IIS 5.0 with Integrated Window Authentication
From: cc_mofo@hushmail.comDate: 11/06/02
- Previous message: Dave Aitel: "Re: [Spike] Re: IIS 5.0 with Integrated Window Authentication"
- Next in thread: Kevin Spett: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Kevin Spett: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Sebastian Flothow: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Jason Coombs: "RE: IIS 5.0 with Integrated Window Authentication"
- Reply: Haroon Meer: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: cc_mofo@hushmail.com: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Michael Howard: "RE: IIS 5.0 with Integrated Window Authentication"
- Reply: cc_mofo@hushmail.com: "Re: IIS 5.0 with Integrated Window Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Nov 2002 12:15:11 -0800 To: pen-test@securityfocus.com, webappsec@securityfocus.com From: cc_mofo@hushmail.com
-----BEGIN PGP SIGNED MESSAGE-----
I'm doing a security review and penetration test of a site running on IIS with Integrated Windows Authentication. Anyone know of an IIS Scanner that can do an IWA exchange before scanning?
The SPIKE proxy looks promising, but it appears the NTLM support is not quite "there" yet for this purpose. The goofy three-message exchange that sets up the NTLM security doesn't seem to make it through the proxy, which leads me to believe that any tool that will work for this must have intentionally added support for IWA.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlwEARECABwFAj3JeFQVHGNjX21vZm9AaHVzaG1haWwuY29tAAoJEDsVajchvitlDKIA
n1atyjW01supq8g9YhQqS3xC013lAJ9BjVmoqZOorkOOFLrjNEns9Ao4qw==
=O5GH
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Dave Aitel: "Re: [Spike] Re: IIS 5.0 with Integrated Window Authentication"
- Next in thread: Kevin Spett: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Kevin Spett: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Sebastian Flothow: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Jason Coombs: "RE: IIS 5.0 with Integrated Window Authentication"
- Reply: Haroon Meer: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: cc_mofo@hushmail.com: "Re: IIS 5.0 with Integrated Window Authentication"
- Reply: Michael Howard: "RE: IIS 5.0 with Integrated Window Authentication"
- Reply: cc_mofo@hushmail.com: "Re: IIS 5.0 with Integrated Window Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
