I know, why? Well sometimes as an engineer you have to clean the toilet.

  • NT - (Windows) New Technology
  • LAN - Local Area Network
  • NTLM - is Windows authentication protocol running on an NT LAN.

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product

Purpose - to enable a user on a NT LAN to be authenticated and put into authorisation groups.

NTML credentials are obtained when a user logs in to a workstation on a network. These credentials consist of a domain name, username, and a one way hash of the users password.

The process is as follows:

  1. The user logs into the Windows workstation
  2. NTLM credentials obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user's password (the client creates a cryptographic hash of the password and discards the actual password)
  3. The client sends the user name to the server (in plaintext)
  4. The server generates a 16-byte random number, called a challenge or nonce, and sends it to the client
  5. The client encrypts this challenge with the hash of the user's password and returns the result to the server. This is called the response.
  6. The server sends the following three items to the domain controller:
    • User name
    • Challenge sent to the client
    • Response received from the client
  7. The domain controller uses the user name to retrieve the hash of the user's password from the Security Account Manager database. It uses this password hash to encrypt the challenge
  8. The domain controller compares the encrypted challenge it computed (in step 7) to the response computed by the client (in step 4). If they are identical, authentication is successful