Menu

Can't putty via cntlm

Help
paul
2012-03-29
2013-05-23

  • paul

    paul - 2012-03-29

    Hi guys, need some help here.  Basically what I do is use putty to proxy out via cntlm.  The thing here is that one day it was working and then all of sudden with no changes on my side.  This is the output I get::: 

    $ ./cntlm.exe -c ./cntlm.ini -f -v
cntlm: Proxy listening on 127.0.0.1:7804
cntlm: Workstation name used: PMIN-NYL
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 2080: Cntlm ready, staying in the foreground
******* Round 1 C: 4 *******
Reading headers (4)...
HEAD: CONNECT casperpaul.sytes.net:22152 HTTP/1.1
Thread processing...
cntlm: PID 2080: Using proxy 172.18.96.37:8080
cntlm: PID 2080: Resolving proxy 172.18.96.37...
Resolve 172.18.96.37:
  -> 172.18.96.37
Host                           => casperpaul.sytes.net:22152
cntlm: PID 2080: 127.0.0.1 CONNECT casperpaul.sytes.net:22152
NTLM Request:
           Domain: nyx
         Hostname: PMIN-NYL
            Flags: 0xA208B205
Sending PROXY auth request...
Host                           => casperpaul.sytes.net:22152
Proxy-Connection               => keep-alive
Proxy-Authorization            => NTLM TlRMTVNTUAABAAAABbIIogMAAwAoAAAACAAIACAAAABQTUlOLU5ZTE5ZWA==
Content-Length                 => 0
Reading PROXY auth response...
HEAD: HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate             => NTLM TlRMTVNTUAACAAAABgAGADgAAAAFgomidaiEpIMPBpgAAAAAAAAAAJQAlAA+AAAABgGwHQA
AAA9OAFkAWAACAAYATgBZAFgAAQAWAFAATQAxAE0ASQBCAEwAQQAwADEAVgAEABQAYQBkAC4ATgBZAFgALgBjAG8AbQADACwAUABNADEATQBJA
EIATABBADAAMQBWAC4AYQBkAC4ATgBZAFgALgBjAG8AbQAFABQAYQBkAC4ATgBZAFgALgBjAG8AbQAHAAgAjExX/MwNzQEAAAAA
Cache-Control                  => no-cache
Pragma                         => no-cache
Content-Type                   => text/html; charset=utf-8
Proxy-Connection               => Keep-Alive
Set-Cookie                     => BCSI-CS-F977771D5F741473=2; Path=/
Connection                     => Keep-Alive
Content-Length                 => 830
Discarding 830 bytes.
NTLM Challenge:
        Challenge: 75A884A4830F0698 (len: 210)
            Flags: 0xA2898205
        NT domain: NYX
           Server: PM1MIBLA01V
           Domain: ad.NYX.com
             FQDN: PM1MIBLA01V.ad.NYX.com
              TLD: ad.NYX.com
                7: ▒W▒▒
            TBofs: 62
            TBlen: 148
            ttype: 0
NTLMv2:
            Nonce: 9826BB43327D2644
        Timestamp: -63069184
NTLM Response:
         Hostname: 'PMIN-NYL'
           Domain: 'nyx'
         Username: 'pmin'
         Response: '2453B2C34FC196CEDA2222B0FC87BEDA010100000000000000A43DFCCC0DCD019826BB43327D26440000000002
0006004E00590058000100160050004D0031004D00490042004C00410030003100560004001400610064002E004E00590058002E006300
6F006D0003002C0050004D0031004D00490042004C0041003000310056002E00610064002E004E00590058002E0063006F006D00050014
00610064002E004E00590058002E0063006F006D00070008008C4C57FCCC0DCD010000000000000000' (196)
         Response: 'B9DEDE043F917DF282DFC720CACD1AC49826BB43327D2644' (24)
Sending headers (5)...
Host                           => casperpaul.sytes.net:22152
Proxy-Connection               => keep-alive
Proxy-Authorization            => NTLM TlRMTVNTUAADAAAAGAAYAF4AAADEAMQAdgAAAAYABgBAAAAACAAIAEYAAAAQABAATgAAAAA
AAAA6AQAABYKJok4AWQBYAHAAbQBpAG4AUABNAEkATgAtAE4AWQBMALne3gQ/kX3ygt/HIMrNGsSYJrtDMn0mRCRTssNPwZbO2iIisPyHvtoBA
QAAAAAAAACkPfzMDc0BmCa7QzJ9JkQAAAAAAgAGAE4AWQBYAAEAFgBQAE0AMQBNAEkAQgBMAEEAMAAxAFYABAAUAGEAZAAuAE4AWQBYAC4AYwB
vAG0AAwAsAFAATQAxAE0ASQBCAEwAQQAwADEAVgAuAGEAZAAuAE4AWQBYAC4AYwBvAG0ABQAUAGEAZAAuAE4AWQBYAC4AYwBvAG0ABwAIAIxMV
/zMDc0BAAAAAAAAAAA=
No body.
******* Round 2 C: 4, S: 5 (authok=0, noauth=0) *******
Reading headers (5)...
HEAD: HTTP/1.1 503 Service Unavailable
Cache-Control                  => no-cache
Pragma                         => no-cache
Content-Type                   => text/html; charset=utf-8
Proxy-Connection               => close
Connection                     => close
Content-Length                 => 732
Sending headers (4)...
Body included. Length: 732
data_send: read 732 of 732 / 732 of 732 (errno = ok)
data_send: fds 4:5 warning -999 (connection closed)
Could not send whole body
forward_request: palive=0, authok=1, ntlm=0, closed=1
Thread finished.
proxy_thread: request rc = 0xffffffff
Joining thread 537035544; rc: 0

    Any ideas here?

     

  • David Kubicek

    David Kubicek - 2012-04-07

    Sorry, no ideas. This is a problem with your proxy. The connection is refused with a 503 response. It could also be on the side of the destination server:
    - does "casperpaul.sytes.net" resolve in DNS - is doesn't resolve when I try it, BTW)
    - is the port 22152 open and allowed to connect to by the proxy? (Usually proxies allow connect only to port 443 and only because HTTPS requires it).
    - etc.

     

Log in to post a comment.