Nmap Development mailing list archives
Ncrack doesn't recognize 401 responses other than "Authorization Required"
From: David Fifield <david () bamsoftware com>
Date: Fri, 7 Aug 2009 14:57:11 -0600
Hi, I tried using Ncrack to crack the default admin:admin password on my DSL modem. I added "admin" to the password list but it wouldn't work. The problem is that Status-Line sent by the modem is HTTP/1.1 401 Unauthorized but Ncrack is always looking for the literal string 401 Authorization Required I edited the source code to match the modem's responses and the authentication was cracked successfully. The Reason-Phrase "Authorization Required" doesn't have any formal meaning so Ncrack should look only for a Status-Code of 401. (RFC 2616 section 6.1.1.) Another oddity is that after Ncrack had wrongly detected that the service didn't require authentication, it didn't just quit, but it continued to send HTTP_INIT probes (with no authentication) for all the authentication pairs. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncrack doesn't recognize 401 responses other than "Authorization Required" David Fifield (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" David Fifield (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)