How to use wget with proxy and ntlm on windows
wget for Windows does not work with proxy authentication that uses NTLM or NTLMv2 encrypted passwords. There is a solution to get it working!
Download cntlm
Download cntlm from http://cntlm.sourceforge.net/ and extract it. You should get the following files:
cntlm.exe cntlm.ini cntlm_manual.pdf cygrunsrv.exe cygwin1.dll README.txt setup.bat uninstall.bat
At this point we DO NOT INSTALL IT. We just try it out. You can install it later if you like.
Download wget for Windows
Download a version of wget for Windows that has proxy support, eg. wget.exe Copy
wget.exe
and maybe additionally needed files into the folder where you extracted cntlm You should now have the following files in one folder:
cntlm.exe cntlm.ini cntlm_manual.pdf cygrunsrv.exe cygwin1.dll README.txt setup.bat uninstall.bat wget.exe <optional additional files>
Configure cntlm
PRE-setup cntlm.ini
Create a textfile cntlm.ini Open cntlm.ini with your favorite text editor and change ONLY the following values (or more) to your needs:
Username yourusername Domain your.domain.tld Proxy 192.168.178.22:8080 # Enter the proxy name you want to authenticate against
We need this file to determine what is the strongest hash the target proxy supports. When you have the file ready, execute the following command and enter your proxy password when prompted.
>cntlm.exe -c .\cntlm.ini -v -u yourusername -d your.domain.tld -I -M http://www.microsoft.com cntlm: Proxy listening on 127.0.0.1:3128 cntlm: Resolving proxy 192.168.178.22... cntlm: Workstation name used: workstation01 Password: <Enter your password here> cntlm: Using proxy 192.168.178.22:8080 Config profile 1/11... OK (HTTP code: 200) ----------------------------[ Profile 0 ]------ Auth NTLMv2 PassNTLMv2 1452C2EB3157149277F82ABCD16329DB ------------------------------------------------ cntlm: Terminating with 0 active threads
Now we now, that the strongest hash the target proxy supports is NTLMv2. Therefore we will use NTLMv2 later in our configuration! You can use any other working url instead of www . microsoft . com.
setup cntlm.ini
Now open cntlm.ini again with your favourite text editor and change the following values (or more) to your needs:
# # Cntlm Authentication Proxy Configuration # # NOTE: all values are parsed literally, do NOT escape spaces, # do not quote. Use 0600 perms if you use plaintext password. # Username yourusername Domain your.domain.tld #Password plaintext # use the PassNTLMv2 from above Use hashes instead (-H) #----------------------------[ Profile 0 ]------ # copy this from the previous output Auth NTLMv2 # copy this from the previous output PassNTLMv2 1452C2EB3157149277F82ABCD16329DB # copy this from the previous output #------------------------------------------------ # copy this from the previous output Proxy 192.168.178.22:8080 # Enter the proxy name you want to authenticate against #Workstation netbios_hostname # Should be auto-guessed # # This is the port number where Cntlm will listen # Listen 3128
for Password enter the PassNTLMv2 you created previously. For Proxy enter the proxy server and port you need to access the internet and where cntlm should use the credentials against. Optionally you can change the listening port (3128).
Start cntlm
Now start cntlm with:
>cntlm.exe -v -f -c .\cntlm.ini cntlm: PID 640: Cntlm ready, staying in the foreground
The -v (verbose) is not needed, but it is good for testing. cntlm is now running and waiting for connections on port 3128
use wget with cntlm
Open a command prompt and enter the following command:
SET http_proxy=http://127.0.0.1:3128/
This makes sure, that we use our local cntlm proxy on port 3128 with wget. You can also use a wget configuration file for this.
Now lets open a webpage with wget using cntlm as proxy
>wget --proxy=on http://www.pcfreak.de --18:54:16-- http://www.pcfreak.de:80/ => `index.html' Connecting to 127.0.0.1:3128... connected! Proxy request sent, awaiting response... 200 OK Length: 5,403 [text/html] 0K -> ..... [100%] 18:54:17 (5.28 KB/s) - `index.html' saved [5403/5403]
Greetings
This guide has been written for Ludwig H. working at W. And by the way
1452C2EB3157149277F82ABCD16329DB
is not my password hash. :)