Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I tell what type of authentication a server is using?

Tags:

authentication

kerberos

ntlm

I have to access a web server at http://someserver and it requires some authentication. How can I tell if it is using NTLM, Kerberos or whatever it may be?

like image 696
Matt Avatar asked Jan 27 '10 23:01

Matt

People also ask

How do I know my authentication type?

Examine the PROOF and OUTPUT text to see what authentication type is being used. The word Basic in WWW-Authenticate shows the user must use the basic authentication method to access the protected resources. The realm can be set to any value that describes the secure area in particular resources.

What is my server authentication?

An authentication server is used to verify credentials when a person or another server needs to prove who they are to an application.

Which type of authentication is used?

Also known as knowledge-based authentication, password-based authentication relies on a username and password or PIN. The most common authentication method, anyone who has logged in to a computer knows how to use a password. Password-based authentication is the easiest authentication type for adversaries to abuse.

3 Answers

Another way to do this is to look at the first few bytes of the header.

If it starts with Negotiate TlR then you're doing SPNEGO over NTLM

If it starts with Negotiate YII then you're doing SPNEGO over Kerberos.

Grant

like image 80
Grant Cermak Avatar answered Oct 05 '22 06:10

Grant Cermak

Use a tool like Fiddler to look at the response headers. The server will send back some "WWW-Authenticate" headers that list the different security protocols that are supported.

like image 39
David Avatar answered Oct 05 '22 06:10

David

To extend Grant Cermak's answer:

WWW-Authenticate header is base64 encoded. When it starts with TlR, after decoding it, we see that it starts with NTLMSSP (http://msdn.microsoft.com/en-us/library/cc236641.aspx) so we know that it's NTLM.

When it starts with YII, after decoding we see that it starts with bytes 0x60, 0x82 (i.e. Application Constructed Object), then there are two bytes for length of whole token, and then there's: 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02 (i.e. a SPNEGO OID: 1.3.6.1.5.5.2). (http://msdn.microsoft.com/en-us/library/ms995330.aspx). We know that it's a SPNEGO token.

Depending on length of spnego token, WWW-Authenticate header may start from YA to YP.

Kamil & SPL

like image 26
greenmarker Avatar answered Oct 05 '22 05:10

greenmarker
Sign in to Comment

Related questions

How to get the role that a user logged in with in my controller using Spring Security
No AuthenticationProvider found on refresh token - Spring OAuth2 java config
Vuex persisted state doesn't remove state after closing tab
How can I override the django AuthenticationForm input css class?
How to Remember username or password for login form [duplicate]
Handling Game Center authentication
Spring Security for URL with permitAll() and expired Auth Token
X11 forwarding of a GUI app running in docker
Can I use kafka over Internet?
CakePHP: Clearing password field on failed submission
How does keytab work exactly?
Authentication Challenge Method Is Not Called When Using NSURLSession Custom Delegate
Flutter : How to keep user logged in and make logout
Find Out if ASP.NET Request Came From Local Machine
How to get a JWT?
How do you generate the signature for an Azure Blob storage SAS token in Python?
Separately validating username and password during Django authentication
Using Ruby and net-ssh, how do I authenticate using the key_data parameter with Net::SSH.start?
How to authenticate with service account and bigrquery package?
Android pass firebase auth object to another activity to sign out

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!