WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: check authentication-methods

From: "Dennis Hurst" <dennis () hurstinc com>
Date: Sun, 15 Jun 2003 00:16:47 -0400
Thomas,

You could just Telnet to the web server on port 80 and send a simple GET
/ request, then look at the headers that come back.  Here an example of
what comes back from IIS.

Server: Microsoft-IIS/5.0
Date: Sun, 15 Jun 2003 04:15:03 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html


The WWW-Authenticate: NTLM header tells you it's asking for NTLM. If
it's using basic it will have BASIC in the header.

Here's how I did it

At a command prompt type: telnet <your web server> 80 <press enter>
You will get a blank screen, type GET / <press enter>
You will get the headers dumped back to you.

Hope this helps.


Have a great day,
 
Dennis Hurst
dhurst () spidynamics com
SPI Labs


-----Original Message-----
From: Thomas Springer [mailto:tuev () serveraudit net] 
Sent: Friday, June 13, 2003 7:00 AM
To: webappsec () securityfocus com
Subject: check authentication-methods


Anybody knows a tool (prefferably win32) to check, wich
401-authentication-methods are supported by a webserver (i.e. basic,
ntlm)?

thomas springer
tuev-sueddeutschland
it-security

Thomas Springer
Previous By Date Next
Previous By Thread Next

Current thread: