Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: brute-forcing NTLM HTTP Authentication

From: Dave Aitel <daitel () atstake com>
Date: Sat, 29 Sep 2001 13:49:27 -0400
It's tunneled in a bastardized way through HTTP Auth: requests. You do a sort
of 3 way handshake. The best reference implementation I've found is in Squid,
which isn't that nice for what we want though.

This is the best documentation I found on the
subject: http://www.innovation.ch/java/ntlm.html

-dave


Jason binger wrote:


Does anyone know of a tool or script out there that
can brute-force NTLM web authentication that may be
used on IIS or ISA server.

I know IE explorer is the only browser that supports
this auth method. Does anyone have any papers or link
on how exactly it works? Is it just tunnelled using
HTTP? Or does it use windows auth ports like TCP 139
etc?

I have looked around to no avail. RFP says it will be
in whisker 2.0 but i need it now =]

Any help appreciated.

Jason

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: