WebApp Sec mailing list archives
Re: hydra and HTTP NTLM
From: Robin Wood <robin () digininja org>
Date: Sun, 27 May 2012 23:09:19 +0100
On 27 May 2012 09:44, Gary Oleary-Steele <GaryO () sec-1 com> wrote:
Robin, I have a ruby script for this somewhere, it's integrated with our scanner system but I'll see if I can pull the code to use as standalone. If I were you though I'd use python with urllib2, has ntlm support via an extension (or "opener" as the are known), also ruby http libs support ntlm. The protocol for frontpage is simple to replicate for what you need, I'll send u an example on Monday.
Brilliant, thanks. Robin
Gary Sent from my iPhone On 26 May 2012, at 01:04, "Robin Wood" <robin () digininja org> wrote:On 25 May 2012 13:52, Security Auditor <auditor.sec () gmail com> wrote:Hi, I would say use an interceptor proxy which can handle this stuff easily. For example burp, ZAP or others. I played with hydra on DVWA app and could not succeed at bruting..... hope this helpsI don't know a way to get Burp to brute force NTLM, can ZAP do it? Any instructions would be gratefully received. Robincheers Audi On Wed, May 23, 2012 at 2:14 PM, Robin Wood <robin () digininja org> wrote:Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying to brute force a MS Front Page login which only asks for authentication when the OPTIONS method is used as far as I can tell. Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------##################################################################################### Scanned by MailMarshal - M86 Security's comprehensive email content security solution. For details on purchasing MailMarshal or alternative Mail Security products please contact our Sales Team on 0113 257 8955 Option 1 #####################################################################################
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Re: [Pauldotcom] hydra and HTTP NTLM, (continued)
- Message not available
- Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 24)
- RE: [Pauldotcom] hydra and HTTP NTLM Navarro, Gregory J (May 25)
- Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 25)
- Message not available
- Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 29)
- Re: hydra and HTTP NTLM _ (May 24)
- RES: hydra and HTTP NTLM Fábio Soto (May 29)
- Re: hydra and HTTP NTLM Robin Wood (May 25)
- Re: hydra and HTTP NTLM Gary Oleary-Steele (May 29)
- Re: hydra and HTTP NTLM Robin Wood (May 29)
- Re: hydra and HTTP NTLM Robin Wood (May 25)