ZackAttack - Firesheep NTLM Authentication relaying - Hacking Tools Download Download Hacking Tools at 'Tools Yard': ZackAttack - Firesheep NTLM Authentication relaying

ZackAttack - Firesheep NTLM Authentication relaying

Labels:
, , , , ,

It is a new toolkit that helps you with NTLM (NT LAN Manager) security protocol relaying. Not pass the hash kinds, but more on the lines of cross protocol relaying and allow clients to get MS Windows clients to automatically authenticate and relay hashes to via cross protocol relaying.

What is NTLM relaying?
It is a mechanism to relay authentication requests to another target. Interestingly, it does not require an administrative access which means it can be done by any client having no previous access on the network or the system – think a “guest” user! Again with almost all protocols, there is no authentication on the part of the client or the server either – think ARP spoofing.

Though, ZackAttack! is not exactly what it aims to be – FireSheep for NTLM authentication, we know it sure will be soon with the amount of efforts Zack Fasel is putting in.

Components of ZackAttack:
  • The Rogue Servers - HTTP and SMB. These get the auth requests and keep recycling them
  • The Clients - These connect to target servers and request NTLM creds from the Rogue Servers
  • The Rules - Define auto actions to perform upon seeing a user.
  • The Payloads - Methods to get users to autoauth with Integrated Windows Auth ergo not prompting the user for auth.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Saturday, September 01, 2012  

The Hacker News - Daily Updates