I haven't attempted any ntlm web app brute forcing myself, but I mis-spelled a google search and it looks like webslayer supports ntlm auth (well they spelled it ntml, but I'm guessing it was meant ntlm).
http://code.google.com/p/webslayer/ Might be able to fiddle something into wfuzz as well if you know what a good authentication should look like... wfuzz.py --ntlm auth : in format "domain\user:pass" or "domain\FUZ2Z:FUZZ" http://code.google.com/p/wfuzz/ On Fri, May 25, 2012 at 1:10 PM, Robin Wood <[email protected]> wrote: > On 25 May 2012 16:59, Navarro, Gregory J <[email protected]> > wrote: > > Do you know of a valid login but just not the password. If so just fuzz > it with Burp > > I have no credentials but even if I did I don't think Burp does NTLM, > for it to do it it would have to be able to work with the four way > handshake and I've not seen anywhere that that appears to be an > option. If you can point me at how to do it I'll happily try. > > Robin > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
