Penetration Testing: Re: IIS 5.0 with Integrated Window Authentication

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: IIS 5.0 with Integrated Window Authentication

From: Sebastian Flothow <sebastian () flothow de>
Date: Wed, 6 Nov 2002 23:27:54 +0100

The goofy three-message exchange that sets up the NTLM security doesn'tseem to make it through the proxy,

AFAIK, NTLM _can_ _not_ work through proxies, by design. It seems itincludes the client's IP address, which then doesn't match that of theproxy (which is the client from the server's point of view), orsomething similar.



Sebastian

--
Sebastian Flothow
sebastian () flothow de
#include <stddisclaimer.h>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

By Date By Thread

Current thread:

IIS 5.0 with Integrated Window Authentication cc_mofo (Nov 07)
- Re: IIS 5.0 with Integrated Window Authentication Kevin Spett (Nov 07)
- Re: IIS 5.0 with Integrated Window Authentication Sebastian Flothow (Nov 08)
  - Re: IIS 5.0 with Integrated Window Authentication Dave Aitel (Nov 07)
  - Re: IIS 5.0 with Integrated Window Authentication sunzi (Nov 07)
- Re: IIS 5.0 with Integrated Window Authentication Haroon Meer (Nov 08)
  - RE: IIS 5.0 with Integrated Window Authentication Jason Coombs (Nov 08)
    - Re: IIS 5.0 with Integrated Window Authentication Dave Aitel (Nov 07)