Hosting Provided By

Re: IIS 5.0 with Integrated Window Authentication

From: <cc_mofo(at)hushmail.com>
Date: Tue Nov 12 2002 - 18:34:02 EST

One last followup to this.

Using APS, I was able to detect and exploit a web app authentication design flaw (don't trust those cookies, kids, especially ones named something like "userid") in the target app.

I discovered some interesting behavior with IIS and IWA/NTLM. IIS *sometimes* closes the connection after telling the browser to use NTLM. It appears that several of the web proxy tools out there assume that the connection will stay open. Whisker has NTLM support, but I was unable to get it to work.

I worked with Dave Aitel to get SPIKE Proxy to support this behavior as well. SPIKE Proxy now works with NTLM at my site. Using SPIKE's UI I can now demo this exploit to developers and management more effectively (whereas with APS I had to manually insert Python code).

On Thu, 07 Nov 2002 13:25:56 -0800 cc_mofo@hushmail.com wrote:
>Thanks to everyone for the responses. I've gotten APS up and running

Get your free encrypted email at https://www.hushmail.com Received on Wed Nov 13 05:13:08 2002

This message: [ Message body ]
Next message: Mark Curphey: "OWASP Security RUP Plug-in and Java App Server Security Config Guides"
Previous message: Martin Wasson: "nikto output question"
Maybe in reply to: cc_mofo(at)hushmail.com: "IIS 5.0 with Integrated Window Authentication"
In reply to cc_mofo(at)hushmail.com: "Re: IIS 5.0 with Integrated Window Authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT

Do you need help?