NTLM SSP Authentication

One may have encountered a Basic Authentication when navigating to a certain restricted path on a website. This explains how an adversary may receive some information about the webserver that runs the application!

Internal Information Disclosure Link

Structure Image

Exploitation

Navigate to a URL protected by a Basic Authentication

Basic Authentication Image

Send in incorrect credentials (testing used admin:admin) and note the WWW-Authenticate header in the response:

NTLM Response Image

If not already installed in burp - Use NTML Challenge Decoder Extension or NTML-info Extension to aid in the decoding of the value received:

Internal Info Image