Re: Native NTLM Authentication Support in http.lua

[Gyanendra Mishra <anomaly.the () gmail com>]

Hi list,

I committed this in rev 34829. Future updates will include auto
authentication which would automatically authenticate using registry and
command line data provided by the user.
This would affect all ~130 http scripts we have currently.

Gyani

On Sun, Jun 14, 2015 at 8:20 PM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:

> Hi list,
>
> I spent the quite some time implementing native NTLM Authentication
> Support in http.lua. It took me more time than expected but I learnt a lot
> in the process.
> The code attached supports NTLM authentication  and can be used as follows
> :
>
> local opts_table = {auth = {ntlm = true, username = username, password =
> password}, timeout = 10, header = {Accept = "*/*", ["Connection"] =
> "Keep-Alive"}}
> local response = http.generic_request( host, port, "GET", "/", opts_table)
>
> It takes care of  cases in which the server supports OEM/UNICOE and
> Extended Secuirty/ No Extended Security. The following is the summary of
> changes :
>
> http.lua[1] : Added ntlm authentication to generic_request(). Added checks
> to validate_options and made a few changes to build_request(). Also added a
> require statement for the bit library.
>
> smbauth.lua[2]: Added a function called ntlmv2_session_response() and a
> conditional in get_password_response() to support the same. This generates
> the response in case the server supports extended security.
>
> ntlm-test.nse[3]: A sample script to check the changes made in the above
> to libraries.
>
> I have documented the above changes as much as possible.
>
> Gyani
>
> [1]https://svn.nmap.org/nmap-exp/gyani/nselib/http.lua
> [2]https://svn.nmap.org/nmap-exp/gyani/nselib/smbauth.lua
> [3]https://svn.nmap.org/nmap-exp/gyani/scripts/ntlm-test.nse
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/