DEVHIDE
Login Or Sign up

Understanding the NegotiateFlags parameter of NTLM messages

1.5k Views Asked by At

I'm struggling to understand how to properly read and construct my NegotiateFlags parameter on the NTLM messages. On the official protocol specification I simply cannot understand that table. I think it represents a 32-bits since the NegotiateFlags is 4 bytes, but what means these letters? How to set that?

Searching on Google I found another example, that makes a lot more sense to me:

0x00000001  Negotiate Unicode
0x00000002  Negotiate OEM
0x00000004  Request Target
0x00000008  unknown
0x00000010  Negotiate Sign
0x00000020  Negotiate Seal
0x00000040  Negotiate Datagram Style
0x00000080  Negotiate Lan Manager Key
0x00000100  Negotiate Netware
0x00000200  Negotiate NTLM
0x00000400  unknown
0x00000800  Negotiate Anonymous
0x00001000  Negotiate Domain Supplied
0x00002000  Negotiate Workstation Supplied
0x00004000  Negotiate Local Call *//Sent by the server*
0x00008000  Negotiate Always Sign
0x00010000  Target Type Domain *//Sent by the server in the Type 2 message*
0x00020000  Target Type Server *//Sent by the server in the Type 2 message*
0x00040000  Target Type Share *//Sent by the server in the Type 2 message*
0x00080000  Negotiate NTLM2 Key
0x00100000  Request Init Response
0x00200000  Request Accept Response
0x00400000  Request Non-NT Session Key
0x00800000  Negotiate Target Info
0x01000000  unknown
0x02000000  unknown
0x04000000  unknown
0x08000000  unknown
0x10000000  unknown
0x20000000  Negotiate 128
0x40000000  Negotiate Key Exchange
0x80000000  Negotiate 56

But looking on FreeRDP example the NegotiateFlags are:

b7 82 08 e2

Reading in little endian I have:

e2 08 = 57864

82 b7 = 33463

Sum of values = 91327

I cannot get the sum of this value with the example table I show above... How I should calculate this? (I accept explanations that lead me to understand the official table from Microsoft, of course)

ntlm sspi credssp ntlm-authentication
Original Q&A
1

There are 1 best solutions below

3
markgamache On

Your endian conversion is wrong.

it should be E20882B7

0x is that standard notation for hex.

first digit is , so 0x00000001 Negotiate Unicode + 0x00000002 Negotiate OEM + 0x00000004 Request Target

second digit is B, so 0x00000010 Negotiate Sign + 0x00000020 Negotiate Seal + 0x00000080 Negotiate Lan Manager Key

and so on.

Related Questions in NTLM

Related Questions in SSPI

Related Questions in CREDSSP

Related Questions in NTLM-AUTHENTICATION

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.