Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: brute-forcing NTLM HTTP Authentication

From: Denis Ducamp <Denis.Ducamp () hsc fr>
Date: Sat, 29 Sep 2001 20:54:54 +0200
On Fri, Sep 28, 2001 at 05:43:44PM -0700, Jason binger wrote:

Does anyone know of a tool or script out there that
can brute-force NTLM web authentication that may be
used on IIS or ISA server. 

I know IE explorer is the only browser that supports
this auth method. Does anyone have any papers or link
on how exactly it works? Is it just tunnelled using
HTTP? Or does it use windows auth ports like TCP 139
etc?


You may take a look at fetchmail, it can make NTLM auth to IMAP servers. A
long time ago I tried to do it manually against an IIS and the same way
worked fine. I then wanted to write a patch to lynx to do ntlm auth but
never did it :(

You have to get the algorithm in fetchmail and may get some code from
fetchmail or from titi "a set of password crypters"
<http://www.groar.org/groar/#s4> (last test version is stable ;) .

Denis Ducamp.

-- 
 Denis.Ducamp () hsc fr --- Hervé Schauer Consultants --- http://www.hsc.fr/
 Owl/Openwall/snort/hping/dsniff en français   http://www.groar.org/trad/
            Owl en français    http://www.openwall.com/Owl/fr/
 Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: