Re: HTTP NTLM password cracker

[dave () immunitysec com]

SPIKE (http://www.immunitysec.com/) will brute force that for you -
although not terribly quickly. It's a slow protocol.

Dave Aitel
Consulting Manager
Immunity, Inc.

> hi...
>
>     try the tool cain and able... it can crack http ntlm plus a few
> others,
> by sniffing the traffic of the network. u can download it from
> http://www.oxid.it/ .... hope it helps.
>
> rohit
>
> ----- Original Message -----
> From: "Gary O'leary-Steele" <garyo () sec-1 com>
> To: <pen-test () securityfocus com>
> Sent: Thursday, May 08, 2003 11:46 PM
> Subject: HTTP NTLM password cracker
>
>
> > Hi all,
> >
> > Does anyone know of a good HTTP NTLM (not basic auth) brute
> force/dictionary
> > password cracker. I'm trying to gain access to a site which is using
> > FrontPage extensions.
> >
> > /_vti_bin/_vti_aut/author.dll?blah.blah (Auth: NTLM)
> >
> > Regards,
> > Gary
> > Sec-1
> > www.sec-1.com
> >
> >
> > --------------------------------------------------------------------------
> -
> > Did you know that you have VNC running on your network?
> > Your hacker does.
> > Plug your security holes.
> > Download a free 15-day trial of VAM:
> > http://www.securityfocus.com/StillSecure-pen-test
> > --------------------------------------------------------------------------
> --
> >
>
>
>
> ---------------------------------------------------------------------------
> Did you know that you have VNC running on your network?
> Your hacker does.
> Plug your security holes.
> Download a free 15-day trial of VAM:
> http://www.securityfocus.com/StillSecure-pen-test
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------