NTLM (New Technology LAN Manager) is a legacy authentication protocol which was the default authentication method in Windows 95, 98, NT 4.0. It was superseded by Kerberos in Windows 2000 but is still supported as a fallback as of today.

The main concepts of NTLM authentication are

• Instead of a client sending passwords to the in plaintext, the password is hashed before being sent. Hashing is done without salt.

• The client communicates with the service using the challenge-response model. The service then communicates with the domain controller which validates the response.

• NTLM uses cryptographic algorithms which are all considered vulnerable.

NTLM itself superseded the LM authentication protocol in 1993, mostly reusing the authentication mechanism while introducing the concept of the domain controller. In LM the password hashes had to be stored on every server which a user wanted to authenticate against. With usage of domain controllers, NTLM instead centralized the location of password hashes to a much smaller set of server which were trusted, the domain controllers.

NTLM exists in two versions, NTLMv1 and NTLMv2. The latter introduces some counter-measures to attacks which improves the security slightly while still being suceptable to other attacks.

Authentication flow

Based on blogpost from Croudstrike.

1. The user shares their username, password and domain name with the client.

2. The client develops a scrambled version of the password — or hash — and deletes the full password.

3. The client passes a plain text version of the username to the relevant server.

4. The server replies to the client with a challenge, which is a 16-byte random number.

5. In response, the client sends the challenge encrypted by the hash of the user’s password.

6. The server then sends the challenge, response and username to the domain controller (DC).

7. The DC retrieves the user’s password from the database and uses it to encrypt the challenge.

8. The DC then compares the encrypted challenge and client response. If these two pieces match, then the user is authenticated and access is granted.

NTLM Server Signing

NTLM cryptographic algorithms

The cryptographic algorithms used in NTLM depend on version

• NTLMv1 uses LM hash, an DES-based function

• NTLMv2 uses NT hash, a MD4-based function

NTLM has an extension called Extended Protection for Authentication (EPA), which makes NTLM relaying attacks harder to pull off.

• https://docs.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm

• https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/

• https://www.calcomsoftware.com/ntlmv1-or-ntlmv2-does-it-even-matter/

• http://etutorials.org/Server+Administration/securing+windows+server+2003/Chapter+7.+Authentication/7.1+LAN+Manager+and+NTLM/

• https://kb.iu.edu/d/atvo

• https://en.wikipedia.org/wiki/NT_LAN_Manager