ntlm
NTLM Authentication Vulnerability N/A
Web Client NTLM Authentication Vulnerability bug repair. more>> Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a web server.<<less
Content Filter Web Proxy SafeSquid ntlm.RC1.0
Internet Proxy Server with antivirus and Web Filter for Internet security, Cache, IP based Access Control, Authentication, Block - website access with URL blacklist and keywords; Block music, videos, flash, java applets, messengers, cookies, activex more>>
SafeSquid is a Free Content Filter Web Proxy Server. SafeSquid Content Filter Web Proxy has a BROWSER BASED INTERFACE. SafeSquid Content Filter Web Proxy Servers multi-threaded architecture, delivers industrys FASTEST THROUGHPUT, even while providing extreme content analysis and security. SafeSquid Content Filter Web Proxy Server has an intelligent DNS cache, an extremely manageable content CACHE system, and configurable content pre-fetching that allows fast browsing of often viewed web-sites.
SafeSquid Content Filter Web Proxy Server lets you create unlimited and extremely granular Internet Policies to define and deal with unlimited number of unique factors depending upon user / network / web-site / mime-type / size / time etc. SafeSquid Content Filter Web Proxy Server allows you to create unlimited number of policies for allowing or BLOCKING SPECIFIC CONTENT, like music, ActiveX, JavaScripts, advertisement banners, etc., and even any part of the protocol header to ensure graded exchange of private information, from each web-site. Real-time text analysis and Image analysis besides categorized web-site databases ensure complete blocking of PORNOGRAPHY or replacing specific parts.
SafeSquid Content Filter Web Proxy Server can authenticate USERS from a remote WINDOWS ADS / OpenLDAP servers. SafeSquid Content Filter Web Proxy Server can THROTTLE SPEED for low priority users or applications. You can use a variety of ANTIVIRUS Software like ClamAV and any other ICAP based antivirus to stop viruses before they reach the client systems. SafeSquid allows you to customize the various templates, that are displayed when access or content is denied to the user. SafeSquids logs can be analyse to create a exhaustive USER ACTIVITY REPORTS.
SafeSquid is backed by a very responsive and committed customer support. Various SafeSquid editions are available to serve small 20 user networks or thousands of concurrent users. SafeSquid has special features for use in CLUSTERS.
System Requirements: Linux, kernel 2.6 or higher & glibc 2.4 or higher
Enhancements: Added support for NTLM authentication for validating SSO credentials of users
<<lessMicrosoft Windows 2000 Patch: Web Client NTLM Auth
This update resolves the Web Client NTLM Authentication security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001 more>> This update resolves the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials.
Under specific conditions, this vulnerability allows a malicious Web site operator to obtain the cryptographically protected logon credentials of a visiting user. This is because the security settings for WEC components are set to incorrect levels, which allows your computer to send information about your authentication credentials to remote Web applications.
The vulnerability exists because WEC, which allows Internet Explorer to view and publish files via Web Folders, does not adhere to the recommended security settings in Internet Explorer, and performs NTLM authentication for any server that requests it. A malicious Web site operator could format a document to request NTLM authentication from a visiting user automatically, causing the users authentication credentials to be sent by default. Once the credentials are revealed, the operator may be able to use specialized tools to derive the users password.
Note This vulnerability affects only computers running versions of Internet Explorer later than 5.0 with Web Folders enabled. For more information about this vulnerability, read Microsoft Security Bulletin MS01-001.
<<lessMicrosoft Windows 2000 Patch: Web Client NTLM Authentication Update
Microsoft Windows 2000 Patch: Web Client NTLM Authentication Update is designed to deal with the Web Client NTLM Authentication security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001 more>>
Microsoft Windows 2000 Patch: Web Client NTLM Authentication Update is designed to deal with the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials.
Under specific conditions, this vulnerability allows a malicious Web site operator to obtain the cryptographically protected logon credentials of a visiting user. This is because the security settings for WEC components are set to incorrect levels, which allows your computer to send information about your authentication credentials to remote Web applications.
Microsoft Windows NT 4.0 Patch: NTLMSSP Privilege Update
This update resolves the NTLMSSP Privilege Elevation security vulnerability present in Windows NT? 4.0, and is discussed in Microsoft Security Bulletin MS01-008 more>> This update resolves the "NTLMSSP Privilege Elevation" security vulnerability present in Windows NT? 4.0, and is discussed in Microsoft Security Bulletin MS01-008. Download now to prevent a malicious user from gaining administrative access to your computer.
This vulnerability exists because the NTLM Security Support Provider (NTLMSSP), which handles authentication requests associated with the NTLM Protocol, allows local user accounts to initiate a specially formed request to execute code by using LocalSystem security privileges. (These security privileges are equal to or greater than those of a local administrator account.) With these privileges, a malicious user with the ability to log on to a computer by using valid user credentials could exploit the vulnerability and send a request to the NTLMSSP that contains specially formatted commands to gain complete control over the computer.
For more information about this vulnerability, please read Microsoft Security Bulletin MS01-008.
<<lessMicrosoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001 is regarded as an innovative and versatile patch which eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. more>>
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001 is regarded as an innovative and versatile patch which eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me.
The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a Web server.
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed. Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user's computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system.
However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system.
Frequently asked questions regarding this vulnerability can be found here.
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows 2000) MS01-001
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows 2000) has come as a handy tool to deal with a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. more>>
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows 2000) MS01-001 has come as a handy tool to deal with a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a Web server.
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows Internet Explorer to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed.
Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user's computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system. However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system.
Microsoft Windows ME Security Patch: Web Client NTLM Authentication Vulnerability MS01-001
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via web folders, similar to viewing and adding fil more>>
Windows NT NTLMSSP Privilege Elevation Vulnerability Patch MS01-008 (2/7/01)
Windows NT NTLMSSP Privilege Elevation Vulnerability Patch MS01-008 (2/7/01) is designed to meet all your needs of handling NTLM authentication requests, and runs by default on all Windows NT 4.0 systems. more>>
Windows NT NTLMSSP Privilege Elevation Vulnerability Patch MS01-008 (2/7/01) is designed to meet all your needs of handling NTLM authentication requests, and runs by default on all Windows NT 4.0 systems.
A flaw in the service's implementation could allow a service request from an unprivileged process to cause code to run in the context of the NTLMSSP service, which runs with Local System privileges. This could enable attackers to programmatically levy requests that would have the effect of running the codes of their choice with System privileges. Workstations and terminal servers are the machines at greatest risk under most conditions.
Winrtgen 2.3
Winrtgen is a graphical Rainbow Tables Generator more>>
Winrtgen supports LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, SHA1, RIPEMD160, MySQL323, MySQLSHA1, MD2, MD4, MD5, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384) and SHA-2 (512) hashes
Tunnelier 4.30
Tunnelier has come as a user-friendly and versatile SSH client for Windows which includes state of the art terminal emulation, graphical as well as command-line SFTP support, an FTP-to-SFTP bridge, powerful tunneling features including dynamic port forwarding through integrated proxy, and also remote administration for our SSH server, WinSSHD. more>>
Tunnelier 4.30 has come as a user-friendly and versatile SSH client for Windows which includes state of the art terminal emulation, graphical as well as command-line SFTP support, an FTP-to-SFTP bridge, powerful tunneling features including dynamic port forwarding through integrated proxy, and also remote administration for SSH server, WinSSHD. Tunnelier is free for individual use.
Major Features:
Tunnelier is SSH and SFTP client for Windows which incorporates:
- One of the most advanced graphical SFTP clients;
- State-of-the-art terminal emulation with support for the bvterm, xterm, and vt100 protocols;
- Support for corporation-wide single sign-on using SSPI (GSSAPI) Kerberos 5 and NTLM user authentication, as well as Kerberos 5 host authentication;
- Support for RSA and DSA public key authentication with comprehensive user keypair management;
- Powerful SSH port forwarding capabilities, including dynamic forwarding through integrated SOCKS and HTTP CONNECT proxy;
- Powerful command-line parameters which make Tunnelier highly customizable and suitable for use in specific situations and controlled environments;
- An advanced, scriptable command-line SFTP client (sftpc);
- A scriptable command-line remote execution client (sexec) and a command-line terminal emulation client (stermc);
- An FTP-to-SFTP bridge allowing you to connect to an SFTP server using legacy FTP applications;
- WinSSHD remote administration features;
- Single-click Remote Desktop forwarding.
, as well as transparent authentication with Kerberos (GSSAPI) or NTLM. To satisfy special requirements, Tunnelier is highly customizable using a variety of command line parameters. Ideal
CryptoTerm 1.11
CryptoTerm is an innovative and versatile package consisting of following programs: Terminal Emulator, FTP (SFTP) Client and Batch FTP (SFTP) Client. more>>
CryptoTerm 1.11 is an innovative and versatile package consisting of following programs: Terminal Emulator, FTP (SFTP) Client and Batch FTP (SFTP) Client.
CryptoTerm package allows you to obtain a uniform, unified and intuitive access to diversified system environments - starting from Windows, through Unix environments, up to the IBM Mainframe systems. CryptoTerm provides connections through: Telnet, Serial RS-232, Modem and safe, encrypted SSH (1, 2), SSL 3.0 and TLS 1.0 protocols.
It guarantees unambiguous end-user authentication with the help of: certificates, public/private keys, PKCS#11 devices, NTLM and Kerberos protocols. CryptoTerm provides accurate terminal emulations: XTERM, ANSI, SCOANSI, VT100, VT220, VT220-8, VT320, VT320-8, WYSE60 (WYSE60 COLOR), LINUX, HP and TN3270 (3278-2, 3278-3, 3278-4, 3278-5, printer 3287-1 and IND$FILE transfer protocol).
with the help of: certificates, public/private keys, PKCS#11 devices, NTLM and Kerberos protocols. Major Features: CryptoTerm provides accurate terminal emulations: XTERM, ANSI, SCOANSIwith the help of: certificates, public/private keys, PKCS#11 devices, NTLM and Kerberos protocols. CryptoTerm provides accurate terminal emulations: XTERM, ANSI, SCOANSI, VT100, VT220Enterra Download Manager 0.6.0.2
An easy to use multifunctional toolbar that allows you to download files from FTP and HTTP servers more>>
Enterra Download Manager is a revolutionary module (plug-in) compatible with Microsoft Internet Explorer plugin that makes files downloading more effective!
Enterra Download Manager is an easy to use multifunctional toolbar that allows you to download files from FTP and HTTP servers via appropriate protocolsand lets you control the downloads right in the IE window (Compatible with IE version 6.0 and higher). It also has the feature of multi session downloading and files upload resume on the connection break and restoration. This helps to accelerate the process and manage your time more efficiently.
The User Interface Enterra Download Manager is an additional browser band (Explorer Bar), located in the bottom of the main window of Internet Explorer.
The panel provides for a complete and handy information display about downloads and their management. Besides, Download Manager it contains an additional Toolbar, built in directly into the Internet Explorer toolbar. This panel also provides for managing of downloads and display data on them in brief, as well as can be used when the browser band of Download Manager is closed.
Besides Internet Explorer, the Enterra Download Manager panels can be opened in all system windows of Windows based on Internet Explorer, e.g. Windows Explorer, Control Panel etc.
Major Features:
- Easy! Create downloads using Internet Explorer (for version IE 6.0 and above); by selecting corresponding items from Internet Explorer context menu;
- Drag-and-drop! Easy than ever! You just drag the object/link in the window of EDM navigation panel or tool bar (drag-and-drop) and it's in your downloads list. Wonders of engineering right for you!
- No losses! Enterra's Download Manager Support files upload that resume on the connection breaks and restorations. If the connection falls, EDM will resume when restored!
- New level IE integration! Handy and highly functional explorer band allows the user to control all of the downloads easy and with pleasure right in the IE window;
- Multi session downloading! Now you have the opportunity of downloading the file in simultaneous server connections that can accelerate the download process considerably. Use this EDM feature to manage your time as well!
- Perfect GUI! Features include : clear buttons on the toolbar makes you manage your downloads easy and with pleasure. That has never been so easy and nice before;
- Sounds! And of course it will play sounds indicating completed downloads. Comfortable and customary, just as you like;
- Custom scale! You can always extend your IE window when needed by pressing the "Minimize" button of your EDM window. While seeing all the buttons and downloads list on the top panel of your IE window able to control it. And your browser window is expanded again.
- Statistics! Store the list of downloads (i.e. URL, files names and other useful information). Your personal statistics are saved in EDM;
- Analyze! You have the tool for conducting download registry with EDM (both general and download specific). Now you can see the files that are downloaded, where they were downloaded and when
- Protocols! Files download from remote servers via FTP and HTTP protocols;
- Servers! HTTP (CERN-based) and FTP (TIS) proxy-servers support as well as support of Basic and NTLM authentication for HTTP and HTTP-proxy servers connection;
Requirements: Internet Explorer version 6.0 and higher
HTTP (CERN-based) and FTP (TIS) proxy-servers support as well as support of Basic and NTLM authentication for HTTP and HTTP-proxy servers connection; System requirements: - IE version 6.0GNU Wget 1.11.4s
This is a free software solution that will allow you to retrieve files using HTTPS, HTTP, and FTP, the most widely-used Int more>> This is a free software solution that will allow you to retrieve files using HTTPS, HTTP, and FTP, the most widely-used Int
GNU Wget is a free software solution that will allow you to retrieve files using HTTPS, HTTP, and FTP, the most widely-used Internet protocols.
GNU Wget is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.
GNU Wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, including":
- Can resume aborted downloads, using REST and RANGE
- Can use filename wild cards and recursively mirror directories
- NLS-based message files for many different languages
- Optionally converts absolute links in downloaded documents to relative, so that downloaded documents may link to each other locally
- Runs on most UNIX-like operating systems as well as Microsoft Windows
- Supports HTTP and SOCKS proxies
- Supports HTTP cookies
- Supports persistent HTTP connections
- Unattended / background operation
- Uses local file timestamps to determine whether documents need to be re-downloaded when mirroring
Enhancements:
- This release contains fixes for a major security problem: a remotely exploitable buffer overflow vulnerability in the NTLM authentication code. All Wget users are strongly encouraged to upgrade their Wget installation to the last release.
LDAPManager 2.1.0
LDAPManager is a free Windows LDAP Editor/Browser with many advanced features such as batch editing and server to server copy. more>>
1. Only LDAP v3 Directories
2. NTLM, Basic and Anonymous Logon
3. SSL or ClearText logon
4. Object Editors for inetOrg and Posix types
5. Generic Object Editor
6. Binary attribute modification
7. Batch attribute editing
8. Schema viewing
9. Server to Server copying
