Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

using wget against protected site with NTLM

Tags:

Trying to mirror a local intranet site and have found previous questions using 'wget'. It works great with sites that are anonymous, but I have not been able to use it against a site that is expecting username\password (IIS with Integrated Windows Authentication).

Here is what I pass in:

wget -c --http-user='domain\user' --http-password=pwd http://local/site -dv

Here is the debug output (note I replaced some with dummy values obviously):

Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.11.4 on Windows-MSVC.

--2009-07-14 09:39:04--  http://local/site
Host `local' has not issued a general basic challenge.
Resolving local... seconds 0.00, x.x.x.x
Caching local => x.x.x.x
Connecting to local|x.x.x.x|:80... seconds 0.00, connected.
Created socket 1896.
Releasing 0x003e32b0 (new refcount 1).

---request begin---
GET /site/ HTTP/1.0
User-Agent: Wget/1.11.4
Accept: */*
Host: local
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Tue, 14 Jul 2009 13:39:04 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html

---response end---
401 Access Denied
Closed fd 1896
Unknown authentication scheme.
Authorization failed.
like image 259
Joey V. Avatar asked Jul 14 '09 13:07

Joey V.

People also ask

Is NTLM over HTTP Secure?

NTLM over plain HTTP is insecure. Attackers that passively sniff traffic or who perform a man-in-the-middle attack can use various methods to steal or abuse credentials.

Is NTLM outdated?

NTLM is considered an outdated protocol. As such, its benefits — when compared to a more modern solution, such as Kerberos — are limited.

Should I use NTLM or Kerberos?

Kerberos provides several advantages over NTLM: - More secure: No password stored locally or sent over the net. - Best performance: improved performance over NTLM authentication. - Delegation support: Servers can impersonate clients and use the client's security context to access a resource.

Which is more secure Kerberos or NTLM and why?

Security. – While both the authentication protocols are secure, NTLM is not as secure as Kerberos because it requires a point-to-point connection between the Web browser and server in order to function properly. Kerberos is more secure because it never transmits passwords over the network in the clear.

2 Answers

NTLM authentication is broken in wget 1.11, use 1.10 instead.

like image 69
billg Avatar answered Sep 22 '22 14:09

billg

Curl is actually probably a better tool for fetching content from NTLM-authenticated web servers. You can get an equivalent function to your proposed wget command line by using:

curl --anyauth --user username:password http://someserver/site
like image 27
user3182674 Avatar answered Sep 22 '22 14:09

user3182674
Sign in to Comment

Related questions

Geolocation with IPv6?
Are there any IDA Pro alternatives? [closed]
How to change the theme of jQuery UI datepicker?
Why does Python keep a reference count on False and True?
Stop/Start service in code in Windows 7
Memcached, Locking and Race Conditions
Linux Kernel Modules: When to use try_module_get / module_put
Find first non-null values for multiple columns
How can I catch both single-click and double-click events on WPF FrameworkElement?
Does anyone actually use stream extraction operators?
Is there a standard date/time format that can be passed on a URL?
Actor model to replace the threading model?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!