📚
OSCP
  • Pentesting
  • Proving Grounds practice
    • Warm up
      • Windows
        • Kevin
        • Internal
        • Metallus
      • Linux
        • ClamAV
        • Exfiltrated
        • Twiggy
    • Get to work
      • Windows
        • Slort
        • Billyboss
        • Fish
        • UT99
        • AuthBy
        • Jacko
        • Shenzi
      • Linux
        • Dibble
        • Pelican
        • Sorcerer
        • Zino
        • Zenphoto
        • Snookums
        • Nibbles
        • Chatty
        • Banzai
    • Try harder
      • Windows
        • Meathead
      • Linux
        • Sirol
        • Peppo
        • Clyde
  • Buffer overflow
    • Buffer Overflow Methodology
    • TryHackMe Practice
      • Overflow1
      • Overflow2
      • Overflow3
      • Overflow4
      • Overflow5
      • Overflow6
      • Overflow7
      • Overflow8
      • Overflow9
      • Overflow10
  • Active Directory
    • AD Authentication
      • NTLM Authentication
      • Kerberos Authentication
    • TryHackMe Practice
      • Attacktive Directory
      • Roasted
      • RazorBlack
    • PG Practice
      • Hutch
      • Vault
      • Heist
Powered by GitBook
On this page

Was this helpful?

  1. Active Directory
  2. AD Authentication

NTLM Authentication

Brief summary of how NTLM Authentication works.

PreviousAD AuthenticationNextKerberos Authentication

Last updated 2 years ago

Was this helpful?

How does it work

NTLM authentication mainly works as a 3-way-handshake protocol.

There are 6 steps to NTLM authentication.

  1. The client will calculate an NTLM hash using the user's password.

  2. The client computer then sends the username to the server, which will then return a random value called nonce/challenge.

  3. The client will then encrypt the nonce using the NTLM hash. This is called the response, which will be sent to the server

  4. The server will forward the response (encrypted nonce), username, and unencrypted nonce to the Domain Controller

  5. The Domain Controller will encrypt the unencrypted nonce with the NTLM hash of the given username. Next, it will compare the encrypted nonce with the response it received from the server.

  6. If both are equal, the authentication request will be approved