Re: brute-forcing NTLM HTTP Authentication

From: Dave Aitel (daitel@atstake.com)
Date: 09/29/01 

Message-ID: <3BB609A6.63D80F93@atstake.com>
Date: Sat, 29 Sep 2001 13:49:27 -0400
From: Dave Aitel <daitel@atstake.com>
To: Jason binger <cisspstudy@yahoo.com>
Subject: Re: brute-forcing NTLM HTTP Authentication

It's tunneled in a bastardized way through HTTP Auth: requests. You do a sort
of 3 way handshake. The best reference implementation I've found is in Squid,
which isn't that nice for what we want though.

This is the best documentation I found on the
subject: http://www.innovation.ch/java/ntlm.html

-dave

Jason binger wrote:

> Does anyone know of a tool or script out there that
> can brute-force NTLM web authentication that may be
> used on IIS or ISA server.
>
> I know IE explorer is the only browser that supports
> this auth method. Does anyone have any papers or link
> on how exactly it works? Is it just tunnelled using
> HTTP? Or does it use windows auth ports like TCP 139
> etc?
>
> I have looked around to no avail. RFP says it will be
> in whisker 2.0 but i need it now =]
>
> Any help appreciated.
>
> Jason
>
> __________________________________________________
> Do You Yahoo!?
> Listen to your Yahoo! Mail messages from any phone.
> http://phone.yahoo.com
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Quantcast