Native NTLM Authentication Support in http.lua

[Gyanendra Mishra <anomaly.the () gmail com>]

Hi list,

I spent the quite some time implementing native NTLM Authentication Support
in http.lua. It took me more time than expected but I learnt a lot in the
process.
The code attached supports NTLM authentication  and can be used as follows :

local opts_table = {auth = {ntlm = true, username = username, password =
password}, timeout = 10, header = {Accept = "*/*", ["Connection"] =
"Keep-Alive"}}
local response = http.generic_request( host, port, "GET", "/", opts_table)

It takes care of  cases in which the server supports OEM/UNICOE and
Extended Secuirty/ No Extended Security. The following is the summary of
changes :

http.lua[1] : Added ntlm authentication to generic_request(). Added checks
to validate_options and made a few changes to build_request(). Also added a
require statement for the bit library.

smbauth.lua[2]: Added a function called ntlmv2_session_response() and a
conditional in get_password_response() to support the same. This generates
the response in case the server supports extended security.

ntlm-test.nse[3]: A sample script to check the changes made in the above to
libraries.

I have documented the above changes as much as possible.

Gyani

[1]https://svn.nmap.org/nmap-exp/gyani/nselib/http.lua
[2]https://svn.nmap.org/nmap-exp/gyani/nselib/smbauth.lua
[3]https://svn.nmap.org/nmap-exp/gyani/scripts/ntlm-test.nse

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/