1

I'm working on a small Clojure project where I need to be able to generate an NTLMv2 hash from a plain string. The value will be used to populate the sambaNTPassword field in an openLDAP instance. I expected this would involve calling on some Java libs to do the heavy lifting and started with this java example. However, the results are not looking right and I've seen some posts which indicate jcifs may not be a good solution for NTLMv2.

So I have two questions

  1. Does anyone know of a simple script I can use to generate NTLMv2 hashes which I could use as a check scripts i.e. compare to the output I'm getting from my solution.

  2. Any suggestions on other Java libraries which might be better for this task?

Tim X
  • 4,158
  • 1
  • 20
  • 26

1 Answers1

2

Actually found the answer to both my questions with a little more searching and a bit more debugging of my Clojure. Figured I'd post it here just in case it is useful to someone else.

Last part first - found a web based NTLMv2 hash generator, so was able to use it to verify my output. See Browserling NTLM Hash Generator.

Now, my solution. I ended up getting jcifs to work fine. After installing the jcifs.jar into my local maven repo (using lein-localrepo), it was extremely easy - really do think I prefer using Clojure even when most of the code is already in Java. I'm no clojure expert, but this should be reasonably clear (I hope)

(ns cifs-clj.core
  (:import [jcifs.util Hexdump MD4])
  (:gen-class))

(defn hash-nt-password [pwd]
  (let [pwd-bytes (.getBytes pwd "UnicodeLittleUnmarked")
        md4 (doto (MD4.)
              (.engineUpdate pwd-bytes 0 (alength pwd-bytes)))
        hash-bytes (.engineDigest md4)]
    (Hexdump/toHexString hash-bytes 0 (* 2 (alength hash-bytes)))))
Tim X
  • 4,158
  • 1
  • 20
  • 26