According to the Wikipedia article on NTLM here: https://en.wikipedia.org/wiki/NT_LAN_Manager
..under the NTLMv2 description it mentions that
NTLMv2 sends two responses to an 8-byte server challenge
So basically according to the article the NTLMv2 response becomes this:
SC = 8-byte server challenge, random
CC = 8-byte client challenge, random
CC* = (X, time, CC2, domain name)
v2-Hash = HMAC-MD5(NT-Hash, user name, domain name)
LMv2 = HMAC-MD5(v2-Hash, SC, CC)
NTv2 = HMAC-MD5(v2-Hash, SC, CC*)
response = LMv2 | CC | NTv2 | CC*
I am trying to understand the security challenges of NTLMv2 and how challenging it would an attacker that captures the above NTLMv2 response via sniffing the network, to brute-force it to get to the password.
Since the hash includes the random server challenge (SC), it already makes it difficult. But let's suppose, the attacker has been sniffing and had already captured the SC when the server sent it to the client.
Attacker should also be able to see the client challenge (CC & CC*) from response as
response = LMv2 | CC | NTv2 | CC*
right?.. so does this mean the attacker can have a fair go at brute-forcing the NTV2 or LMV2 hashes included in the response, given that the following information is with them now
- SC (Server Challenge)
- CC & CC*
- response
- user name, domain name (easily acquired by an attacker already in the network)
Is this the correct way to understand it?
Many thanks