Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is CNTLM asking for password?

Tags:

proxy

ntlm

I have configured CNTLM Proxy Authorization on Windows with configuration file looking like,

Auth            NTLM
PassNT          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassLM          YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
PassNTLMv2      ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Proxy           proxy.xxxx.com:8080

Listen          3130

And I use localhost:3130 as proxy in LAN Settings, hit any URL on browser and it is asking for the password again!. If I enter the same password with which I generated the hash, it works. Simply the purpose of Cntlm is beaten. Has anybody faced this? How does this work? Is there any way to get around this problem?

like image 654
anoopelias Avatar asked Oct 16 '13 10:10

anoopelias


People also ask

How can I tell if cntlm is working?

Just go to that folder and open command prompt(keep pressing shift key and then right click gives you option to open command prompt at that folder.) and execute that exe(the one you see at start menu start cntlm server). Now you will see if service started successfully or not!

What is cntlm authentication proxy?

About Cntlm proxy Cntlm (user-friendly wiki / technical manual) is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. You can use a free OS and honor our noble idea, but you can't hide.

What is cntlm Mac?

Cntlm integrates TCP/IP port forwarding (HTTP tunneling), SOCKS5 proxy mode, standalone proxy allowing you to browse intranet as well as Internet and to access corporate web servers with NTLM protection.


1 Answers

<EDIT> If you are using Windows then I strongly recommend px over Cntlm since it doesn't need any handsake mechanism.

Notes on px:

It is primarily designed to run on Windows systems and authenticates on behalf of the application using the currently logged in Windows user account

</EDIT>

1) Install CNTLM to default directory (on Windows, C:\Program Files (x86)\cntlm\ ).

2) Run cmd.exe

3) Type : cd "C:\Program Files (x86)\cntlm\"

4) Type : cntlm.exe -H -d your_domain -u your_username

It will ask your password. Enter your password and cntlm will give you some hashes. Something like this:

c:\Program Files (x86)\Cntlm>cntlm -H -d your_domain -u your_username
Password:
PassLM          4E9C185900C7CF0B6FFCB2044F81920C
PassNT          6E9F120B83EEA0E875CE8E6F9730EC9A
PassNTLMv2      2A0B7C2457FB7DD8DA4EB737C4FA224F  

Now you have password hashed. Save them to a text editor.

5) Type : cntlm -M http://www.google.com

Again enter your password. It will give you something like this:

c:\Program Files (x86)\Cntlm>cntlm -M http://www.google.com
Password:
Config profile  1/4... Credentials rejected
Config profile  2/4... OK (HTTP code: 302)
----------------------------[ Profile  1 ]------
Auth            NTLM
PassNT          6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM          4E9C185900C7CF0B6FFCB2044F81920C
------------------------------------------------

Now you see that profile 2 is successful. Because it says OK for profile 2. It may be different on your system.

The trick is,

  • if the Auth is NT, then you must use only PassNT
  • if the Auth is LM, then you must use only PassLM
  • if the Auth is NTLM, then you must use both PassNT and PassLM
  • if the Auth is NTLMv2, then you must use only PassNTLMv2

Now we got all we want. For my configuration, Auth says NTLM so I will use both PassNT and PassLM in the cntlm.ini configuration file.

This is an example configuration file NTLM (not NTLMv2!):

#
# Cntlm Authentication Proxy Configuration File
#

Username yourusername
Domain yourdomain

Auth NTLM
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM 4E9C185900C7CF0B6FFCB2044F81920C

Workstation yourhostname.yourdomain

# Most probably proxy.yourdomain:8080
Proxy  yourProxyIP:yourProxyPort

NoProxy  localhost, 127.0.0.*, 10.*, 192.168.*

Listen  3132

Gateway yes
# end of config

6) To test your configuration, type: cntlm -c cntlm.ini -I -M http://www.google.com

7) To start cntlm, type: net start cntlm

Now you can use your computer's IP address and port 3132 as a proxy.


You can get the latest Cntlm binaries here: http://cntlm.sourceforge.net/

like image 125
Ramazan Polat Avatar answered Sep 20 '22 21:09

Ramazan Polat