This is an elaboration of How to fill proxy information in cntlm config file – Stack Overflow.
When digging around how to get authentication stuff going, I want as much information, so this was the command-line I used:
cntlm.exe -v -c cntlm.ini -I -M http://www.bbc.co.uk
The -v is important: it shows you why things fail, and where: It also shows you the NTLM headers sent back/forth over the wire.
These are the switches used:
- -v verbose
- -c configuration file
- -I interactive (prompt for password)
- -M magically detect the NTLM level used by the proxy
Since it is unsafe to store plain text passwords in configuration files, cntlm allows you to store the hashes.
Storing hashes not passwords locally is safer, but not much safer. See for instance Still Passing the Hash 15 Years Later: Guest Post: Let’s talk about Pass-the-Hash by Scriptjunkie the video How to own a Windows Domain or search for Mark Russinovich video windows hash ntlm hack.
Anyway: you can generate the password hashes using either Read the rest of this entry »