Nmap Development mailing list archives
Re: Ncrack doesn't recognize 401 responses other than "Authorization Required"
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Sat, 08 Aug 2009 00:33:39 +0300
David Fifield wrote:
Hi, I tried using Ncrack to crack the default admin:admin password on my DSL modem. I added "admin" to the password list but it wouldn't work. The problem is that Status-Line sent by the modem is HTTP/1.1 401 Unauthorized but Ncrack is always looking for the literal string 401 Authorization Required I edited the source code to match the modem's responses and the authentication was cracked successfully. The Reason-Phrase "Authorization Required" doesn't have any formal meaning so Ncrack should look only for a Status-Code of 401. (RFC 2616 section 6.1.1.)
Thanks. Fixed.
Another oddity is that after Ncrack had wrongly detected that the service didn't require authentication, it didn't just quit, but it continued to send HTTP_INIT probes (with no authentication) for all the authentication pairs.
Indeed, this hasn't been yet implemented. While the module reports that it should end, the Ncrack core engine doesn't currently do anything to stop the service. Good thing you reminded me, so that I fix this soon. Regards, ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncrack doesn't recognize 401 responses other than "Authorization Required" David Fifield (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" David Fifield (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)
- Re: Ncrack doesn't recognize 401 responses other than "Authorization Required" ithilgore (Aug 07)