Why is CNTLM asking for password?

StackOverflow https://stackoverflow.com/questions/19401468

  •  30-06-2022
  •  | 
  •  

Domanda

I have configured CNTLM Proxy Authorization on Windows with configuration file looking like,

Auth            NTLM
PassNT          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassLM          YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
PassNTLMv2      ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Proxy           proxy.xxxx.com:8080

Listen          3130

And I use localhost:3130 as proxy in LAN Settings, hit any URL on browser and it is asking for the password again!. If I enter the same password with which I generated the hash, it works. Simply the purpose of Cntlm is beaten. Has anybody faced this? How does this work? Is there any way to get around this problem?

È stato utile?

Soluzione

<EDIT> If you are using Windows then I strongly recommend px over Cntlm since it doesn't need any handsake mechanism.

Notes on px:

It is primarily designed to run on Windows systems and authenticates on behalf of the application using the currently logged in Windows user account

</EDIT>

1) Install CNTLM to default directory (on Windows, C:\Program Files (x86)\cntlm\ ).

2) Run cmd.exe

3) Type : cd "C:\Program Files (x86)\cntlm\"

4) Type : cntlm.exe -H -d your_domain -u your_username

It will ask your password. Enter your password and cntlm will give you some hashes. Something like this:

c:\Program Files (x86)\Cntlm>cntlm -H -d your_domain -u your_username
Password:
PassLM          4E9C185900C7CF0B6FFCB2044F81920C
PassNT          6E9F120B83EEA0E875CE8E6F9730EC9A
PassNTLMv2      2A0B7C2457FB7DD8DA4EB737C4FA224F

Now you have password hashed. Save them to a text editor.

5) Type : cntlm -M http://www.google.com

Again enter your password. It will give you something like this:

c:\Program Files (x86)\Cntlm>cntlm -M http://www.google.com
Password:
Config profile  1/4... Credentials rejected
Config profile  2/4... OK (HTTP code: 302)
----------------------------[ Profile  1 ]------
Auth            NTLM
PassNT          6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM          4E9C185900C7CF0B6FFCB2044F81920C
------------------------------------------------

Now you see that profile 2 is successful. Because it says OK for profile 2. It may be different on your system.

The trick is,

  • if the Auth is NT, then you must use only PassNT
  • if the Auth is LM, then you must use only PassLM
  • if the Auth is NTLM, then you must use both PassNT and PassLM
  • if the Auth is NTLMv2, then you must use only PassNTLMv2

Now we got all we want. For my configuration, Auth says NTLM so I will use both PassNT and PassLM in the cntlm.ini configuration file.

This is an example configuration file NTLM (not NTLMv2!):

#
# Cntlm Authentication Proxy Configuration File
#

Username yourusername
Domain yourdomain

Auth NTLM
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM 4E9C185900C7CF0B6FFCB2044F81920C

Workstation yourhostname.yourdomain

# Most probably proxy.yourdomain:8080
Proxy  yourProxyIP:yourProxyPort

NoProxy  localhost, 127.0.0.*, 10.*, 192.168.*

Listen  3132

Gateway yes
# end of config

6) To test your configuration, type: cntlm -c cntlm.ini -I -M http://www.google.com

7) To start cntlm, type: net start cntlm

Now you can use your computer's IP address and port 3132 as a proxy.

You can get the latest Cntlm binaries here: http://cntlm.sourceforge.net/

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top