Nmap Development mailing list archives
Native NTLM Authentication Support in http.lua
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Sun, 14 Jun 2015 20:20:02 +0530
Hi list, I spent the quite some time implementing native NTLM Authentication Support in http.lua. It took me more time than expected but I learnt a lot in the process. The code attached supports NTLM authentication and can be used as follows : local opts_table = {auth = {ntlm = true, username = username, password = password}, timeout = 10, header = {Accept = "*/*", ["Connection"] = "Keep-Alive"}} local response = http.generic_request( host, port, "GET", "/", opts_table) It takes care of cases in which the server supports OEM/UNICOE and Extended Secuirty/ No Extended Security. The following is the summary of changes : http.lua[1] : Added ntlm authentication to generic_request(). Added checks to validate_options and made a few changes to build_request(). Also added a require statement for the bit library. smbauth.lua[2]: Added a function called ntlmv2_session_response() and a conditional in get_password_response() to support the same. This generates the response in case the server supports extended security. ntlm-test.nse[3]: A sample script to check the changes made in the above to libraries. I have documented the above changes as much as possible. Gyani [1]https://svn.nmap.org/nmap-exp/gyani/nselib/http.lua [2]https://svn.nmap.org/nmap-exp/gyani/nselib/smbauth.lua [3]https://svn.nmap.org/nmap-exp/gyani/scripts/ntlm-test.nse
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Native NTLM Authentication Support in http.lua Gyanendra Mishra (Jun 14)