The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,640 other followers

Archive for the ‘NTLM’ Category

Windows Flaw Reveals Microsoft Account Passwords, VPN Credentials

Posted by jpluimers on 2016/08/08

Attack from the ’90s resurfaces more deadly than before

Source: Windows Flaw Reveals Microsoft Account Passwords, VPN Credentials

TL;DR: block LAN->WAN port 445

Note this won’t affect web-dav shares like \live.sysinternals.com\DavWWWRoot as that uses ports 443 and 80.

–jeroen

via:

Posted in Communications Development, Development, https, Internet protocol suite, Microsoft Surface on Windows 7, NTLM, Power User, Security, SMB, TCP, WebDAV, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP | Leave a Comment »

Batch file that finds and starts Cntlm.exe in verbose mode.

Posted by jpluimers on 2015/04/13

As a follow up on the Cntlm configuration post last week, here is a small batch file that will find Cntlm.exe (on x86 and x64 systems) then start it in verbose mode.

–jeroen

Posted in Cntlm, Development, Fiddler, NTLM, Power User, Web Development, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, Windows-Http-Proxy | Leave a Comment »

How to fill proxy information in cntlm config file (via: Stack Overflow)

Posted by jpluimers on 2015/04/10

This is an elaboration of How to fill proxy information in cntlm config file – Stack Overflow.

When digging around how to get authentication stuff going, I want as much information, so this was the command-line I used:

cntlm.exe -v -c cntlm.ini -I -M http://www.bbc.co.uk

The -v is important: it shows you why things fail, and where: It also shows you the NTLM headers sent back/forth over the wire.

These are the switches used:

  • -v verbose
  • -c configuration file
  • -I interactive (prompt for password)
  • -M magically detect the NTLM level used by the proxy

Since it is unsafe to store plain text passwords in configuration files, cntlm allows you to store the hashes.

Storing hashes not passwords locally is safer, but not much safer. See for instance Still Passing the Hash 15 Years Later: Guest Post: Let’s talk about Pass-the-Hash by Scriptjunkie the video How to own a Windows Domain or search for Mark Russinovich video windows hash ntlm hack.

Anyway: you can generate the password hashes using either     Read the rest of this entry »

Posted in Development, DVCS - Distributed Version Control, Fiddler, git, HTTP, Internet protocol suite, Mercurial/Hg, NTLM, Power User, Software Development, Source Code Management, TCP, Web Development, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Vista | Leave a Comment »

Web requests and NTLM authentication in .NET

Posted by jpluimers on 2014/08/27

Some links on NTLM authentication in .NET that I’m sure that I will going to need sooner or later:

–jeroen

Posted in NTLM, Power User, Windows | Tagged: , | Leave a Comment »

Tracing NTLM (via: 407 Authentication required – no challenge sent – Stack Overflow)

Posted by jpluimers on 2014/08/26

Might need this one day:

I wrote a utility to decode the NTLM blobs that were sent in the IE and HttpWebRequest sessions.When I look at the HttpWebRequest and IE, they both request 56bit and 128bit encryption from the server.

In both IE/HttpWebRequest, they are requesting both 64 & 128bit security. However, for windows 7, 128bit security for NTLM has been made the default, and without that, authentication will fail. As you can see from the server response, the server is only supporting 64bit encryption.

–jeroen

via: c# – 407 Authentication required – no challenge sent – Stack Overflow.

Posted in NTLM, Power User, Windows | Leave a Comment »

 
%d bloggers like this: