Web Application Security
Re: [Pauldotcom] hydra and HTTP NTLM May 25 2012 08:10PM
Robin Wood (robin digininja org)
On 25 May 2012 16:59, Navarro, Gregory J <Gregory.J.Navarro (at) disney (dot) com [email concealed]> wrote:
> Do you know of a valid login but just not the password.  If so just fuzz it with Burp

I have no credentials but even if I did I don't think Burp does NTLM,
for it to do it it would have to be able to work with the four way
handshake and I've not seen anywhere that that appears to be an
option. If you can point me at how to do it I'll happily try.

Robin

> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Robin Wood
> Sent: Thursday, May 24, 2012 6:08 AM
> To: Tony Turner; PaulDotCom Security Weekly Mailing List
> Cc: _; webappsec (at) securityfocus (dot) com [email concealed]
> Subject: Re: [Pauldotcom] hydra and HTTP NTLM
>
> On 24 May 2012 13:36, Tony Turner <tony_l_turner (at) yahoo (dot) com [email concealed]> wrote:
>> Have you tried http://www.foofus.net/~jmk/tools/FPbrute.pl yet? Or is there
>> a reason you wanted to use Hydra?
>
> I've tried that but it seems to expect the login request for a simple
> GET. I'm testing a FrontPage install which allows me to read but then
> fails on write. Checking the traffic when I click save it sends an
> OPTIONS request which gets a reply of 401 which triggers FP to then
> start the handshake.
>
> Robin
>
>> ________________________________
>> From: Robin Wood <robin (at) digininja (dot) org [email concealed]>
>> To: _ <packetnull (at) gmail (dot) com [email concealed]>
>> Cc: "webappsec (at) securityfocus (dot) com [email concealed]" <webappsec (at) securityfocus (dot) com [email concealed]>; PaulDotCom
>> Mailing List <pauldotcom (at) mail.pauldotcom (dot) com [email concealed]>
>> Sent: Thursday, May 24, 2012 8:17 AM
>> Subject: Re: [Pauldotcom] hydra and HTTP NTLM
>>
>> On 24 May 2012 13:06, _ <packetnull (at) gmail (dot) com [email concealed]> wrote:
>>> http ntlm is IIS based windows auth.
>>
>> Yes but I still don't know how to attack it.
>>
>> Robin
>>
>>> On May 23, 2012, at 6:14 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
>>>
>>>> Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
>>>> to brute force a MS Front Page login which only asks for
>>>> authentication when the OPTIONS method is used as far as I can tell.
>>>>
>>>> Robin
>>>>
>>>>
>>>>
>>>> This list is sponsored by Cenzic
>>>> --------------------------------------
>>>> Let Us Hack You. Before Hackers Do!
>>>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>>>> Request Yours Now!
>>>> http://www.cenzic.com/2009HClaunch_Securityfocus
>>>> --------------------------------------
>>>>
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom (at) mail.pauldotcom (dot) com [email concealed]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>>
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom (at) mail.pauldotcom (dot) com [email concealed]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus