HTTP-GET module no encoding username and password to NTLM string #989
Description
"In the HTTP-GET module, NTLM encoding in Hydra ignores the entered usernames, passwords, and domain. It always encodes the same Net-NTLM string. I redirected Hydra through Burp Suite and captured the GET requests. The NTLM string did not change. Basic encoding worked fine. I tested versions 9.1 and 9.5 on both Windows and Kali Linux."
hydra -I -l admin -p password -V servername http-get '/:A=NTLM:F=401'
hydra -I -l admin -p password1 -V servername http-get '/:A=NTLM:F=401'
proxy intercept always:
GET / HTTP/1.1
Host: servername.com
Authorization: NTLM TlRMTVNTUAABAAAAB7IAAAAAAAAAAAAAAAAAAAAAAAA=
User-Agent: Mozilla/4.0 (Hydra)
Connection: keep-alive
I'm not sure if the switch -m domain should work, but it would be good if it performed the prefix DOMAIN.