NTLMv2 JCIFS password hash

Asked Nov 23 '16 at 10:51

Active Nov 23 '16 at 10:51

Viewed 286 times

I'm trying to figure out if JCIFS and NTLMv2 browser logins will actually work.

No password is passed from browser to server, but there are password hashes.

When you ask Smb.login() to process it ends up at

public static byte[] nTOWFv2(String domain, String username, String password)

Which instantly tries to convert a null password to a byte array. Am I doing it wrong or does JCIFS just not understand NTLMv2 via a browser?

asked Nov 23 '16 at 10:51

magicaltrout

1

The JCIFS HttpFilter has been deprecated for many years because it cannot support NTLMv2 among other reasons. Jespa is the most popular solution. It is commercial but it is worth every penny when genuinely consider the time and effort saved by using a professional solution. – squarewav Jan 02 '17 at 19:15
Yeah thanks @squarewav I looked at Jespa which certainly fit the bill but in the end I ripped out the NTLM support from Liferay and repurposed it to fit my needs. – magicaltrout Jan 03 '17 at 19:47

0 Answers0