How to Authenticate with NTLM Using Curl
Authenticating with an NTLM-secured server using curl is a straightforward process when using the correct command-line flags. This article provides a quick, step-by-step guide on how to configure your curl requests to successfully bypass NTLM authentication, including basic syntax, handling domain credentials, and troubleshooting common connection issues.
The Basic NTLM Curl Command
To authenticate against an NTLM-secured endpoint, you need to use the
--ntlm flag alongside the -u (or
--user) flag to pass your credentials.
curl --ntlm -u "username:password" http://example.com/secured-pageHandling Domain Credentials
In most enterprise environments, NTLM authentication requires a Windows domain. You must specify the domain along with your username.
Depending on your operating system’s terminal, you must format and escape the backslash correctly:
Standard Domain Format:
curl --ntlm -u "DOMAIN\username:password" http://example.com/secured-pageDouble Backslash (Required for some shells like Bash to prevent escape character issues):
curl --ntlm -u "DOMAIN\\username:password" http://example.com/secured-page
Securely Prompting for Passwords
To prevent your password from being saved in your terminal’s shell history, omit the password from the command. Curl will securely prompt you to type it:
curl --ntlm -u "DOMAIN\username" http://example.com/secured-pageSending Data with NTLM Authentication
If you need to send a POST request or custom headers to an
NTLM-secured API, combine the --ntlm flag with your data
payloads:
curl --ntlm -u "DOMAIN\username" -X POST -d "param1=value1" http://example.com/apiTroubleshooting NTLM Connections
If your request fails, you can inspect the NTLM handshake (which involves a three-way Type 1, Type 2, and Type 3 message exchange) by adding the verbose flag:
curl -v --ntlm -u "DOMAIN\username" http://example.com/secured-pageLook for the WWW-Authenticate: NTLM headers in the
response to verify that the server supports and initiated the NTLM
handshake.