Re: Ncrack: buggy web server response / authentication

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 24 Jul 2009 15:40:43 +0300
ithilgore <ithilgore.ryu.l () gmail com> wrote:
...
> Has anyone come across this behaviour before? It is a fairly
> confusing matter.

I haven't been able to get this to happen.

I have tested against Apache 2.2.11 (Gentoo) using mpm_prefork_module
as well as Apache 2.2.11-r2 (Gentoo) using mpm_worker_module.

If there is a race in auth_basic_module, I would think that the Apache
worker module you use would probably play a big factor.

You should be able to see what you're currently running with:

# apache2ctl modules | head

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkpqFokACgkQqaGPzAsl94LmpgCggWoo7HV6b/caEWU+MYuLv2ZX
9A8AnR9+Bl4JlzVV+bBDVJ5Qg7CQM30B
=h+P0
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org