Web Application Security Mode:
(Page 7 of 330)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
Pentesting attacks 2012-07-25
ITlook (madziak12 vp pl)


- Zed Attack Proxy - see what it;s all about!
- Understand how A Wireless (802.11) Probe Request Based Attack works
- How to secure users from Phishing, Smishing & Social Media Attacks
- Cyber war... Is the digital apocalypse approaching?
- Original â??security through obscurity" viz. SCADA penetr

[ more ]  [ reply ]
winAUTOPWN v3.1 Released 2012-06-20
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.1

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a
Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.
C4 - WAST gives users the freedom to select ind

[ more ]  [ reply ]
EUSecWest 2012 - Amsterdam, Sept 19/20 featuring Mobile PWN2OWN - CFP Deadline June 15 2012-06-05
Dragos Ruiu (dr kyx net)
EUSecWest 2012, Amsterdam, September 19/20, Featuring Mobile PWN2OWN
CALL FOR PAPERS - Deadline June 15 2012

   AMSTERDAM, Nederland -- The seventh annual EUSecWest
   applied technical security conference - where the eminent
   figures in the international security industry get
   together share b

[ more ]  [ reply ]
Re: [Pauldotcom] hydra and HTTP NTLM 2012-05-26
Robin Wood (robin digininja org)
On 25 May 2012 21:59, Sherif El-Deeb <archeldeeb (at) gmail (dot) com [email concealed]> wrote:
> Back when nothing was supporting Outlook Web Access bruteforcing, I've
> written a simple bash script that automated the process using "curl"... I
> suggest you do the same.
>
> "curl --ntlm" -> it will be two nested for loops, the

[ more ]  [ reply ]
Re: hydra and HTTP NTLM 2012-05-25
Robin Wood (robin digininja org)
On 25 May 2012 08:55, Jamie Riden <jamie.riden (at) gmail (dot) com [email concealed]> wrote:
> On 23 May 2012 13:14, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
>> Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
>> to brute force a MS Front Page login which only asks for
>> authentication when the OPTIONS met

[ more ]  [ reply ]
Re: hydra and HTTP NTLM 2012-05-25
Robin Wood (robin digininja org) (1 replies)
On 25 May 2012 13:52, Security Auditor <auditor.sec (at) gmail (dot) com [email concealed]> wrote:
> Hi,
> I would say use an interceptor proxy which can handle this stuff
> easily. For example burp, ZAP or others.
>
> I played with hydra on DVWA app and could not succeed at bruting.....
>
> hope this helps

I don't know a way

[ more ]  [ reply ]
Re: hydra and HTTP NTLM 2012-05-27
Gary Oleary-Steele (GaryO sec-1 com) (1 replies)
Re: hydra and HTTP NTLM 2012-05-27
Robin Wood (robin digininja org)
Re: [Pauldotcom] hydra and HTTP NTLM 2012-05-25
Robin Wood (robin digininja org)
On 25 May 2012 16:59, Navarro, Gregory J <Gregory.J.Navarro (at) disney (dot) com [email concealed]> wrote:
> Do you know of a valid login but just not the password.  If so just fuzz it with Burp

I have no credentials but even if I did I don't think Burp does NTLM,
for it to do it it would have to be able to work with the four

[ more ]  [ reply ]
Re: hydra and HTTP NTLM 2012-05-25
Norma Snockers (norma snockers hotmail co uk)
Ok not what you were originally asking but I used to use tsgrinder

-----Original Message-----

From: Robin Wood
Sent: 25 May 2012 03:33:31 GMT
To: _
Cc: webappsec (at) securityfocus (dot) com [email concealed],PaulDotCom Mailing List
Subject: Re: hydra and HTTP NTLM

On 24 May 2012 13:06, _ <packetnull (at) gmail (dot) com [email concealed]> wrote:
> http

[ more ]  [ reply ]
Re: hydra and HTTP NTLM 2012-05-24
_ (packetnull gmail com)
what kind of attack have you done so far?

On May 24, 2012, at 6:17 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:

> On 24 May 2012 13:06, _ <packetnull (at) gmail (dot) com [email concealed]> wrote:
>> http ntlm is IIS based windows auth.
>
> Yes but I still don't know how to attack it.
>
> Robin
>
>> On May 23, 2012, at 6:1

[ more ]  [ reply ]
Re: [Pauldotcom] hydra and HTTP NTLM 2012-05-24
Robin Wood (robin digininja org) (1 replies)
On 24 May 2012 13:36, Tony Turner <tony_l_turner (at) yahoo (dot) com [email concealed]> wrote:
> Have you tried http://www.foofus.net/~jmk/tools/FPbrute.pl yet? Or is there
> a reason you wanted to use Hydra?

I've tried that but it seems to expect the login request for a simple
GET. I'm testing a FrontPage install which allow

[ more ]  [ reply ]
RE: [Pauldotcom] hydra and HTTP NTLM 2012-05-25
Navarro, Gregory J (Gregory J Navarro disney com)
hydra and HTTP NTLM 2012-05-23
Robin Wood (robin digininja org) (4 replies)
Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
to brute force a MS Front Page login which only asks for
authentication when the OPTIONS method is used as far as I can tell.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Befor

[ more ]  [ reply ]
Re: hydra and HTTP NTLM 2012-05-25
Jamie Riden (jamie riden gmail com)
Re: hydra and HTTP NTLM 2012-05-25
Security Auditor (auditor sec gmail com)
Re: hydra and HTTP NTLM 2012-05-23
Seth Art (sethsec gmail com) (1 replies)
RES: hydra and HTTP NTLM 2012-05-26
Fábio Soto (fabio andradesoto com br)
Re: hydra and HTTP NTLM 2012-05-24
_ (packetnull gmail com) (1 replies)
Re: hydra and HTTP NTLM 2012-05-24
Robin Wood (robin digininja org)
t2'12: Call for Papers 2012 (Helsinki / Finland) 2012-05-11
Tomi Tuominen (tomi tuominen t2 fi)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25

[ more ]  [ reply ]
A survey on web application attacks 2012-05-10
Hannes Holm (Hannes Holm ics kth se)
Hi webappsec subscribers,

I am researching the domain consensus regarding the effectiveness of different web application firewalls (WAF)s and would be glad if you could spare a few minutes of your time to answer a survey on the topic.

By completing this survey you will:

* Help build valuable d

[ more ]  [ reply ]
Abusing Password Managers with XSS 2012-04-25
mastah yeti (mastahyeti gmail com)
New post on abusing password managers through xss.
http://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/

--
-mastahyeti

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthChe

[ more ]  [ reply ]
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!) 2012-04-23
Hafez Kamal (aphesz hackinthebox org)
The 8th issue of the HITB Quarterly Magazine is now available for download!

http://magazine.hitb.org/

This edition is a little bit 'lighter' than previous issues as the
editorial team is busy working on an extra special release for our 10th
year anniversary conference in October, HITBSecConf2012 -

[ more ]  [ reply ]
Ruxcon 2012 Call For Papers 2012-04-19
cfp ruxcon org au
Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the

[ more ]  [ reply ]
Passwords^12 : Call for Presentations 2012-04-15
Per Thorsheim (per thorsheim net)
For the third time I am happy to announce a Call for Presentations for
Passwords^12.

Passwords^12 will be held at the University of Oslo (Norway) on December
3-4, 2012. The 2-day conference will be free and open for anyone to
attend. Please do note that our primary audience will be academics and
se

[ more ]  [ reply ]
winAUTOPWN v3.0 Released 2012-04-17
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.0

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a
Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.
C4 - WAST gives users the freedom to select individ

[ more ]  [ reply ]
SEC Consult whitepaper :: The Source Is A Lie 2012-04-17
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab released a new whitepaper titled:
"The Source Is A Lie"

Abstract:
---------
Backdoors have always been a concern of the security community. In
recent years the idea of not trusting the developer has gained momentum
and manifested itself in various forms of source code

[ more ]  [ reply ]
OWASP ZAP 1.4.0 released 2012-04-08
psiinon (psiinon gmail com)
Hi folks,

I'm very pleased to announce that version 1.4.0 of the OWASP Zed
Attack Proxy (ZAP) has now been released.

This release adds the following main features:
* Syntax highlighting
* fuzzdb integration
* Parameter analysis
* Enhanced XSS scanner
* A port of some of the Watcher checks
* Plugab

[ more ]  [ reply ]
(Page 7 of 330)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus