Nathaniel, On Tue, Apr 9, 2013 at 12:19 PM, Nathaniel Cole <[email protected]>wrote:
> Just performed some additional testing and am unable to get NTLMv2 to > work with w3af. Tried a couple of different sites and was unable to > authenticate to the site to complete the testing via w3af.**** > > Thanks for the help > Ok, so I documented this in the source code [0] and added an issue for the future [1]. Feel free to work on issue #201 any day of the week ;) [0] https://github.com/andresriancho/w3af/commit/be9c16c0c67836617cde94cf45ccedddaf627518 [1] https://github.com/andresriancho/w3af/issues/201 > **** > > ** ** > > ** ** > > ** ** > > *From:* Andres Riancho [mailto:[email protected]] > *Sent:* Tuesday, March 26, 2013 7:24 AM > *To:* Nathaniel Cole > *Cc:* [email protected] > *Subject:* Re: [W3af-users] NTLMv2 Authentication**** > > ** ** > > Nathaniel,**** > > ** ** > > On Mon, Mar 25, 2013 at 6:15 PM, Nathaniel Cole <[email protected]> > wrote:**** > > I have reviewed the manual, looked through postings and am having some > issues with setting up Auth credentials for an internal site that utilizes > NTLMv2. I’m currently setting all the correct credentials in the HTTP > Config under NTLM but wasn’t sure if this would work for NTLMv2. Does > anyone know how I would go about doing this?**** > > ** ** > > For what I can see in our tests [0] and source code [1], it seems that we > only support ntlm_v1 , BUT I'm not 100% sure about this. What I can tell > you is that we support ntlmv1, and that it's tested and works. Regarding > ntlm v2, the library we use for supporting this is python-ntlm [2] which > might be the place to look for support.**** > > ** ** > > I would recommend you test w3af against a v2 site, if it works you let us > know and we'll be happy to document it :) If it doesn't work, we'll also > document that by adding a github issue.**** > > ** ** > > [0] > https://github.com/andresriancho/w3af/blob/threading2/core/data/url/tests/test_xurllib_integration.py > **** > > [1] > https://github.com/andresriancho/w3af/blob/threading2/core/data/url/handlers/ntlm_auth.py > **** > > [2] https://code.google.com/p/python-ntlm/**** > > ** ** > > **** > > **** > > *Nathaniel Cole | Information Security Engineer | Jack Henry & Associates* > 10910 W. 87th Street | Lenexa, KS 66214 > Voice: 913.341.3434 | E-mail: [email protected]**** > > [image: Description: Description: Description: > cid:[email protected]]**** > > **** > > NOTICE: This electronic mail message and any files transmitted with it are > intended > exclusively for the individual or entity to which it is addressed. The > message, > together with any attachment, may contain confidential and/or privileged > information. > Any unauthorized review, use, printing, saving, copying, disclosure or > distribution > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email and delete all copies.**** > > > > ------------------------------------------------------------------------------ > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users**** > > > > **** > > ** ** > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3**** > > NOTICE: This electronic mail message and any files transmitted with it are > intended > exclusively for the individual or entity to which it is addressed. The > message, > together with any attachment, may contain confidential and/or privileged > information. > Any unauthorized review, use, printing, saving, copying, disclosure or > distribution > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email and delete all copies. > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3
<<image001.jpg>>
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
