|
Penetration Testing
mailing list archives
Re: IIS 5.0 with Integrated Window Authentication
From: Dave Aitel <dave () immunitysec com>
Date: Thu, 7 Nov 2002 14:35:23 -0500
Hmm. My basterdized SPIKE Proxy NTLM auth does, in fact, work through
the proxy though.
Client->SPIKE Proxy->Server
Where Client is sending Proxy-Authorization, and SPIKE Proxy is
translating that into Authorization: and sending it to the server and so
on. I get access on IIS 5.0, at least.
-dave
On Wed, 6 Nov 2002 23:27:54 +0100
Sebastian Flothow <sebastian () flothow de> wrote:
The goofy three-message exchange that sets up the NTLM security
doesn't seem to make it through the proxy,
AFAIK, NTLM _can_ _not_ work through proxies, by design. It seems it
includes the client's IP address, which then doesn't match that of the
proxy (which is the client from the server's point of view), or
something similar.
Sebastian
--
Sebastian Flothow
sebastian () flothow de
#include <stddisclaimer.h>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
| 
Intro
