Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > webappsec > 02 > 110002.html (Request Expert securityfocus.com Support)

RE: IIS 5.0 with Integrated Window Authentication

From: Michael Howard <mikehow(at)microsoft.com>
Date: Wed Nov 06 2002 - 16:45:56 EST


The easiest way, *by far*, is to write a C# app using the System.Net.WebClient class.

Another tool is wfetch
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q284285&

Cheers, Michael
Secure Windows Initiative
Writing Secure Code
http://www.microsoft.com/mspress/books/5612.asp

-----Original Message-----

From: cc_mofo@hushmail.com [mailto:cc_mofo@hushmail.com] Sent: Wednesday, November 06, 2002 12:15 PM To: pen-test@securityfocus.com; webappsec@securityfocus.com Subject: IIS 5.0 with Integrated Window Authentication

-----BEGIN PGP SIGNED MESSAGE-----
I'm doing a security review and penetration test of a site running on IIS with Integrated Windows Authentication. Anyone know of an IIS Scanner that can do an IWA exchange before scanning?

The SPIKE proxy looks promising, but it appears the NTLM support is not quite "there" yet for this purpose. The goofy three-message exchange that sets up the NTLM security doesn't seem to make it through the proxy, which leads me to believe that any tool that will work for this must have intentionally added support for IWA.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlwEARECABwFAj3JeFQVHGNjX21vZm9AaHVzaG1haWwuY29tAAoJEDsVajchvitlDKIA n1atyjW01supq8g9YhQqS3xC013lAJ9BjVmoqZOorkOOFLrjNEns9Ao4qw== =O5GH
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com Received on Wed Nov 6 18:05:07 2002

Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library