I have no administrative access to the proxy host. But I want to know remotely whether the proxy is NTLM enabled and what version. How is it possible?
please have a look at this tool:
http://cntlm.sourceforge.net/
When you download it (windows version) you'll find inside the zip file a PDF Manual.
Open it and have a look at -M option (please find hereafter the option description for your convenience):
-M
Run magic NTLM dialect detection. In this mode, cntlm tries some known working presets
against your proxy. Probe requests are made for the specified testurl, with the strongest hashes
going first. When finished, settings for the most secure setup are printed. Although the detection
will tell you which and how to use Auth, Flags and password-hash options, you have to configure
at least your credentials and proxy address first. You can use -I to enter your password interactively.
hope this help
cheers
UnknowNTLM
Related
I am dealing with an interesting issue. I am using AWS SSM to manage my Windows Updates and going through a 3rd party proxy server (which I have no control over, nor a choice to use it). I am attempting to automate proxy settings (found here:https://forums.aws.amazon.com/thread.jspa?messageID=782297) using GPO or any other method (.ps1, .cmd) available. The only method I have found requires the following:
PS C:\Users\Administrator\Downloads\PSTools> .\psexec -i -s -d cmd
Then in the System User Context CMD prompt;
C:\Windows\system32>whoami
nt authority\system
C:\Windows\system32>inetcpl.cpl
Configure the settings manually according to the users internet
connection settings.
I have been digging around and trying to use batch files, group policy preferences...and I am stumped. Does anyone have any ideas? Also, I have tried "How to configure IE proxying for the local system account?" already to no avail.
You're right there, you almost made it. Run Internet Explorer (iexplore.exe), not just inetcpl.cpl, under that user context, and configure the proxy inside Internet Explorer.
I was trying to install Rubygems on my Windows 7 machine and had to authenticate myself with a corporate proxy server. I saw several people on various forums with the same problem, and the common solution seemed to be
set http_proxy=http://username:password#www-domain.com:80
While this did work for me and allowed me to download the Rubygems that I needed, I spoke with a security professional about the security of typing the password in plaintext like that, and he did a packet capture with Wireshark and was able to see my credentials. Is there a way to pass credentials in securely through the command line? I know that a lot of other Ruby developers at my company would like to download gems and need a way to authenticate themselves, but I'd prefer to find a secure solution before I help anyone else out.
No, because you connect with http to your proxy, the crendials will be send in cleartext by design.
If your company cares about security, you should connect via https:// to your http proxy.
I am using CURL library to download a file net. I have written a sample in win32. I have few doubts
1) Why do we need to use CURL. One of my friend says why don’t we just use win32 API’s to download file.
2) I have set proxy to my machine. If i try to download the file still it downloads. Is it is not required to set the proxy settings in curl library.
cURL is a third-party cross-platform library wrapping several commonly used Internet protocols (HTTP, FTP, etc). You don't HAVE to use it if you don't want to. It is just one of MANY choices available to developers. You can certainly use Microsoft's proprietary WinInet API instead if you want to.
Yes, if you use a proxy, you have to configure cURL so it knows about it. Microsoft uses WinInet in Internet Explorer, and WinInet shares certain settings (like proxies) with all apps that use WinInet, so a WinInet-based app usually does not need to configure a proxy (but certain can if needed) if the user has configured a proxy in Windows configuration.
I am using dynatrace ajax edition and it requires an proxy server and password to connect to dynatrace server.
The problem is I ONLY have the .pac file URL that we use at work.
Is it possible to know which proxy server and port my requests resolve to so that I can provide the proxy server name and password directly?
I have checked few links in the stackoverflow community but they do not seem to answer this question.
Like: How to discover de proxy used in a pac
I am using an windows 7 64 bit system with IE8.
Thanks,
Ayusman
After trolling through some more google search results,
This nifty tool helped me perfectly
Please note that I was on a 64 bit windows 7 machine, still it worked fine.
Hit the URL in the address bar of the browser. It should download the file. Open the file with any text editor. Looking at the content of the file, you can easily find out the proxy IP/port being used. This worked for me. Hope it helps others too.
To find your Web Proxy, simply go to:
http://www.whatismyproxy.com/
This web page will display information about your proxy server.
For some reason, no matter how I go about it, I cannot get TortoiseSVN to add an Author to Log Messages.
Currently we connect to a PC running svnserve, so it's not a file:// Address.
We have tried using svn://Username#svnAddress, svn://svnAddress
Even setting svn:keywords $Author: AuthorName$
I was under the impression that TortoiseSVN would use the windows login name, prior to upgrading from a file based repo, these did show.
Note: We are also connecting to a domain, if this would affect anything.
also, no hook scripts are in play and the svnserve.conf is default.
SVN Server is using SVN Version 1.5.1 (x86), Windows Server 2003.
Clients are using latest version of Tortoise, both x86 and x64.
Any help would be much appreciated.
Ohh and the SVN is used for source code, so it is programming related :) (well semi related anyway)
The svn: protocol, by default, does not do any authentication, and consequently, no identification of the remote user. As TortoiseSVN does not need to authenticate, no user gets logged.
The SVN keywords don't have to do much with this: If you put $Author$ in a file, it will expand to the author of the commit, rather than setting the user. In the keyword syntax, there is no support for colons.
So if you want to authenticate with svnserve, you should first set anon-access to none or read, to force an authentication prompt. You then need to setup a password database; svnserve has only support for CRAM-MD5 builtin. I recommend you try to get this working first, handing out new passwords to all users. Alternatively, you can try to setup SASL, which would then allow for NTLM authentication - provided you can get SASL to work on your system.
Yet alternatively, you can switch to a different protocol. If, by "PC", you mean "Windows", then I guess the ssh-based protocol is ruled out. That leaves http(s); it should be possible to set up Apache on Windows with NTLM authentication, so that the NTLM user appears as the svn author.