proxychains-ng
proxychains-ng copied to clipboard
rofl0r
NTLM Auth Type
Is there a way to authenticate via NTLM Hash of user/pass just like when using http proxy with openvpn?
i don't think so. is that an extended auth feature (i.e. not "basic" auth) of HTTP ?
Well I'm not an expert, but I guess the username is sent in clear text and pass is just hashed. Since OpenVPN is opensource, wouldn't it be possible to just copy the authentication code? Because in ovpn config you can choose: basic, ntml and auto(detect)
This is really important bc as far as I know, every Windows based Proxyserver uses ntml auth
username is sent in clear text and pass is just hashed
that's equally safe as sending the password in plaintext, since an adversary can capture the hash and send it again, unless the hash involves a cryptographic nonce sent from the server... e.g. server sends some random bytes and then you concatenate those bytes with the password and take the hash from the entire thing
It's at least a little bit more safer than sending clear text bc someone would need to crack the hash in order to get the password.
It actually doesn't matter if it's save. Fact is that windows proxys only take this method and I can't connect if this isn't implemented
so what is that proxyserver? http ? socks5 ? what's its name so we can do some research ?
HTTP
Port 3128
No need to do research, jut look at openvpn code
Or just lookup proxy ntlm with google
- the thing is called NTLM not NTML
- since i don't have a server to test, i can't implement this feature
- protocol is described here https://msdn.microsoft.com/en-us/library/dd925287(v=office.12).aspx
- if someone wants to give it a go, PRs are welcome
- sorry for the typo
- my only guess was to see if code can be copied from here, but if that isn't possible then hopefully smo. who has experience can give it a go