从NTLM auth标头获取用户名?
有没有办法通过嗅探NTLM标头来计算用户的名字?
Is there any way to work out what a user's name is just by sniffing the NTLM header?
我有一个应用程序访问NTLM auth'd站点,然后打开一个Auth提示,供用户输入用户名/密码进行身份验证。
I have an app, that accesses a NTLM auth'd site, and so an Auth prompt opens for the user to authenticate with the site by entering their username / password.
有没有办法,只需访问标题,找出输入的用户名是什么?
Is there any way, just with access to the headers, to find out what the entered username is?
是否可以?
谢谢,
Jonsie
当然,即使使用简单的JSP文件也可以做到这一点。 。(这只适用于NTLMv1,而不是v2,我还在寻找那个..)
sure, you can do this even with a simple JSP file... (this only works with NTLMv1, not v2, I'm still looking for that..)
所以JSP的代码是(我已经尝试过了Apache Tomcat 6)
So the code for the JSP is (I've tried it on Apache Tomcat 6)
<%@ page import="sun.misc.BASE64Encoder" %>
<%
String auth = request.getHeader("Authorization");
String s = "";
//no auth, request NTLM
if (auth == null) {
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
return;
}
//check what client sent
if (auth.startsWith("NTLM ")) {
out.println(auth);
byte[] msg =
new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
out.println("<br>"+msg);
out.println("<br>"+msg[1]+" "+msg[2]+" "+msg[3]+" "+msg[4]+" "+msg[5]+" "+msg[6]+" "+msg[7]+" "+msg[8]+" "+msg[9]+" "+msg[10]+"<br>");
if (msg[8] == 1) {
off = 18;
byte z = 0;
byte[] msg1 =
{(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',(byte)'S', (byte)'P',
z,(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, //
z, z, z, z, z, z, z, z};
// send ntlm type2 msg
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM "
+ new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
return;
}
else if (msg[8] == 3) {
off = 30;
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+8];
s = new String(msg, offset, length);
// print computer name // out.println(s + " ");
}
else
return;
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
s = new String(msg, offset, length);
//domain//out.println(s + " ");
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
s = new String(msg, offset, length);
out.println("Hello <span style='position:relative; width:190;"
+ " height:10;filter:glow(Color=#009966,Strength=1)'>");
out.println(s + "</SPAN>");
}
%>