Penetration Testing mailing list archives
Re: [PEN-TEST] Sniffing web-based NT logins
From: "Magus Ba'al" <magusbaal () DIGITALBASTARDS NET>
Date: Fri, 12 Jan 2001 02:34:13 -0700
I figured this might be kind of pertinent, MS released an advisory about this about 9 hours after you sent your email :) Title: Web Client NTLM Authentication Vulnerability Date: January 11, 2001 Software: Office 2000, Windows 2000, and Windows Me Impact: NTLM Credentials sent regardless of prompt setting Bulletin: MS01-001 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS01-001.asp. Steven Beverly Some guy working for some ISP "Failure is not an option, it comes pre-installed with your Windoze software..." -Unknown "He who fights with monsters should look to it that he himself does not become a monster...when you gaze long into the abyss the abyss also gazes into you." -Friedrich Nietzsche -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Batten, Gerald Sent: Thursday, January 11, 2001 7:56 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Sniffing web-based NT logins I was wondering if there was a tool, or if someone knew how to pick it off of a regular sniffer, to pick up the NT has of an NT login over the web. Let me explain... The server is IIS 5.0, the web clients are IE 5.x, and the server is configured to take NT authentication to the protected web pages exclusively. This means that Netscape won't work, and that the passwords are not sent as the standard Base64 encoding. So, how are the passwords transferred, and how would I use a sniffer to pick it up? I'm assuming that they would be Lanman hashes and that I could pull them off the wire somehow and use LophtCrack to guess the passwords? Gerald.
Current thread:
- [PEN-TEST] Sniffing web-based NT logins Batten, Gerald (Jan 11)
- Re: [PEN-TEST] Sniffing web-based NT logins Magus Ba'al (Jan 12)