Hello!
I'm a C#/.NET developer from Russia. My resume (russian only for now): resume.pdf
PLEASE NOTE THAT THIS FORK IS NOT MAINTAINED! For the maintained fork please refer to https://github.com/versat/cntlm. Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. More info on http://cntlm.sourceforge.net/ website. THIS VERSION SUPPORTS SSPI, WHICH ALLOWS USERS WITH SMARTCARD AUTHENTICATION TO USE IT ON WINDOWS BOXES!
License: GNU General Public License v2.0
Hello!
I'm a C#/.NET developer from Russia. My resume (russian only for now): resume.pdf
On newer Linux distributions, /var/run
links to /run
which is a tmpfs directory cleared on each restart. This means that the /var/run/cntlm
is deleted on reboot.
When the machine restarts, CNTLM first changes to the cntlm
user, and then tries to create the pid file in this directory. Since the directory no longer exists, and /run
is only writable by root, this fails.
The simplest solution would be for the daemon to write the pid-file as root, before changing to the non-privileged account.
A workaround is to modify /etc/sysconfig/cntlmd
to point PIDFILE
to a different location (e.g. PIDFILE="/tmp/cntlmd.pid"
).
I have tried installing MingW+Msys, but this is not sufficient.
Any other user has tried building cntlm on windows?
it seems cntlm use the window-server ntlm dns not the host that running cntlm app.
I run the cntlm in ubuntu server and change the /etc/hosts file to make some server get the right ip. but it seems failed.
Hello!
I'm working in the environment with smartcard logon and ntlmv2/Kerberos enforced. Cntlm with NTLMSSPI is not an option (probally need NTLMv2 SSPI which is not implemented at this moment) so I'm trying to "bypass" a corporate proxy with cntlm and NTLM hash of the password which I eventually know :)
I've noticed that cntlm -H results are different from the "standard" password hashes.
As far as I understand, NTLM hash is an MD4(unicode(Password)). For example, NTLM hash of "password" is 8846F7EAEE8FB117AD06BDD830B7586C. However, cntlm -H returns PassNT 77B9081511704EE852F94227CF48A793 for the same "password".
PassNTLMv2 value that is produced by cntlm -H is also different from "standard" HMACMD5(NTLMhash, uppercase username + domain).
I've found an appropriate portions of code in ntlm.c but unfortunately can not understand why hash functions are working this way.
char *ntlm_hash_nt_password(char *password) { char *u16, *keys; int len;
keys = new(21 + 1);
len = unicode(&u16, password);
md4_buffer(u16, len, keys);
memset(keys+16, 0, 5);
memset(u16, 0, len);
free(u16);
return keys;
}
char *ntlm2_hash_password(char *username, char *domain, char *password) { char *tmp, *buf, *passnt, *passnt2; int len;
passnt = ntlm_hash_nt_password(password);
buf = new(strlen(username)+strlen(domain) + 1);
strcat(buf, username);
strcat(buf, domain);
uppercase(buf);
len = unicode(&tmp, buf);
passnt2 = new(16 + 1);
hmac_md5(passnt, 16, tmp, len, passnt2);
free(passnt);
free(tmp);
free(buf);
return passnt2;
}`
The main question is:
Is it possible to implement "pass-the-hash"-like functionality in cntlm (calculate PassNTLMv2 from username, domain and NTLM password hash)?
I've been working on a patch to integrate cntlm with PAM. It uses shared memory for process communication and checks user's uid in /proc/net/tcp (and, eventually, /proc/net/tcp6) for authenticity (only works in Linux).
It's very simple: first user logs in, then my pam module generates all ntlm's hashes (using cntlm's functions) and saves it in the shared memory; second: cntlm is started (with a new flag: -Z) and looks for user's uid in /proc/net/tcp (through client tcp port), then copy it's credentials from shared memory and voila'!!!
Limitations: only works with Linux and cntlm runs in localhost (127.0.0.1).
PS1: I've already implemented this patch in a previous release (0.35), please check iu out in http://pamcntlm.sf.net
PS2: As far as I known, Firefox only works with a 'hack': is necessary set a Windows user-agent in cntlm.conf :(
Example:
Header User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
Tested using websense and Windows 2012 domain.
cntlm-0.92.3-pam_cntlm.patch.zip
Hello, could you please provide a pre-compiled release for this project? My team is very interested in this, however I can't seem to stand up an environment that can build this without errors. We are looking to deploy pre-configured packages to windows and mac computers.
Thank you in advance!
Hello!
I've configured yum on a CentOS 6.7 to use a CNTLM proxy but it fails. If I set Firefox to use that proxy it works but not yum. Here is the output when I do a yum update
.
******* Round 1 C: 5, S: 6 *******!
Reading headers...
HEAD: GET http://mirrorlist.centos.org/?release=6&arch=i386&repo=os&infra=stock HTTP/1.1
User-Agent => urlgrabber/3.9.1 yum/3.2.29
Host => mirrorlist.centos.org
Accept => */*
Proxy-Connection => Keep-Alive
NTLM Request:
Domain: XXXXXX
Hostname: vagrant
Flags: 0xA208B205
Sending auth request...
User-Agent => urlgrabber/3.9.1 yum/3.2.29
Host => mirrorlist.centos.org
Accept => */*
Proxy-Connection => Keep-Alive
Connection => Keep-Alive
Proxy-Authorization => NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Reading auth response...
HEAD: HTTP/1.1 401 Unauthorized
Cache-Control => no-cache
Pragma => no-cache
WWW-Authenticate => NTLM
Content-Type => text/html; charset=utf-8
Proxy-Connection => close
Set-Cookie => BCSI-CS-9999999999999999=2; Path=/
Connection => close
Content-Length => 4259
Got 4259 too many bytes.
Proxy signals it's closing the connection.
Proxy closed connection (i=1, closed=1, so_closed=1). Reconnecting...
Sending headers...
User-Agent => urlgrabber/3.9.1 yum/3.2.29
Host => mirrorlist.centos.org
Accept => */*
Proxy-Connection => Keep-Alive
Connection => Keep-Alive
No body.
******* Round 2 C: 5, S: 6 *******!
Reading headers...
HEAD: HTTP/1.1 401 Unauthorized
Cache-Control => no-cache
Pragma => no-cache
WWW-Authenticate => NEGOTIATE
WWW-Authenticate => NTLM
Content-Type => text/html; charset=utf-8
Proxy-Connection => close
Set-Cookie => BCSI-CS-9999999999999999=2; Path=/
Connection => close
Content-Length => 4259
Sending headers...
Body included. Lenght: 4259
data_send: read 2048 of 2048 / 2048 of 4259 (errno = ok)
data_send: fds 5:6 warning -999 (connection closed)
Could not send whole body
Thread finished.
Joining thread 3077966704; rc: 0
This is my cntlm.ini
Username xxxxxxxx
Domain xxxxxx
PassLM XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassNT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassNTLMv2 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Proxy myproxy.internal:80
NoProxy localhost, 127.0.0.*
Listen 127.0.0.1:3128
Gateway yes
This is what I put in my /etc/yum.cfg
.....
proxy=http://127.0.0.1:3128
And this is the output of yum update
yum update
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=i386&repo=os&infra=stock error was
14: PYCURL ERROR 22 - "The requested URL returned error: 401 Unauthorized"
Error: Cannot find a valid baseurl for repo: base
What am I doing wrong? Thank you!
Not able to add auth headers using CNTLM
in my configuration, the parent proxy is a http/https proxy, and I configured SOCKS5Proxy in the /etc/cntlm.conf. now I want to use this socks5 proxy for git client to clone codes from github.com, is this possible?
How can I build this under Windows 7?
Same as the Sourceforge, CNTLM project seems dead. Newer OS's are starting have an array of issues.
user_@DESKTOP-4K2H1C1 ~/cntlm
$ ./configure
./configure: line 12: $'\r': command not found
./configure: line 14: $'\r': command not found
./configure: line 18: syntax error near unexpected token$'do\r'' '/configure: line 18:
for c in $CCS; do
Any chance of adding support for NTLMv2 authentication over SSPI (smartcard, passwordless authentication)? Plain NTLM over SSPI doesn't work for me.
Ta,
Boris
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.