonSamLogon (2)
Server Handle: \\CONTROLEUR_DOMAINE
Referent ID: 0x00000001
Max Count: 10
Offset: 0
Actual Count: 10
Handle: \\CONTROLEUR_DOMAINE
Computer Name: COMPTE_PROXY_AD
Referent ID: 0x00000001
Max Count: 8
Offset: 0
Actual Count: 8
Computer Name: COMPTE_PROXY_AD
AUTHENTICATOR: credential
Referent ID: 0x00000001
Credential: F28802B8A20FA7CB
Timestamp: Apr 26, 2007 18:02:27.000000000
AUTHENTICATOR: return_authenticator
Referent ID: 0x00000001
Credential: 0000000000000000
Timestamp: Jan 1, 1970 01:00:00.000000000
Level: 2
LEVEL: LogonLevel COMPTE_UTILISATEUR
Level: 2
NETWORK_INFO: COMPTE_UTILISATEUR
Referent ID: 0x00000001
IDENTITY_INFO: COMPTE_UTILISATEUR
Domain: DOMAINE_AD
Length: 10
Size: 10
Character Array: DOMAINE_AD
Referent ID: 0x00000001
Max Count: 5
Offset: 0
Actual Count: 5
Domain: DOMAINE_AD
Param Ctrl: 0x00000000
Logon ID: 209933706518189
Acct Name: COMPTE_UTILISATEUR
Length: 6
Size: 6
Character Array: COMPTE_UTILISATEUR
Referent ID: 0x00000001
Max Count: 3
Offset: 0
Actual Count: 3
Acct Name: COMPTE_UTILISATEUR
Wkst Name: \\COMPTE_PROXY_AD
Length: 18
Size: 18
Character Array: \\COMPTE_PROXY_AD
Referent ID: 0x00000001
Max Count: 9
Offset: 0
Actual Count: 9
Wkst Name: \\COMPTE_PROXY_AD
Challenge: E74D12FC42604957
NT Chal resp
Length: 24
Size: 24
Byte Array
Referent ID: 0x00000001
Max Count: 24
Offset: 0
Actual Count: 24
NT Chal resp: EFEC165A5B36C14389D8EFCB510915824CAA7DDCA481E12D
LM Chal resp
Length: 0
Size: 0
(NULL pointer) Byte Array
Validation Level: 3
frame 2
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 1
Time from request: 0.005523000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 30341
User ID: 2049
Multiplex ID: 72
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 56
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 56
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 57
Padding: 00
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4000
DCE RPC
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 56
Auth Length: 0
Call ID: 113
Alloc hint: 32
Context ID: 0
Cancel count: 0
Opnum: 2
Request in frame: 1
Time from request: 0.005523000 seconds
Microsoft Network Logon, NetrLogonSamLogon
Operation: NetrLogonSamLogon (2)
AUTHENTICATOR: return_authenticator
Referent ID: 0x0010e8b0
Credential: D5428CD1BAB10ECA
Timestamp: Jan 1, 1970 01:00:00.000000000
VALIDATION:
Validation Level: 3
(NULL pointer) VALIDATION_SAM_INFO2:
Authoritative: 1
Return code: STATUS_WRONG_PASSWORD (0xc000006a)
frame 3
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x08
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 30341
User ID: 2049
Multiplex ID: 73
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 306
Max Parameter Count: 0
Max Data Count: 4280
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 82
Data Count: 306
Data Offset: 82
Setup Count: 2
Reserved: 00
Byte Count (BCC): 321
Transaction Name: \PIPE\
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4000
DCE RPC
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 306
Auth Length: 0
Call ID: 114
Alloc hint: 290
Context ID: 0
Opnum: 2
Microsoft Network Logon, NetrLogonSamLogon
Operation: NetrLogonSamLogon (2)
Server Handle: \\CONTROLEUR_DOMAINE
Referent ID: 0x00000001
Max Count: 10
Offset: 0
Actual Count: 10
Handle: \\CONTROLEUR_DOMAINE
Computer Name: COMPTE_PROXY_AD
Referent ID: 0x00000001
Max Count: 8
Offset: 0
Actual Count: 8
Computer Name: COMPTE_PROXY_AD
AUTHENTICATOR: credential
Referent ID: 0x00000001
Credential: 9FE6E4F30A46DD2F
Timestamp: Apr 26, 2007 18:02:27.000000000
AUTHENTICATOR: return_authenticator
Referent ID: 0x00000001
Credential: 0000000000000000
Timestamp: Jan 1, 1970 01:00:00.000000000
Level: 2
LEVEL: LogonLevel COMPTE_UTILISATEUR
Level: 2
NETWORK_INFO: COMPTE_UTILISATEUR
Referent ID: 0x00000001
IDENTITY_INFO: COMPTE_UTILISATEUR
Domain: DOMAINE_AD
Length: 10
Size: 10
Character Array: DOMAINE_AD
Referent ID: 0x00000001
Max Count: 5
Offset: 0
Actual Count: 5
Domain: DOMAINE_AD
Param Ctrl: 0x00000000
Logon ID: 209933706518189
Acct Name: COMPTE_UTILISATEUR
Length: 6
Size: 6
Character Array: COMPTE_UTILISATEUR
Referent ID: 0x00000001
Max Count: 3
Offset: 0
Actual Count: 3
Acct Name: COMPTE_UTILISATEUR
Wkst Name: \\COMPTE_PROXY_AD
Length: 18
Size: 18
Character Array: \\COMPTE_PROXY_AD
Referent ID: 0x00000001
Max Count: 9
Offset: 0
Actual Count: 9
Wkst Name: \\COMPTE_PROXY_AD
Challenge: E74D12FC42604957
NT Chal resp
Length: 0
Size: 0
(NULL pointer) Byte Array
LM Chal resp: EFEC165A5B36C14389D8EFCB510915824CAA7DDCA481E12D
Length: 24
Size: 24
Byte Array: EFEC165A5B36C14389D8EFCB510915824CAA7DDCA481E12D
Referent ID: 0x00000001
Max Count: 24
Offset: 0
Actual Count: 24
LM Chal resp: EFEC165A5B36C14389D8EFCB510915824CAA7DDCA481E12D
Validation Level: 3
frame 4
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 3
Time from request: 0.001900000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 30341
User ID: 2049
Multiplex ID: 73
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 372
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 372
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 373
Padding: 00
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4000
DCE RPC
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 372
Auth Length: 0
Call ID: 114
Alloc hint: 348
Context ID: 0
Cancel count: 0
Opnum: 2
Request in frame: 3
Time from request: 0.001900000 seconds
Microsoft Network Logon, NetrLogonSamLogon
Operation: NetrLogonSamLogon (2)
AUTHENTICATOR: return_authenticator
Referent ID: 0x000fa8f0
Credential: BC5D1D9911C6E88E
Timestamp: Jan 1, 1970 01:00:00.000000000
VALIDATION:
Validation Level: 3
VALIDATION_SAM_INFO2:
Referent ID: 0x000f69a0
Logon Time: Apr 26, 2007 17:53:35.093750000
Logoff Time: Infinity (absolute time)
Kickoff Time: Infinity (absolute time)
PWD Last Set: Apr 26, 2007 17:26:34.562500000
PWD Can Change: Apr 26, 2007 17:26:34.562500000
PWD Must Change: Jul 25, 2007 17:26:34.562500000
Acct Name: COMPTE_UTILISATEUR
Length: 6
Size: 8
Character Array: COMPTE_UTILISATEUR
Referent ID: 0x000f6a8c
Max Count: 4
Offset: 0
Actual Count: 3
Acct Name: COMPTE_UTILISATEUR
Full Name
Length: 0
Size: 0
(NULL pointer) Character Array
Logon Script
Length: 0
Size: 0
(NULL pointer) Character Array
Profile Path
Length: 0
Size: 0
(NULL pointer) Character Array
Home Dir
Length: 0
Size: 0
(NULL pointer) Character Array
Dir Drive
Length: 0
Size: 0
(NULL pointer) Character Array
Logon Count: 63
Bad PW Count: 1
User RID: 1119
Group RID: 513
Num RIDs: 1
GROUP_MEMBERSHIP_ARRAY
Referent ID: 0x000f6a6c
Max Count: 1
GROUP_MEMBERSHIP:
Group RID: 513
Attributes: 0x00000007
.... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
User Flags: 0x00000120
.... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set
.... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET
User Session Key: 82EA59FAEC1598C1D14B07A60CE251AD
Server: CONTROLEUR_DOMAINE
Length: 14
Size: 16
Character Array: CONTROLEUR_DOMAINE
Referent ID: 0x000f6a94
Max Count: 8
Offset: 0
Actual Count: 7
Server: CONTROLEUR_DOMAINE
Domain: DOMAINE_AD
Length: 10
Size: 12
Character Array: DOMAINE_AD
Referent ID: 0x000f6aa4
Max Count: 6
Offset: 0
Actual Count: 5
Domain: DOMAINE_AD
SID pointer:
SID pointer
Referent ID: 0x000f6a74
Count: 4
Domain SID: S-1-5-21-2025429265-220523388-1417001333
Revision: 1
Num Auth: 4
Authority: 5
Sub-authorities: 21-2025429265-220523388-1417001333
Unknown long: 0xfa59ea82
Unknown long: 0xc19815ec
User Account Control: 0x00000010
.... .... .... ...0 .... .... .... .... = Dont Require PreAuth: This account REQUIRES preauthentication
.... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only
.... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated
.... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation
.... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate
.... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password
.... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked
.... .... .... .... .... ..0. .... .... = Dont Expire Password: This account might expire_passwords
.... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account
.... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account
.... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account
.... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account
.... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT
.... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account
.... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password
.... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory
.... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled
Unknown long: 0x00000000
Unknown long: 0x00000000
Unknown long: 0x00000000
Unknown long: 0x00000000
Unknown long: 0x00000000
Unknown long: 0x00000000
Unknown long: 0x00000000
Num Other Groups: 0
(NULL pointer) SID_AND_ATTRIBUTES_ARRAY:
Authoritative: 1
Return code: STATUS_SUCCESS (0x00000000)
Les informations suivantes sont :
COMPTE_UTILISATEUR = login du client XP
COMPTE_CLIENT_AD = compte machine client XP dans l'AD
COMPTE_PROXY_AD = compte machine du proxy dans l'AD
CONTROLEUR_DOMAINE = contrôleur utilisé dans l'établissement du lien avec l'AD sur le proxy
DOMAINE_AD = nom Netbios du domaine AD
Sauriez-vous m'indiquer les points suivants :
- version du protocole utilisé dans l'authentification du client XP sur le proxy : LM, NTLM, NTLMv2
- version du protocole utilisé dans l'authentification du client utilisateur par le DC via le proxy : LM, NTLM, NTLMv2
- pourquoi l'authentification du client via le proxy échoue toujours une première fois, puis est réussi en basculant sur un hash LM?
informations supplémentaires :
- le HASH LM n'est pas stocké sur le PC
- mots de passe > 14 caractères
- authentification transparente de l'utilisateur (pas de saisie de login/mdp)
Avez-vous des informations, recommandations ou autre me permettant de faire du NTLM minimum entre le client XP et le DC via le proxy?
Merci