|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Michael Howard (mikehow_at_microsoft.com)
Date: Wed Nov 06 2002 - 15:45:56 CST
The easiest way, *by far*, is to write a C# app using the
System.Net.WebClient class.
Another tool is wfetch
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q284285&
Cheers, Michael
Secure Windows Initiative
Writing Secure Code
http://www.microsoft.com/mspress/books/5612.asp
-----Original Message-----
From: cc_mofo
hushmail.com [mailto:cc_mofohushmail.com]
Sent: Wednesday, November 06, 2002 12:15 PM
To: pen-testsecurityfocus.com; webappsecsecurityfocus.com
Subject: IIS 5.0 with Integrated Window Authentication
-----BEGIN PGP SIGNED MESSAGE-----
I'm doing a security review and penetration test of a site running on
IIS with Integrated Windows Authentication. Anyone know of an IIS
Scanner that can do an IWA exchange before scanning?
The SPIKE proxy looks promising, but it appears the NTLM support is not
quite "there" yet for this purpose. The goofy three-message exchange
that sets up the NTLM security doesn't seem to make it through the
proxy, which leads me to believe that any tool that will work for this
must have intentionally added support for IWA.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlwEARECABwFAj3JeFQVHGNjX21vZm9AaHVzaG1haWwuY29tAAoJEDsVajchvitlDKIA
n1atyjW01supq8g9YhQqS3xC013lAJ9BjVmoqZOorkOOFLrjNEns9Ao4qw==
=O5GH
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]