The early SMB protocol transmits a password on the network. Later, "Lan Manager Challenge / Response" verification mechanism, referred to as LM, it is very simple to be very easy to crack, Microsoft then proposes a WindowsNT challenge / response verification mechanism, NTLM. Now there is an updated NTLMV2 and Kerberos authentication system. The NTLM workflow is like this:
1. The client first encrypts the current user's password into a password hashing.
2, the client sends its own account to the server, this account is encrypted, and the express delivery is directly transmitted.
3, the server generates a 16-bit random number to the client as a challenge (challenge)
4, the client uses the encrypted password to encrypt this Challenge and then returns this to the server. As a Response (response)
5, the server puts the username, give the client's Challenge, the three things returned by the client, the seminancy controller
6. The domain controller uses this username to find the user's password in the SAM password management library, and then use this password to haveh to encrypt Challenge.
7, the domain controller compares two encrypted Challenge, if the same is successful.