3

Is it possible to convert String into an NTLM hash? Are there libraries in Java that I can import, or is there a method I can use to get it?

Racing121
  • 235
  • 1
  • 15
  • I guess the whole thing is: what class does represent an NTML hash. What I mean is: you are probably talking about some specific implementation of that thing; coming from some specific library. Shouldn't you be looking into that very library to figure the ways how you can create "NTML hash" objects in that library?! – GhostCat Dec 29 '16 at 14:25
  • 2
    I have searched the web high and low, and I still don’t know what NTML is. Every search result I found is a misspelling of NTLM. Did you mean NTLM? – VGR Dec 29 '16 at 14:30
  • @VGR yes i ment NTLM sorry – Racing121 Dec 29 '16 at 14:32
  • 1
    http://security.stackexchange.com/questions/128685/help-converting-string-to-ntlm => https://myotherpcisacloud.com/post/getmd4hash – user1097772 Dec 29 '16 at 14:42
  • 1
    According to user1097772’s link (and [Wikipedia](https://en.wikipedia.org/wiki/NT_LAN_Manager)), the NTLM hash is an MD4 hash, which is not in Java’s [list of standard algorithms](http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#MessageDigest). You would have to implement the algorithm yourself. – VGR Dec 29 '16 at 14:55

2 Answers2

3

Type 3 NTLM response calculation implemented in Java is in the appendix D of The NTLM Authentication Protocol and Security Support Provider.

markgamache
  • 436
  • 2
  • 6
  • For anyone having trouble accessing the URL: it was fine half an hour ago. I suspect Stack Overflow has given it more traffic than it was prepared to handle. – VGR Dec 30 '16 at 18:07
3

I wrote this utility class:

import jcifs.smb.NtlmPasswordAuthentication;

/**
 * NTLM passwords encoding.
 * 
 * This implementation depends on the JCIFS library.
 */
public class NTLMPassword {

    private final static char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();

    private NTLMPassword() {
        // No need to instantiate this class
    }

    /**
     * Return NTLM hash for a given string.
     * 
     * See https://lists.samba.org/archive/jcifs/2015-February/010258.html
     * 
     * @param value
     *            the string to hash.
     * @return the NTLM hash for the given string.
     */
    public static String encode(String value) {
        String s = (value != null) ? value : "";
        byte[] hash = NtlmPasswordAuthentication.nTOWFv1(s);
        return bytesToHex(hash).toUpperCase();
    }

    /**
     * See https://stackoverflow.com/a/9855338/1314986
     */
    private static String bytesToHex(byte[] bytes) {
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = HEX_ARRAY[v >>> 4];
            hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
        }
        return new String(hexChars);
    }
}

This code uses the JCIFS library. If you use Maven, include the following dependency:

<dependency>
    <groupId>org.codelibs</groupId>
    <artifactId>jcifs</artifactId>
    <version>1.3.18.2</version>
</dependency>

You can validate this code with the following test:

@Test
public void testEncode() throws Exception {
    assertEquals("D36D0FC68CEDDAF7E180A6AE71096B35", NTLMPassword.encode("DummyPassword"));
}
aaguilera
  • 1,080
  • 10
  • 27