Re: [Pauldotcom] hydra and HTTP NTLM

[Robin Wood <robin () digininja org>]

On 25 May 2012 16:59, Navarro, Gregory J <Gregory.J.Navarro () disney com> wrote:
> Do you know of a valid login but just not the password.  If so just fuzz it with Burp

I have no credentials but even if I did I don't think Burp does NTLM,
for it to do it it would have to be able to work with the four way
handshake and I've not seen anywhere that that appears to be an
option. If you can point me at how to do it I'll happily try.

Robin

> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Robin Wood
> Sent: Thursday, May 24, 2012 6:08 AM
> To: Tony Turner; PaulDotCom Security Weekly Mailing List
> Cc: _; webappsec () securityfocus com
> Subject: Re: [Pauldotcom] hydra and HTTP NTLM
>
> On 24 May 2012 13:36, Tony Turner <tony_l_turner () yahoo com> wrote:
> > Have you tried http://www.foofus.net/~jmk/tools/FPbrute.pl yet? Or is there
> > a reason you wanted to use Hydra?
>
> I've tried that but it seems to expect the login request for a simple
> GET. I'm testing a FrontPage install which allows me to read but then
> fails on write. Checking the traffic when I click save it sends an
> OPTIONS request which gets a reply of 401 which triggers FP to then
> start the handshake.
>
> Robin
>
> > ________________________________
> > From: Robin Wood <robin () digininja org>
> > To: _ <packetnull () gmail com>
> > Cc: "webappsec () securityfocus com" <webappsec () securityfocus com>; PaulDotCom
> > Mailing List <pauldotcom () mail pauldotcom com>
> > Sent: Thursday, May 24, 2012 8:17 AM
> > Subject: Re: [Pauldotcom] hydra and HTTP NTLM
> >
> > On 24 May 2012 13:06, _ <packetnull () gmail com> wrote:
> > > http ntlm is IIS based windows auth.
> >
> > Yes but I still don't know how to attack it.
> >
> > Robin
> >
> > > On May 23, 2012, at 6:14 AM, Robin Wood <robin () digininja org> wrote:
> > >
> > > > Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
> > > > to brute force a MS Front Page login which only asks for
> > > > authentication when the OPTIONS method is used as far as I can tell.
> > > >
> > > > Robin
> > > >
> > > >
> > > >
> > > > This list is sponsored by Cenzic
> > > > --------------------------------------
> > > > Let Us Hack You. Before Hackers Do!
> > > > It's Finally Here - The Cenzic Website HealthCheck. FREE.
> > > > Request Yours Now!
> > > > http://www.cenzic.com/2009HClaunch_Securityfocus
> > > > --------------------------------------
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------