def test_ntlm_auth(url, credentials_buffer):
auth_successes = []
timeout = 15
verify = False
requests_buffer = []
for credentials in credentials_buffer:
auth = requests_ntlm.HttpNtlmAuth(credentials.username,
credentials.password)
requests_buffer.append(
grequests.get(url=url, auth=auth, verify=verify, timeout=timeout))
resps = grequests.map(requests_buffer)
if 200 in [resp.status_code for resp in resps]:
credentials_list = HTTPAuthUtils.get_credentials_from_ntlm_requests(
requests_buffer)
auth_successes.extend(credentials_list)
return auth_successes
import sys
import requests
import requests_ntlm
urlToConnect = "http://myUrlWhichNeedsWindowsAuthentication/50231/Test"
payload = '''
{
"name":"mjk",
"comments":"temporary",
"AccessLevel":"basic"
}'''
try:
getResponse = requests.get(urlToConnect,auth=requests_ntlm.HttpNtlmAuth('winuser','winpassword'))
postResponse = requests.post(urlToConnect,data=payload,auth=requests_ntlm.HttpNtlmAuth('winusername','winpassword'))
if postResponse.status_code == 200:
print ("post request succeeded")
except:
print("Unexpected error:", sys.exc_info()[1])
def httpbrute_authenticate(url, username, password, useragent, pluginargs): # CHANGEME: replace template with plugin name
ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
data_response = {
'timestamp': ts,
'username': username,
'password': password,
'success': False,
'change': False,
'2fa_enabled': False,
'type': None,
'code': None,
'name': None,
'action': None,
'headers': [],
'cookies': [],
'sourceip' : None,
'throttled' : False,
'error' : False,
'output' : ""
}
spoofed_ip = generate_ip()
amazon_id = generate_id()
trace_id = generate_trace_id()
# CHANGEME: Add more if necessary
headers = {
'User-Agent': useragent,
"X-My-X-Forwarded-For" : spoofed_ip,
"x-amzn-apigateway-api-id" : amazon_id,
"X-My-X-Amzn-Trace-Id" : trace_id,
}
try:
resp = None
full_url = "{}/{}".format(url,pluginargs['uri'])
if pluginargs['auth'] == 'basic':
auth = requests.auth.HTTPBasicAuth(username, password)
resp = requests.get(url=full_url, auth=auth, verify=False, timeout=30)
elif pluginargs['auth'] == 'digest':
auth = requests.auth.HTTPDigestAuth(username, password)
resp = requests.get(url=full_url, auth=auth, verify=False, timeout=30)
else: # NTLM
auth = requests_ntlm.HttpNtlmAuth(username, password)
resp = requests.get(url=full_url, auth=auth, verify=False, timeout=30)
if resp.status_code == 200:
data_response['success'] = True
data_response['output'] = 'SUCCESS: => {}:{}'.format(username, password)
elif resp.status_code == 401:
data_response['success'] = False
data_response['output'] = 'FAILURE: => {}:{}'.format(username, password)
else: #fail
data_response['success'] = False
data_response['output'] = 'UNKNOWN_RESPONSE_CODE: {} => {}:{}'.format(resp.status_code, username, password)
def getFormDigest(uid, pwd, site, location):
headers = {'Content-Type': 'application/json; odata=verbose', 'accept': 'application/json;odata=verbose'}
r = requests.post(site + location + "/_api/contextinfo",auth=requests_ntlm.HttpNtlmAuth(uid, pwd), headers=headers)
print r
print("Connection Confirmed")
return r.json()['d']['GetContextWebInformation']['FormDigestValue']
def create_ntlm_auth(config):
global requests_ntlm
if requests_ntlm is None:
import requests_ntlm
return requests_ntlm.HttpNtlmAuth(config['ntlm_domain'], config['password'])
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
# Grab the config.
try:
url = urllib.parse.urlparse(sys.argv[1])
user = sys.argv[2]
except IndexError:
print('Usage: ntlmproxy.py [root URL] [username]')
exit(1)
if url.scheme == '':
print('Missing URL scheme!')
exit(1)
if url.netloc == '':
print('Invalid domain!')
exit(1)
if url.path not in ('', '/'):
print('URL must be to root')
exit(1)
config['url'] = url
passwd = getpass.getpass('NTLM password ({}): '.format(user))
session.auth = requests_ntlm.HttpNtlmAuth(user, passwd)
# Serve
waitress.serve(app, threads=10)