Burp Suite User Forum

Create new post

NTLM Hash and kerberos ticket support for platform authentication

Nicholas | Last updated: May 04, 2017 05:30AM UTC

Currently NTLMv1/v2 platform authentication requires the plaintext password, but often the hash value cannot be cracked easily back into plaintext in an expedient manner. Additionally if the hash is generated based on a 2fa request this makes it impractical to provide a plaintext value even when the hash is available from memory or hashdumps from domain sources. Allowing the use of the hash alone for platform authentication would allow access to systems where this issue comes up and has been a problem in a number of scenarios where the only solution has been to use WCE or mimikatz to PTH and launch a process with the hash values, but using the hash would make testing far easier as well as faster than requiring a VM or dedicated machine to do so.

PortSwigger Agent | Last updated: May 04, 2017 07:41AM UTC

Thanks for this. We've captured this feature request in our backlog. We can't currently promise an ETA but we'll look into this next time we do some work on the platform authentication functionality.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.