Re: brute-forcing NTLM HTTP Authentication

From: Denis Ducamp (Denis.Ducamp@hsc.fr)
Date: 09/29/01 

Date: Sat, 29 Sep 2001 20:54:54 +0200
From: Denis Ducamp <Denis.Ducamp@hsc.fr>
To: pen-test@securityfocus.com
Subject: Re: brute-forcing NTLM HTTP Authentication
Message-ID: <20010929205454.D29542@hsc.fr>

On Fri, Sep 28, 2001 at 05:43:44PM -0700, Jason binger wrote:
> Does anyone know of a tool or script out there that
> can brute-force NTLM web authentication that may be
> used on IIS or ISA server.
>
> I know IE explorer is the only browser that supports
> this auth method. Does anyone have any papers or link
> on how exactly it works? Is it just tunnelled using
> HTTP? Or does it use windows auth ports like TCP 139
> etc?

You may take a look at fetchmail, it can make NTLM auth to IMAP servers. A
long time ago I tried to do it manually against an IIS and the same way
worked fine. I then wanted to write a patch to lynx to do ntlm auth but
never did it :(

You have to get the algorithm in fetchmail and may get some code from
fetchmail or from titi "a set of password crypters"
<http://www.groar.org/groar/#s4> (last test version is stable ;) .

Denis Ducamp. 

-- 
 Denis.Ducamp@hsc.fr --- Hervé Schauer Consultants --- http://www.hsc.fr/
 Owl/Openwall/snort/hping/dsniff en français   http://www.groar.org/trad/
            Owl en français    http://www.openwall.com/Owl/fr/
 Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages