为什么 CNTLM 要求输入密码? [英] Why is CNTLM asking for password?
问题描述
我已经在 Windows 上配置了 CNTLM 代理授权,配置文件看起来像,
验证 NTLM通行证NT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXPassLM YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY通过NTLMv2 ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ代理proxy.xxxx.com:8080听3130我在 LAN 设置中使用 localhost:3130 作为代理,点击浏览器上的任何 URL,它再次要求输入密码!如果我输入与生成哈希相同的密码,它就可以工作.只是 Cntlm 的目的被打败了.有人遇到过这种情况吗?这是如何运作的?有什么办法可以解决这个问题吗?
<EDIT> 如果您使用的是 Windows 那么我强烈推荐 px 超过 Cntlm,因为它不需要任何握手机制.
关于 px 的说明:
<块引用>它主要设计为在 Windows 系统上运行并进行身份验证代表应用程序使用当前登录的 Windows用户帐号
</EDIT>
1) 将 CNTLM 安装到默认目录(在 Windows 上,C:\Program Files (x86)\cntlm\).
2) 运行 cmd.exe
3) 输入:cd "C:\Program Files (x86)\cntlm\"
4) 输入:cntlm.exe -H -d your_domain -u your_username
它会询问您的密码.输入你的密码,cntlm 会给你一些哈希值.像这样:
c:\Program Files (x86)\Cntlm>cntlm -H -d your_domain -u your_username密码:通过LM 4E9C185900C7CF0B6FFCB2044F81920CPassNT 6E9F120B83EEA0E875CE8E6F9730EC9A通过NTLMv2 2A0B7C2457FB7DD8DA4EB737C4FA224F现在您已经对密码进行了哈希处理.将它们保存到文本编辑器.
5) 输入:cntlm -M http://www.google.com
再次输入您的密码.它会给你这样的东西:
c:\Program Files (x86)\Cntlm>cntlm -M http://www.google.com密码:配置文件 1/4... 凭据被拒绝配置文件 2/4... 确定(HTTP 代码:302)-------------------------------[ 个人资料 1 ]------验证 NTLMPassNT 6E9F120B83EEA0E875CE8E6F9730EC9A通过LM 4E9C185900C7CF0B6FFCB2044F81920C------------------------------------------------现在您看到配置文件 2 已成功.因为它对配置文件 2 说 OK.它可能在您的系统上有所不同.
诀窍是,
- 如果 Auth 是 NT,那么您必须只使用 PassNT
- 如果Auth是LM,那么你只能使用PassLM
- 如果 Auth 是 NTLM,那么你必须同时使用 PassNT 和 PassLM
- 如果 Auth 是 NTLMv2,那么您必须只使用 PassNTLMv2
现在我们得到了我们想要的一切.对于我的配置,Auth 表示 NTLM,因此我将在 cntlm.ini 配置文件中同时使用 PassNT 和 PassLM.
这是一个示例配置文件 NTLM(不是 NTLMv2!):
<预><代码>## Cntlm 认证代理配置文件#用户名 你的用户名域您的域验证 NTLMPassNT 6E9F120B83EEA0E875CE8E6F9730EC9A通过LM 4E9C185900C7CF0B6FFCB2044F81920C工作站 yourhostname.yourdomain# 很可能是 proxy.yourdomain:8080代理 yourProxyIP:yourProxyPortNoProxy 本地主机, 127.0.0.*, 10.*, 192.168.*听3132网关 是#配置结束6) 要测试您的配置,请输入:cntlm -c cntlm.ini -I -M http://www.google.com
7) 要启动 cntlm,请输入:net start cntlm
现在您可以使用计算机的 IP 地址和端口 3132 作为代理.
<小时>您可以在此处获取最新的 Cntlm 二进制文件:http://cntlm.sourceforge.net/
I have configured CNTLM Proxy Authorization on Windows with configuration file looking like,
Auth NTLM
PassNT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PassLM YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
PassNTLMv2 ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
Proxy proxy.xxxx.com:8080
Listen 3130
And I use localhost:3130 as proxy in LAN Settings, hit any URL on browser and it is asking for the password again!. If I enter the same password with which I generated the hash, it works. Simply the purpose of Cntlm is beaten. Has anybody faced this? How does this work? Is there any way to get around this problem?
<EDIT> If you are using Windows then I strongly recommend px over Cntlm since it doesn't need any handsake mechanism.
Notes on px:
It is primarily designed to run on Windows systems and authenticates on behalf of the application using the currently logged in Windows user account
</EDIT>
1) Install CNTLM to default directory (on Windows, C:\Program Files (x86)\cntlm\ ).
2) Run cmd.exe
3) Type : cd "C:\Program Files (x86)\cntlm\"
4) Type : cntlm.exe -H -d your_domain -u your_username
It will ask your password. Enter your password and cntlm will give you some hashes. Something like this:
c:\Program Files (x86)\Cntlm>cntlm -H -d your_domain -u your_username
Password:
PassLM 4E9C185900C7CF0B6FFCB2044F81920C
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassNTLMv2 2A0B7C2457FB7DD8DA4EB737C4FA224F
Now you have password hashed. Save them to a text editor.
5) Type : cntlm -M http://www.google.com
Again enter your password. It will give you something like this:
c:\Program Files (x86)\Cntlm>cntlm -M http://www.google.com
Password:
Config profile 1/4... Credentials rejected
Config profile 2/4... OK (HTTP code: 302)
----------------------------[ Profile 1 ]------
Auth NTLM
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM 4E9C185900C7CF0B6FFCB2044F81920C
------------------------------------------------
Now you see that profile 2 is successful. Because it says OK for profile 2. It may be different on your system.
The trick is,
- if the Auth is NT, then you must use only PassNT
- if the Auth is LM, then you must use only PassLM
- if the Auth is NTLM, then you must use both PassNT and PassLM
- if the Auth is NTLMv2, then you must use only PassNTLMv2
Now we got all we want. For my configuration, Auth says NTLM so I will use both PassNT and PassLM in the cntlm.ini configuration file.
This is an example configuration file NTLM (not NTLMv2!):
#
# Cntlm Authentication Proxy Configuration File
#
Username yourusername
Domain yourdomain
Auth NTLM
PassNT 6E9F120B83EEA0E875CE8E6F9730EC9A
PassLM 4E9C185900C7CF0B6FFCB2044F81920C
Workstation yourhostname.yourdomain
# Most probably proxy.yourdomain:8080
Proxy yourProxyIP:yourProxyPort
NoProxy localhost, 127.0.0.*, 10.*, 192.168.*
Listen 3132
Gateway yes
# end of config
6) To test your configuration, type: cntlm -c cntlm.ini -I -M http://www.google.com
7) To start cntlm, type: net start cntlm
Now you can use your computer's IP address and port 3132 as a proxy.
You can get the latest Cntlm binaries here: http://cntlm.sourceforge.net/
这篇关于为什么 CNTLM 要求输入密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
