# Server-side # the first request has NTLM type-1 included, and then the 1001 is returned HTTP/1.1 200 beng swsclose swsbounce Server: Microsoft-IIS/6.0 Authentication-Info: Passport1.4 tname=MSPAuth,tname=MSPProf,tname=MSPConsent,tname=MSPSecAuth Content-Type: text/html; charset=iso-8859-1 # the second request should be auth-less and then this is returned. HTTP/1.1 200 moo swsclose Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 16 content for you HTTP/1.1 200 beng swsclose swsbounce Server: Microsoft-IIS/6.0 Authentication-Info: Passport1.4 tname=MSPAuth,tname=MSPProf,tname=MSPConsent,tname=MSPSecAuth Content-Type: text/html; charset=iso-8859-1 HTTP/1.1 200 moo swsclose Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 16 content for you # Client-side NTLM http HTTP POST --ntlm to server not requiring any auth at all http://%HOSTIP:%HTTPPORT/176 -u auser:apasswd --ntlm -d "junkelijunk" # Verify data after the test has been "shot" ^User-Agent:.* POST /176 HTTP/1.1 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6 Host: %HOSTIP:%HTTPPORT Accept: */* Content-Length: 0 Content-Type: application/x-www-form-urlencoded POST /176 HTTP/1.1 User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6 Host: %HOSTIP:%HTTPPORT Accept: */* Content-Length: 11 Content-Type: application/x-www-form-urlencoded junkelijunk