NAME
htntlm - read/write NTLM message
SYNOPSIS
htntlm [OPTIONS]
DESCRIPTION
htntlm is used to read, generate and inspect NTLM messages.
OPTIONS
-v --version
Print version number and exit
-h --help
Display usage information (this message)
-r --read
read a NTLM base64 encoded message
-w --write
write a NTLM base64 encoded message
-i --info
print in a readable manner
-d --debug
print debug information
-t --type
NTLM message type 1, 2 or 3
-D --domain
Domain name
-W --workstation
Workstation name
-E --server
Workstation name
-O --os-version
OS Version major.minor.build
-T --target
Target name
-N --dns-domain
DNS domain name
-S --dns-server
DNS server name
-a --target-info
Target info as provided in NTLM type 2 message base64 encoded,
need for NTLMv2
-U --user
User name
-P --password
password
-C --challenge
Challenge in hex notation
-c --client-challengeClient challenge in hex notation, default is a
random
-X --context
Context in hex notation
-K --session-key
Session Key
-R --response
response type space separated: lm ntlm lm2 ntlm2 ntlm2-session
-u --unicode
transmit user, workstation, ... as unicode strings
-f --flags
Space separated NTLM flags neg-unicode:
Indicates that Unicode strings are supported for use in security
buffer data.
neg-oem:
Indicates that OEM strings are supported for use in security
buffer data.
req-target:
Requests that the server’s authentication realm be included in
the Type 2 message.
neg-sign:
Specifies that authenticated communication between the client
and server should carry a digital signature (message integrity).
neg-seal:
Specifies that authenticated communication between the client
and server should be encrypted (message confidentiality).
neg-datagram-style:
Indicates that datagram authentication is being used.
neg-lm-key:
Indicates that the Lan Manager Session Key should be used for
signing and sealing authenticated communications.
neg-netware:
This flag’s usage has not been identified.
neg-ntlm-key:
Indicates that NTLM authentication is being used.
neg-anonymous:
Sent by the client in the Type 3 message to indicate that an
anonymous context has been established. This also affects the
response fields.
neg-domain-supp:
Sent by the client in the Type 1 message to indicate that the
name of the domain in which the client workstation has
membership is included in the message. This is used by the
server to determine whether the client is eligible for local
authentication.
neg-workstation-supp:
Sent by the client in the Type 1 message to indicate that the
client workstation’s name is included in the message. This is
used by the server to determine whether the client is eligible
for local authentication.
neg-local-call:
Sent by the server to indicate that the server and client are on
the same machine. Implies that the client may use the
established local credentials for authentication instead of
calculating a response to the challenge.
neg-always_sign:
Indicates that authenticated communication between the client
and server should be signed with a "dummy" signature.
target-type-domain:
Sent by the server in the Type 2 message to indicate that the
target authentication realm is a domain.
target-type-server:
Sent by the server in the Type 2 message to indicate that the
target authentication realm is a server.
target-type-share:
Sent by the server in the Type 2 message to indicate that the
target authentication realm is a share. Presumably, this is for
share-level authentication. Usage is unclear.
neg-ntlm2-key:
Indicates that the NTLM2 signing and sealing scheme should be
used for protecting authenticated communications. Note that
this refers to a particular session security scheme, and is not
related to the use of NTLMv2 authentication. This flag can,
however, have an effect on the response calculations
req-init-res:
This flag’s usage has not been identified
req-accept-res:
This flag’s usage has not been identified
req-nonnt-session-key:
This flag’s usage has not been identified
neg-target-info:
Sent by the server in the Type 2 message to indicate that it is
including a Target Information block in the message. The Target
Information block is used in the calculation of the NTLMv2
response.
neg-128:
Indicates that 128-bit encryption is supported.
neg-key-exchange:
Indicates that the client will provide an encrypted master key
in the "Session Key" field of the Type 3 message.
neg-56:
Indicates that 56-bit encryption is supported.
AUTHOR
Written by Christian Liesch
COPYRIGHT
Copyright © 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.