Example #1
0
func main() {
	var ntlmVersion = flag.Int("ntlm", 2, "NTLM version to try: 1 or 2")
	flag.Parse()
	var data string
	fmt.Println("Paste the base64 encoded Authenticate message (with no line breaks):")
	fmt.Scanf("%s", &data)
	authenticateData, _ := base64.StdEncoding.DecodeString(data)
	a, _ := messages.ParseAuthenticateMessage(authenticateData, *ntlmVersion)
	fmt.Printf(a.String())
}
Example #2
0
func TestNTLMv2WithDomain(t *testing.T) {
	authenticateMessage := "TlRMTVNTUAADAAAAGAAYALYAAADSANIAzgAAADQANABIAAAAIAAgAHwAAAAaABoAnAAAABAAEACgAQAAVYKQQgUCzg4AAAAPYQByAHIAYQB5ADEAMgAuAG0AcwBnAHQAcwB0AC4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAHUAcwBlAHIAcwB0AHIAZQBzAHMAMQAwADAAMAAwADgATgBZAEMAVgBBADEAMgBTADIAQwBNAFMAQQBPYrLjU4h0YlWZeEoNvTJtBQMnnJuAeUwsP+vGmAHNRBpgZ+4ChQLqAQEAAAAAAACPFEIFjx7OAQUDJ5ybgHlMAAAAAAIADgBSAEUAVQBUAEUAUgBTAAEAHABVAEsAQgBQAC0AQwBCAFQAUgBNAEYARQAwADYABAAWAFIAZQB1AHQAZQByAHMALgBuAGUAdAADADQAdQBrAGIAcAAtAGMAYgB0AHIAbQBmAGUAMAA2AC4AUgBlAHUAdABlAHIAcwAuAG4AZQB0AAUAFgBSAGUAdQB0AGUAcgBzAC4AbgBlAHQAAAAAAAAAAAANuvnqD3K88ZpjkLleL0NW"

	server := new(V2ServerSession)
	server.SetUserInfo("blahblah", "Welcome1", "blahblah")

	authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
	a, _ := messages.ParseAuthenticateMessage(authenticateData, 2)

	serverChallenge, _ := hex.DecodeString("3d74b2d04ebe1eb3")
	server.SetServerChallenge(serverChallenge)

	err := server.ProcessAuthenticateMessage(a)
	if err != nil {
		t.Error("Could not process authenticate message: %s\n", err)
	}
}
Example #3
0
func TestNtlmV1(t *testing.T) {
	flags := uint32(0)
	flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
	flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
	flags = messages.NTLM_NEGOTIATE_OEM.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)

	n := new(V1ClientSession)
	n.SetUserInfo("User", "Password", "Domain")
	n.NegotiateFlags = flags
	n.responseKeyNT, _ = hex.DecodeString("a4f49c406510bdcab6824ee7c30fd852")
	n.responseKeyLM, _ = hex.DecodeString("e52cac67419a9a224a3b108f3fa6cb6d")
	n.clientChallenge, _ = hex.DecodeString("aaaaaaaaaaaaaaaa")
	n.serverChallenge, _ = hex.DecodeString("0123456789abcdef")

	var err error
	// 4.2.2.1.3 Session Base Key and Key Exchange Key
	err = n.computeSessionBaseKey()
	checkV1Value(t, "sessionBaseKey", n.sessionBaseKey, "d87262b0cde4b1cb7499becccdf10784", err)
	err = n.computeKeyExchangeKey()
	checkV1Value(t, "keyExchangeKey", n.keyExchangeKey, "d87262b0cde4b1cb7499becccdf10784", err)

	// 4.2.2.2.1 NTLMv1 Response
	// NTChallengeResponse with With NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY not set
	err = n.computeExpectedResponses()
	checkV1Value(t, "NTChallengeResponse", n.ntChallengeResponse, "67c43011f30298a2ad35ece64f16331c44bdbed927841f94", err)
	// 4.2.2.2.2 LMv1 Response
	// The LmChallengeResponse is specified in section 3.3.1. With the NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag
	// not set and with the NoLMResponseNTLMv1 flag not set
	checkV1Value(t, "LMChallengeResponse", n.lmChallengeResponse, "98def7b87f88aa5dafe2df779688a172def11c7d5ccdef13", err)

	// If the NTLMSSP_NEGOTIATE_LM_KEY flag is set then the KeyExchangeKey is:
	n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
	err = n.computeKeyExchangeKey()
	checkV1Value(t, "keyExchangeKey with NTLMSSP_NEGOTIATE_LM_KEY", n.keyExchangeKey, "b09e379f7fbecb1eaf0afdcb0383c8a0", err)
	n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)

	// 4.2.2.2.3 Encrypted Session Key
	//n.randomSessionKey, _ = hex.DecodeString("55555555555555555555555555555555")

	// RC4 decryption of the EncryptedRandomSessionKey with the KeyExchange key
	//err = n.computeKeyExchangeKey()
	//n.encryptedRandomSessionKey, err = hex.DecodeString("518822b1b3f350c8958682ecbb3e3cb7")
	//err = n.computeExportedSessionKey()
	//checkV1Value(t, "ExportedSessionKey", n.exportedSessionKey, "55555555555555555555555555555555", err)

	// NTLMSSP_REQUEST_NON_NT_SESSION_KEY is set:
	n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Set(n.NegotiateFlags)
	err = n.computeKeyExchangeKey()
	//	n.encryptedRandomSessionKey, err = hex.DecodeString("7452ca55c225a1ca04b48fae32cf56fc")
	//	err = n.computeExportedSessionKey()
	//	checkV1Value(t, "ExportedSessionKey - NTLMSSP_REQUEST_NON_NT_SESSION_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err)
	n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Unset(n.NegotiateFlags)

	// NTLMSSP_NEGOTIATE_LM_KEY is set:
	n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
	err = n.computeKeyExchangeKey()
	//	n.encryptedRandomSessionKey, err = hex.DecodeString("4cd7bb57d697ef9b549f02b8f9b37864")
	//	err = n.computeExportedSessionKey()
	//	checkV1Value(t, "ExportedSessionKey - NTLMSSP_NEGOTIATE_LM_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err)
	n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)

	// 4.2.2.3 Messages
	challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200")
	challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes)
	if err == nil {
		challengeMessage.String()
	} else {
		t.Errorf("Could not parse challenge message: %s", err)
	}

	client := new(V1ClientSession)
	client.SetUserInfo("User", "Password", "Domain")
	err = client.ProcessChallengeMessage(challengeMessage)
	if err != nil {
		t.Errorf("Could not process challenge message: %s", err)
	}

	server := new(V1ServerSession)
	server.SetUserInfo("User", "Password", "Domain")
	authenticateMessageBytes, err := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000100010009c000000358280e20501280a0000000f44006f006d00610069006e00550073006500720043004f004d005000550054004500520098def7b87f88aa5dafe2df779688a172def11c7d5ccdef1367c43011f30298a2ad35ece64f16331c44bdbed927841f94518822b1b3f350c8958682ecbb3e3cb7")
	authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1)
	if err == nil {
		authenticateMessage.String()
	} else {
		t.Errorf("Could not parse authenticate message: %s", err)
	}

	server = new(V1ServerSession)
	server.SetUserInfo("User", "Password", "Domain")
	server.serverChallenge = challengeMessage.ServerChallenge

	err = server.ProcessAuthenticateMessage(authenticateMessage)
	if err != nil {
		t.Errorf("Could not process authenticate message: %s", err)
	}
}
Example #4
0
func TestNTLMv1WithClientChallenge(t *testing.T) {
	flags := uint32(0)
	flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
	flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
	flags = messages.NTLM_NEGOTIATE_OEM.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)

	n := new(V1Session)
	n.NegotiateFlags = flags
	n.responseKeyNT, _ = hex.DecodeString("a4f49c406510bdcab6824ee7c30fd852")
	n.responseKeyLM, _ = hex.DecodeString("e52cac67419a9a224a3b108f3fa6cb6d")
	n.clientChallenge, _ = hex.DecodeString("aaaaaaaaaaaaaaaa")
	n.serverChallenge, _ = hex.DecodeString("0123456789abcdef")

	var err error
	// 4.2.2.1.3 Session Base Key and Key Exchange Key
	err = n.computeExpectedResponses()
	err = n.computeSessionBaseKey()
	checkV1Value(t, "sessionBaseKey", n.sessionBaseKey, "d87262b0cde4b1cb7499becccdf10784", err)
	checkV1Value(t, "LMv1Response", n.lmChallengeResponse, "aaaaaaaaaaaaaaaa00000000000000000000000000000000", err)
	checkV1Value(t, "NTLMv1Response", n.ntChallengeResponse, "7537f803ae367128ca458204bde7caf81e97ed2683267232", err)
	err = n.computeKeyExchangeKey()
	checkV1Value(t, "keyExchangeKey", n.keyExchangeKey, "eb93429a8bd952f8b89c55b87f475edc", err)

	challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200")
	challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes)
	if err == nil {
		challengeMessage.String()
	} else {
		t.Errorf("Could not parse challenge message: %s", err)
	}

	client := new(V1ClientSession)
	client.SetUserInfo("User", "Password", "Domain")
	err = client.ProcessChallengeMessage(challengeMessage)
	if err != nil {
		t.Errorf("Could not process challenge message: %s", err)
	}

	server := new(V1ServerSession)
	server.SetUserInfo("User", "Password", "Domain")
	server.serverChallenge = challengeMessage.ServerChallenge

	authenticateMessageBytes, _ := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000000000009c000000358208820501280a0000000f44006f006d00610069006e00550073006500720043004f004d0050005500540045005200aaaaaaaaaaaaaaaa000000000000000000000000000000007537f803ae367128ca458204bde7caf81e97ed2683267232")
	authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1)
	if err == nil {
		authenticateMessage.String()
	} else {
		t.Errorf("Could not parse authenticate message: %s", err)
	}

	err = server.ProcessAuthenticateMessage(authenticateMessage)
	if err != nil {
		t.Errorf("Could not process authenticate message: %s", err)
	}

	checkV1Value(t, "SealKey", server.ClientSealingKey, "04dd7f014d8504d265a25cc86a3a7c06", nil)
	checkV1Value(t, "SignKey", server.ClientSigningKey, "60e799be5c72fc92922ae8ebe961fb8d", nil)
}
Example #5
0
func TestNTLMv2(t *testing.T) {
	flags := uint32(0)
	flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
	flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
	flags = messages.NTLM_NEGOTIATE_OEM.Set(flags)
	flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)

	//	n := new(V2Session)
	//	n.SetUserInfo("User","Password","Domain")
	//	n.NegotiateFlags = flags
	//	n.responseKeyNT, _ = hex.DecodeString("0c868a403bfd7a93a3001ef22ef02e3f")
	//	n.responseKeyLM = n.responseKeyNT
	//	n.clientChallenge, _ = hex.DecodeString("aaaaaaaaaaaaaaaa")
	//	n.serverChallenge, _ = hex.DecodeString("0123456789abcdef")

	// Encrypted Random Session key
	//c5 da d2 54 4f c9 79 90 94 ce 1c e9 0b c9 d0 3e

	// Challenge message
	client := new(V2ClientSession)
	client.SetUserInfo("User", "Password", "Domain")

	challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033828ae20123456789abcdef00000000000000002400240044000000060070170000000f53006500720076006500720002000c0044006f006d00610069006e0001000c0053006500720076006500720000000000")
	challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes)
	if err == nil {
		challengeMessage.String()
	} else {
		t.Errorf("Could not parse challenge message: %s", err)
	}

	err = client.ProcessChallengeMessage(challengeMessage)
	if err != nil {
		t.Errorf("Could not process challenge message: %s", err)
	}

	server := new(V2ServerSession)
	server.SetUserInfo("User", "Password", "Domain")
	server.serverChallenge = challengeMessage.ServerChallenge

	// Authenticate message
	r := strings.NewReplacer("\n", "", "\t", "", " ", "")
	authenticateMessageBytes, _ := hex.DecodeString(r.Replace(`
		4e544c4d535350000300000018001800
		6c00000054005400840000000c000c00
		48000000080008005400000010001000
		5c00000010001000d8000000358288e2
		0501280a0000000f44006f006d006100
		69006e00550073006500720043004f00
		4d005000550054004500520086c35097
		ac9cec102554764a57cccc19aaaaaaaa
		aaaaaaaa68cd0ab851e51c96aabc927b
		ebef6a1c010100000000000000000000
		00000000aaaaaaaaaaaaaaaa00000000
		02000c0044006f006d00610069006e00
		01000c00530065007200760065007200
		0000000000000000c5dad2544fc97990
		94ce1ce90bc9d03e`))

	authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 2)
	if err == nil {
		authenticateMessage.String()
	} else {
		t.Errorf("Could not parse authenticate message: %s", err)
	}

	err = server.ProcessAuthenticateMessage(authenticateMessage)
	if err != nil {
		t.Errorf("Could not process authenticate message: %s", err)
	}

	checkV2Value(t, "SessionBaseKey", server.sessionBaseKey, "8de40ccadbc14a82f15cb0ad0de95ca3", nil)
	checkV2Value(t, "NTChallengeResponse", server.ntChallengeResponse[0:16], "68cd0ab851e51c96aabc927bebef6a1c", nil)
	checkV2Value(t, "LMChallengeResponse", server.lmChallengeResponse, "86c35097ac9cec102554764a57cccc19aaaaaaaaaaaaaaaa", nil)

	checkV2Value(t, "client seal key", server.ClientSealingKey, "59f600973cc4960a25480a7c196e4c58", nil)
	checkV2Value(t, "client signing key", server.ClientSigningKey, "4788dc861b4782f35d43fd98fe1a2d39", nil)

	// Have the server generate an initial challenge message
	challenge, err := server.GenerateChallengeMessage()
	challenge.String()

	// Have the client process this server challenge message
	client = new(V2ClientSession)
	client.SetUserInfo("User", "Password", "Domain")
	err = client.ProcessChallengeMessage(challenge)
	if err != nil {
		t.Errorf("Could not process server generated challenge message: %s", err)
	}
	// TODO: we should be able to use the ntlm library end to end to make sure
	// that Mac, VerifyMac

	// // the client should be able to verify the server's mac
	// sig := "<NTLM><foo><bar>"
	// mac, err := server.Mac([]byte(sig), 100)
	// if err != nil {
	// 	t.Errorf("Could not generate a mac for %s", sig)
	// }
	// matches, err := client.VerifyMac([]byte(sig), mac, 100)
	// if err != nil {
	// 	t.Errorf("Could not verify mac for %s (mac = %v)", sig, mac)
	// }
	// if !matches {
	// 	t.Errorf("Server's Mac couldn't be verified by client")
	// }

	// mac, err = client.Mac([]byte(sig), 100)
	// if err != nil {
	// 	t.Errorf("Could not generate a mac for %s", sig)
	// }
	// matches, err = server.VerifyMac([]byte(sig), mac, 100)
	// if err != nil {
	// 	t.Errorf("Could not verify mac for %s (mac = %v)", sig, mac)
	// }
	// if !matches {
	// 	t.Errorf("Client's Mac couldn't be verified by server")
	// }
}
Example #6
0
func main() {
	// ntlm v2
	//	challengeMessage := "TlRMTVNTUAACAAAAAAAAADgAAABVgphiPXSy0E6+HrMAAAAAAAAAAKIAogA4AAAABQEoCgAAAA8CAA4AUgBFAFUAVABFAFIAUwABABwAVQBLAEIAUAAtAEMAQgBUAFIATQBGAEUAMAA2AAQAFgBSAGUAdQB0AGUAcgBzAC4AbgBlAHQAAwA0AHUAawBiAHAALQBjAGIAdAByAG0AZgBlADAANgAuAFIAZQB1AHQAZQByAHMALgBuAGUAdAAFABYAUgBlAHUAdABlAHIAcwAuAG4AZQB0AAAAAAA="
	//	authenticateMessage := "TlRMTVNTUAADAAAAGAAYALYAAADSANIAzgAAADQANABIAAAAIAAgAHwAAAAaABoAnAAAABAAEACgAQAAVYKQQgUCzg4AAAAPYQByAHIAYQB5ADEAMgAuAG0AcwBnAHQAcwB0AC4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAHUAcwBlAHIAcwB0AHIAZQBzAHMAMQAwADAAMAAwADgATgBZAEMAVgBBADEAMgBTADIAQwBNAFMAQQBPYrLjU4h0YlWZeEoNvTJtBQMnnJuAeUwsP+vGmAHNRBpgZ+4ChQLqAQEAAAAAAACPFEIFjx7OAQUDJ5ybgHlMAAAAAAIADgBSAEUAVQBUAEUAUgBTAAEAHABVAEsAQgBQAC0AQwBCAFQAUgBNAEYARQAwADYABAAWAFIAZQB1AHQAZQByAHMALgBuAGUAdAADADQAdQBrAGIAcAAtAGMAYgB0AHIAbQBmAGUAMAA2AC4AUgBlAHUAdABlAHIAcwAuAG4AZQB0AAUAFgBSAGUAdQB0AGUAcgBzAC4AbgBlAHQAAAAAAAAAAAANuvnqD3K88ZpjkLleL0NW"

	//LCS v1
	//challengeMessage := "TlRMTVNTUAACAAAAAAAAADgAAADzgpjid08w9p89DLUAAAAAAAAAAPAA8AA4AAAABQLODgAAAA8CAA4AQQBSAFIAQQBZADEAMgABABYATgBZAEMAUwBNAFMARwA5ADkAMQAyAAQANABhAHIAcgBhAHkAMQAyAC4AbQBzAGcAdABzAHQALgByAGUAdQB0AGUAcgBzAC4AYwBvAG0AAwBMAE4AWQBDAFMATQBTAEcAOQA5ADEAMgAuAGEAcgByAGEAeQAxADIALgBtAHMAZwB0AHMAdAAuAHIAZQB1AHQAZQByAHMALgBjAG8AbQAFADQAYQByAHIAYQB5ADEAMgAuAG0AcwBnAHQAcwB0AC4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAAAAAAA="
	//authenticateMessage := "TlRMTVNTUAADAAAAGAAYAKwAAAAYABgAxAAAAAAAAABYAAAANgA2AFgAAAAeAB4AjgAAABAAEADcAAAAVYKQYgYBsR0AAAAPUJSCwwcYcGpE0Zp9GsD3RDAANQAwADAANAA1AC4AcgBtAHcAYQB0AGUAcwB0AEAAcgBlAHUAdABlAHIAcwAuAGMAbwBtAFcASQBOAC0AMABEAEQAQQBCAEsAQwAxAFUASQA4ALIsDLYZktr3YlJDLyVT6GHgwNA+DFdM87IsDLYZktr3YlJDLyVT6GHgwNA+DFdM851g+vaa4CHvomwyYmjbB1M="

	//US
	//challengeMessage := "TlRMTVNTUAACAAAAAAAAADgAAABVgphisF5WgZrWn4MAAAAAAAAAAKIAogA4AAAABQEoCgAAAA8CAA4AUgBFAFUAVABFAFIAUwABABwAVQBLAEIAUAAtAEMAQgBUAFIATQBGAEUAMAA2AAQAFgBSAGUAdQB0AGUAcgBzAC4AbgBlAHQAAwA0AHUAawBiAHAALQBjAGIAdAByAG0AZgBlADAANgAuAFIAZQB1AHQAZQByAHMALgBuAGUAdAAFABYAUgBlAHUAdABlAHIAcwAuAG4AZQB0AAAAAAA="
	//authenticateMessage := "TlRMTVNTUAADAAAAGAAYAKwAAAAYABgAxAAAAAAAAABYAAAANgA2AFgAAAAeAB4AjgAAABAAEADcAAAAVYKQYgYBsR0AAAAPJc+NGJ4qgACnkkGb9J8RezAANQAwADAANAA1AC4AcgBtAHcAYQB0AGUAcwB0AEAAcgBlAHUAdABlAHIAcwAuAGMAbwBtAFcASQBOAC0AMABEAEQAQQBCAEsAQwAxAFUASQA4AJLPhCq8UHZjb5sEjtoaJtWBY2ZwNZyujpLPhCq8UHZjb5sEjtoaJtWBY2ZwNZyujtW8TsZdZ6PMc1ipWbL7VgY="

	//US again
	challengeMessage := "TlRMTVNTUAACAAAAAAAAADgAAABVgphiMx43owKH33MAAAAAAAAAAKIAogA4AAAABQEoCgAAAA8CAA4AUgBFAFUAVABFAFIAUwABABwAVQBLAEIAUAAtAEMAQgBUAFIATQBGAEUAMAA2AAQAFgBSAGUAdQB0AGUAcgBzAC4AbgBlAHQAAwA0AHUAawBiAHAALQBjAGIAdAByAG0AZgBlADAANgAuAFIAZQB1AHQAZQByAHMALgBuAGUAdAAFABYAUgBlAHUAdABlAHIAcwAuAG4AZQB0AAAAAAA="
	authenticateMessage := "TlRMTVNTUAADAAAAGAAYAKwAAAAYABgAxAAAAAAAAABYAAAANgA2AFgAAAAeAB4AjgAAABAAEADcAAAAVYKQYgYBsR0AAAAPukU9WmBJLdSLU2NvXjNgUzAANQAwADAANAA1AC4AcgBtAHcAYQB0AGUAcwB0AEAAcgBlAHUAdABlAHIAcwAuAGMAbwBtAFcASQBOAC0AMABEAEQAQQBCAEsAQwAxAFUASQA4AOLIAEYvI6zgw2+MBf8xHSTZhIfVaKIIFuLIAEYvI6zgw2+MBf8xHSTZhIfVaKIIFroZDwl770tY/oFQk38nnuI="

	server, err := ntlm.CreateServerSession(ntlm.Version2, ntlm.ConnectionlessMode)
	server.SetUserInfo("*****@*****.**", "Welcome1", "")

	challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage)
	c, _ := messages.ParseChallengeMessage(challengeData)

	fmt.Println("----- Challenge Message ----- ")
	fmt.Println(c.String())
	fmt.Println("----- END Challenge Message ----- ")

	authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
	var context ntlm.ServerSession

	msg, err := messages.ParseAuthenticateMessage(authenticateData, 2)
	if err != nil {
		msg2, newErr := messages.ParseAuthenticateMessage(authenticateData, 1)
		if newErr != nil {
			fmt.Printf("Error ParseAuthenticateMessage , %s", err)
			return
		}

		// Message parsed correctly as NTLMv1 so assume the session is v1 and reset the server session
		newContext, err := ntlm.CreateServerSession(ntlm.Version1, ntlm.ConnectionlessMode)
		newContext.SetUserInfo(server.GetUserInfo())
		if err != nil {
			fmt.Println("Could not create NTLMv1 session")
			return
		}

		// Need the originally generated server challenge so we can process the response
		newContext.SetServerChallenge(c.ServerChallenge)
		//	err = server.ProcessAuthenticateMessage(msg)
		err = newContext.ProcessAuthenticateMessage(msg2)
		if err != nil {
			fmt.Printf("Could not process authenticate v1 message: %s\n", err)
			return
		}
		// Set the security context to now be NTLMv1
		context = newContext
		fmt.Println("----- Authenticate Message ----- ")
		fmt.Println(msg2.String())
		fmt.Println("----- END Authenticate Message ----- ")

	} else {
		context = server
		// Need the server challenge to be set
		server.SetServerChallenge(c.ServerChallenge)

		//	err = server.ProcessAuthenticateMessage(msg)
		err = context.ProcessAuthenticateMessage(msg)
		if err != nil {
			fmt.Printf("Could not process authenticate message: %s\n", err)
			return
		}
		fmt.Println("----- Authenticate Message ----- ")
		fmt.Println(msg.String())
		fmt.Println("----- END Authenticate Message ----- ")

	}

	fmt.Println("success")
}