2.2.2.7 NTLM v2: NTLMv2_CLIENT_CHALLENGE

  • Article

The NTLMv2_CLIENT_CHALLENGE structure defines the client challenge in the AUTHENTICATE_MESSAGE. This structure is used only when NTLM v2 authentication is configured and is transported in the NTLMv2_RESPONSE (section 2.2.2.8) structure.<30>


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

RespType

HiRespType

Reserved1

Reserved2

TimeStamp

...

ChallengeFromClient

...

Reserved3

AvPairs (variable)

...

RespType (1 byte): An 8-bit unsigned char that contains the current version of the challenge response type. This field MUST be 0x01.

HiRespType (1 byte): An 8-bit unsigned char that contains the maximum supported version of the challenge response type. This field MUST be 0x01.

Reserved1 (2 bytes): A 16-bit unsigned integer that SHOULD be 0x0000 and MUST be ignored on receipt.

Reserved2 (4 bytes): A 32-bit unsigned integer that SHOULD be 0x00000000 and MUST be ignored on receipt.

TimeStamp (8 bytes): A 64-bit unsigned integer that contains the current system time, represented as the number of 100 nanosecond ticks elapsed since midnight of January 1, 1601 (UTC).

ChallengeFromClient (8 bytes): An 8-byte array of unsigned char that contains the client's ClientChallenge (as defined in section 3.3.2). See section 3.1.5.1.2 for details.

Reserved3 (4 bytes): A 32-bit unsigned integer that SHOULD be 0x00000000 and MUST be ignored on receipt.

AvPairs (variable): A byte array that contains a sequence of AV_PAIR structures (section 2.2.2.1). The sequence contains the server-naming context and is terminated by an AV_PAIR structure with an AvId field of MsvAvEOL.