Web Application Security
Re: hydra and HTTP NTLM May 25 2012 12:59PM
Robin Wood (robin digininja org) (1 replies)
Re: hydra and HTTP NTLM May 27 2012 08:44AM
Gary Oleary-Steele (GaryO sec-1 com) (1 replies)
Re: hydra and HTTP NTLM May 27 2012 10:09PM
Robin Wood (robin digininja org)
On 27 May 2012 09:44, Gary Oleary-Steele <GaryO (at) sec-1 (dot) com [email concealed]> wrote:
> Robin,
>
> I have a ruby script for this somewhere, it's integrated with our scanner system but I'll see if I can pull the code to use as standalone. If I were you though I'd use python with urllib2, has ntlm support via an extension (or "opener" as the are known), also ruby http libs support ntlm. The protocol for frontpage is simple to replicate for what you need, I'll send u an example on Monday.

Brilliant, thanks.

Robin

>
> Gary
>
> Sent from my iPhone
>
> On 26 May 2012, at 01:04, "Robin Wood" <robin (at) digininja (dot) org [email concealed]> wrote:
>
>> On 25 May 2012 13:52, Security Auditor <auditor.sec (at) gmail (dot) com [email concealed]> wrote:
>>> Hi,
>>> I would say use an interceptor proxy which can handle this stuff
>>> easily. For example burp, ZAP or others.
>>>
>>> I played with hydra on DVWA app and could not succeed at bruting.....
>>>
>>> hope this helps
>>
>> I don't know a way to get Burp to brute force NTLM, can ZAP do it? Any
>> instructions would be gratefully received.
>>
>> Robin
>>
>>> cheers
>>>
>>> Audi
>>>
>>> On Wed, May 23, 2012 at 2:14 PM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
>>>> Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
>>>> to brute force a MS Front Page login which only asks for
>>>> authentication when the OPTIONS method is used as far as I can tell.
>>>>
>>>> Robin
>>>>
>>>>
>>>>
>>>> This list is sponsored by Cenzic
>>>> --------------------------------------
>>>> Let Us Hack You. Before Hackers Do!
>>>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>>>> Request Yours Now!
>>>> http://www.cenzic.com/2009HClaunch_Securityfocus
>>>> --------------------------------------
>>>>
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
> ########################################################################
#############
> Scanned by MailMarshal - M86 Security's comprehensive email content security solution.
> For details on purchasing MailMarshal or alternative Mail Security products please
> contact our Sales Team on 0113 257 8955 Option 1
> ########################################################################
#############

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus