[Nikto-discuss] nikto 2 against https + ntlm

Michael Alipio daem0nb0y at yahoo.com
Wed Apr 23 13:07:44 UTC 2008


I'm trying to run nikto against a webserver running
https and ntlm authentication.

perl nikto.pl -h example.com -p 443 -i
'myuser:mypass:' -D V

+ ERROR: 'myuser:mypass:domain' (-i option) syntax is
'user:password' or 'user:password:domain' for host

After reading about how NTLM works, still it's not
clear to me whether the server is sending that detail
(domain) to the client. But as far as i can
understand, the client has to know the domain in order
to authenticate to the ntlm server. I suspect this is
the reason why authentication is failing. I'm not sure
how to get the server's domain so i just left the
domain empty after "mypass" Also, i've read the manual
of both 1.36 and 2 and only in 1.36 they mentioned
about ntlm authentication. Could it be that in ntlm
authentication is no longer supported in v2? also we
have given valid login accounts and with the use of
burpsuite i can successfully authenticate ntlm without
providing the domain.

So.. any idea where i should look into??


Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the Nikto-discuss mailing list