WebApp Sec mailing list archives

Re: hydra and HTTP NTLM

From: Robin Wood <robin () digininja org>
Date: Fri, 25 May 2012 09:02:11 +0100

On 25 May 2012 08:55, Jamie Riden <jamie.riden () gmail com> wrote:

On 23 May 2012 13:14, Robin Wood <robin () digininja org> wrote:

Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
to brute force a MS Front Page login which only asks for
authentication when the OPTIONS method is used as far as I can tell.


Pathological case is to use something like ntlmaps -
http://ntlmaps.sourceforge.net/ - and script that. Would be slow but
it would be something.

Might be better to rip or amend the code though...


I saw that mentioned as an option when someone else asked about this
area but was after a quicker option. I might have a look through this
after the test as a tool for next time.

cheers,
 Jamie
--
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Re: [Pauldotcom] hydra and HTTP NTLM, (continued)
- - - Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 25)
    - Message not available
    - Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 29)
    - Re: hydra and HTTP NTLM _ (May 24)
- Re: hydra and HTTP NTLM Seth Art (May 24)
  - RES: hydra and HTTP NTLM Fábio Soto (May 29)
- Re: hydra and HTTP NTLM Security Auditor (May 25)
  - Re: hydra and HTTP NTLM Robin Wood (May 25)
    - Re: hydra and HTTP NTLM Gary Oleary-Steele (May 29)
    - Re: hydra and HTTP NTLM Robin Wood (May 29)
- Re: hydra and HTTP NTLM Jamie Riden (May 25)
  - Re: hydra and HTTP NTLM Robin Wood (May 25)
- Re: hydra and HTTP NTLM Norma Snockers (May 25)