WebApp Sec mailing list archives
RE: [Pauldotcom] hydra and HTTP NTLM
From: "Navarro, Gregory J" <Gregory.J.Navarro () disney com>
Date: Fri, 25 May 2012 08:59:04 -0700
Do you know of a valid login but just not the password. If so just fuzz it with Burp From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Robin Wood Sent: Thursday, May 24, 2012 6:08 AM To: Tony Turner; PaulDotCom Security Weekly Mailing List Cc: _; webappsec () securityfocus com Subject: Re: [Pauldotcom] hydra and HTTP NTLM On 24 May 2012 13:36, Tony Turner <tony_l_turner () yahoo com> wrote:
Have you tried http://www.foofus.net/~jmk/tools/FPbrute.pl yet? Or is there a reason you wanted to use Hydra?
I've tried that but it seems to expect the login request for a simple GET. I'm testing a FrontPage install which allows me to read but then fails on write. Checking the traffic when I click save it sends an OPTIONS request which gets a reply of 401 which triggers FP to then start the handshake. Robin
________________________________ From: Robin Wood <robin () digininja org> To: _ <packetnull () gmail com> Cc: "webappsec () securityfocus com" <webappsec () securityfocus com>; PaulDotCom Mailing List <pauldotcom () mail pauldotcom com> Sent: Thursday, May 24, 2012 8:17 AM Subject: Re: [Pauldotcom] hydra and HTTP NTLM On 24 May 2012 13:06, _ <packetnull () gmail com> wrote:http ntlm is IIS based windows auth.Yes but I still don't know how to attack it. RobinOn May 23, 2012, at 6:14 AM, Robin Wood <robin () digininja org> wrote:Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying to brute force a MS Front Page login which only asks for authentication when the OPTIONS method is used as far as I can tell. Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- hydra and HTTP NTLM Robin Wood (May 23)
- Re: hydra and HTTP NTLM _ (May 24)
- Re: hydra and HTTP NTLM Robin Wood (May 24)
- Message not available
- Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 24)
- RE: [Pauldotcom] hydra and HTTP NTLM Navarro, Gregory J (May 25)
- Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 25)
- Message not available
- Re: [Pauldotcom] hydra and HTTP NTLM Robin Wood (May 29)
- Re: hydra and HTTP NTLM Robin Wood (May 24)
- Re: hydra and HTTP NTLM _ (May 24)
- Re: hydra and HTTP NTLM _ (May 24)
- RES: hydra and HTTP NTLM Fábio Soto (May 29)
- Re: hydra and HTTP NTLM Robin Wood (May 25)
- Re: hydra and HTTP NTLM Gary Oleary-Steele (May 29)
- Re: hydra and HTTP NTLM Robin Wood (May 29)