Automatic NTLM Authentication using Perl

Since Friday I tried to automatically parse the output of Microsofts Certification Services via HTTP because I need to forward the generated challenge password to my automated certificate enrollment procedure. Looking back, it was a little bit tricky after all. I had to consider several things that I want to summarize in this article. Maybe it can be useful to anyone.

First of all, you have to install libwww-perl [DEB] and the Authen::NTLM [EN] Perl Module from CPAN. For the latest version of this module consult the CPAN-shell (perl -e shell -MCPAN 'install Authen::NTLM').

The Output of microsoft's certification service is encoded as UTF-16LE, so you have to decode it. I don't know, if it's encoded everywhere the same, so be sure to check which encoding you get with your browser.

#!/usr/bin/perl
#
# Automatically retreive the challenge password for automatic certificate
# enrollment with a microsoft certification authority
#
# by Alexander Griesser <perl@tuxx-home.at>
# 2004-12-06

use LWP::UserAgent;
use HTTP::Request::Common;
use Encode qw/decode/;

my $url = 'http://yourserver/certsrv/mscep/mscep.dll';

# Set up the ntlm client and then the base64 encoded ntlm handshake message
#  Note that "keep_alive" is required here
my $ua = new LWP::UserAgent(keep_alive=>1);

# Set credentials here (leave "realm" param blank)
$ua->credentials('server_ip:80', '', 'domain\username', 'password');

$request = GET $url;
$response = $ua->request($request);

if ($response->is_success)
{
  # The output is encoded as UTF-16LE, so we have to decode it
  # first before use
  $out = decode("UCS-2LE", $response->{_content});
  $out =~ s/.*challenge password is ([^ ]+).*/$1/g;
  print "The challenge password is: $out \n";
}