The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,918 other followers

Archive for the ‘NTLM’ Category

How to fill proxy information in cntlm config file (via: Stack Overflow)

Posted by jpluimers on 2015/04/10

This is an elaboration of How to fill proxy information in cntlm config file – Stack Overflow.

When digging around how to get authentication stuff going, I want as much information, so this was the command-line I used:

cntlm.exe -v -c cntlm.ini -I -M http://www.bbc.co.uk

The -v is important: it shows you why things fail, and where: It also shows you the NTLM headers sent back/forth over the wire.

These are the switches used:

  • -v verbose
  • -c configuration file
  • -I interactive (prompt for password)
  • -M magically detect the NTLM level used by the proxy

Since it is unsafe to store plain text passwords in configuration files, cntlm allows you to store the hashes.

Storing hashes not passwords locally is safer, but not much safer. See for instance Still Passing the Hash 15 Years Later: Guest Post: Let’s talk about Pass-the-Hash by Scriptjunkie the video How to own a Windows Domain or search for Mark Russinovich video windows hash ntlm hack.

Anyway: you can generate the password hashes using either     Read the rest of this entry »

Posted in Development, DVCS - Distributed Version Control, Fiddler, git, HTTP, Internet protocol suite, Mercurial/Hg, NTLM, Power User, Software Development, Source Code Management, TCP, Web Development, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Vista | 1 Comment »

Web requests and NTLM authentication in .NET

Posted by jpluimers on 2014/08/27

Some links on NTLM authentication in .NET that I’m sure that I will going to need sooner or later:

–jeroen

Posted in NTLM, Power User, Windows | Tagged: , | Leave a Comment »

Tracing NTLM (via: 407 Authentication required – no challenge sent – Stack Overflow)

Posted by jpluimers on 2014/08/26

Might need this one day:

I wrote a utility to decode the NTLM blobs that were sent in the IE and HttpWebRequest sessions.When I look at the HttpWebRequest and IE, they both request 56bit and 128bit encryption from the server.

In both IE/HttpWebRequest, they are requesting both 64 & 128bit security. However, for windows 7, 128bit security for NTLM has been made the default, and without that, authentication will fail. As you can see from the server response, the server is only supporting 64bit encryption.

–jeroen

via: c# – 407 Authentication required – no challenge sent – Stack Overflow.

Posted in NTLM, Power User, Windows | Leave a Comment »

NTLM authentication: Connect to TFS 2013 Git Repository with LibGit2Sharp (via: Gáspár Nagy on software)

Posted by jpluimers on 2014/08/26

I’m fighting some NTLM issues with a proxy server and this might come in handy one day: Connect to TFS 2013 Git Repository with LibGit2Sharp « Gáspár Nagy on software.

https://github.com/gasparnagy/Sample_NtlmGitTest/

–jeroen

 

Posted in .NET, C#, Development, NTLM, Power User, Software Development, Windows | Leave a Comment »

Fiddler2 to the max: inserting proxy authentication to use DropBox (or other app) behind a corporate firewall

Posted by jpluimers on 2014/04/16


A while ago, I was working with a not so cooperative corporate firewall. All web browsers would work fine, but most other applications would not go through the proxy in a nice way.

For instance, DropBox would show the dreadfull “Connection Error” dialog shown on the right.

That dialog basically means “Dropbox has no clue what happens, try fiddling with your proxy or account settings, then press Reconnect Now” to retry.

Many other applications had issues (for instance Visual Studio connecting to Team Foundation System was very unreliable and the workarounds clumsy).

CNTLM: not the solution

I got inspired by the [WayBack] I code and code: Tutorial: How to use Dropbox behind a corporate proxy server using CNTLM, even though I was pretty sure the corporate firewall was not NTLM based.

And indeed, CNTLM -v -M http://google.com -c CNTLM.INI would give errors like this:

cntlm: Proxy returning invalid challenge!
headers_send: fd 4 warning -999 (connection closed)
Connection closed

HTTP Fiddler: looks promising

So I fired up my old buddy [WayBack] Fiddler 2 HTTP debugging proxy.

Further on, you will learn that Fiddler2 is much more, but right now it is enough to know that it basically sits as a local proxy between your applications and the outside world. Read the rest of this entry »

Posted in .NET, .NET 2.0, .NET 3.0, .NET 3.5, .NET 4.0, .NET 4.5, Cntlm, Development, DropBox, Fiddler, JavaScript/ECMAScript, NTLM, Power User, Scripting, SocialMedia, Software Development, Web Development, Windows, Windows 7, Windows 8, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, Windows-Http-Proxy | Leave a Comment »

 
%d bloggers like this: