WebApp Sec: IIS 5.0 with Integrated Window Authentication

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

IIS 5.0 with Integrated Window Authentication

From: cc_mofo () hushmail com
Date: Wed, 6 Nov 2002 12:15:11 -0800


-----BEGIN PGP SIGNED MESSAGE-----

I'm doing a security review and penetration test of a site running on IIS with Integrated Windows Authentication.  
Anyone know of an IIS Scanner that can do an IWA exchange before scanning?

The SPIKE proxy looks promising, but it appears the NTLM support is not quite "there" yet for this purpose.  The goofy 
three-message exchange that sets up the NTLM security doesn't seem to make it through the proxy, which leads me to 
believe that any tool that will work for this must have intentionally added support for IWA.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlwEARECABwFAj3JeFQVHGNjX21vZm9AaHVzaG1haWwuY29tAAoJEDsVajchvitlDKIA
n1atyjW01supq8g9YhQqS3xC013lAJ9BjVmoqZOorkOOFLrjNEns9Ao4qw==
=O5GH
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

By Date By Thread

Current thread:

IIS 5.0 with Integrated Window Authentication cc_mofo (Nov 06)
- Re: IIS 5.0 with Integrated Window Authentication Haroon Meer (Nov 06)
  - RE: IIS 5.0 with Integrated Window Authentication Jason Coombs (Nov 07)
    - Re: IIS 5.0 with Integrated Window Authentication Dave Aitel (Nov 07)
    - Re: [Spike] Re: IIS 5.0 with Integrated Window Authentication Dave Aitel (Nov 08)
- Re: IIS 5.0 with Integrated Window Authentication Sebastian Flothow (Nov 07)