Follow up:Apache Nosejob

["Jeremy Junginger" <jjunginger () interactcommerce com>]

After perfiorming some research, I noticed that the apache worm that is
plaguing FreeBSD machines uses the following settings (please correct me
if I'm wrong):

FreeBSD 4.5 x86 / Apache/1.3.20 (Unix):
D=-146,  
B= 0xbfbfde00,
R= 6 
Z= 36

FreeBSD 4.5 x86 / Apache/1.3.22-24 (Unix)   
D=-134
B= 0xbfbfdb00
R= 3
Z=36

After seeing this, I think I have a patched version of Apache installed,
as the second exploit, which should work, does not.  If any of you have
an older, vulnerable version of apache or know where I can find one, let
me know.  Anyways, thanks for the help.

-Jeremy

***************************
ORIGINAL MESSAGE:
***************************

Good Morning,

I've got a lab set up with the following host:

FreeBSD 4.5
Apache 1.3.23 (downloaded from
http://packetstormsecurity.org/UNIX/admin/apache_1.3.23.tar.gz )

And am running the apache-nosejob script against it in order to
understand the chunked encoding vulnerability:

http://packetstorm.decepticons.org/0206-exploits/apache-nosejob.c

When I ran ./apache-nosejob -o f -h x.x.x.x(address of host), the script
ran for over 12 hours with no successful penetration :).  I have also
tried the script with the -b 0x80a0000, -d -150, -z 36, -r 6 switches to
no avail.  Perhaps you could suggest some alternate r|d|z values for the
Brute Force settings?  Thanks,

-Jeremy