From: Justin Dearing (justind@invision.net)
Date: Fri Mar 10 2006 - 10:41:56 EST
This form of authentication is a Microsoft proprietary extension to http
that apparently uses some kind of challenge response it was called NTML
but in IIS 6 was rebranded Integrated Windows Authentication.
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/I
IS/523ae943-5e6a-4200-9103-9808baa00157.mspx
The previous technote provides some information. It does not go into
protocol implementation details but will give you a bit more info to
know what to ask google.
As to how to brute force test it, I would recommend getting a bute
forcer that supports that protocol.
-----Original Message-----
From: Bryan Miller [mailto:BMiller@sycomtech.com]
Sent: Friday, March 10, 2006 9:30 AM
To: pen-test@lists.securityfocus.com
Subject: OWA configurations
In doing pen tests against various configurations of OWA, I have seen
two major flavors. One, you receive the standard authentication request
for a username and password. In those cases if you have a specific
domain you can prepend it to the domain name. Other times you see the
request for a username, password and domain name as three separate
inputs. In the second case can I prepend the domain name to the login
name, or am I required to enter all 3 pieces of information separately?
Am I correct in assuming that the choice of which form of authentication
you receive is set by the administrator? If I have to enter all 3
pieces of information separately, does anyone know of a tool to do this?
Brutus/Hydra....tried both and neither has the option of specifying the
domain name as part of the brute force attempt.
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to
proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic
Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------
------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:40 EDT