Apache-Nosejob
From: Jeremy Junginger (jjunginger@interactcommerce.com)Date: 08/22/02
- Previous message: KF: "Re: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability"
- Next in thread: gotcha: "Re: Apache-Nosejob"
- Reply: gotcha: "Re: Apache-Nosejob"
- Reply: Walter Pearce: "RE: Apache-Nosejob"
- Reply: Muhammad Faisal Rauf Danka: "Re: Apache-Nosejob"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Aug 2002 07:38:39 -0700 From: "Jeremy Junginger" <jjunginger@interactcommerce.com> To: <pen-test@securityfocus.com>
Good Morning,
I've got a lab set up with the following host:
FreeBSD 4.5
Apache 1.3.23 (downloaded from
http://packetstormsecurity.org/UNIX/admin/apache_1.3.23.tar.gz )
And am running the apache-nosejob script against it in order to
understand the chunked encoding vulnerability:
http://packetstorm.decepticons.org/0206-exploits/apache-nosejob.c
When I ran ./apache-nosejob -o f -h x.x.x.x(address of host), the script
ran for over 12 hours with no successful penetration :). I have also
tried the script with the -b 0x80a0000, -d -150, -z 36, -r 6 switches to
no avail. Perhaps you could suggest some alternate r|d|z values for the
Brute Force settings? Thanks,
-Jeremy
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: KF: "Re: Apache Tomcat 4.1 Cross-Site Scripting Vulnerability"
- Next in thread: gotcha: "Re: Apache-Nosejob"
- Reply: gotcha: "Re: Apache-Nosejob"
- Reply: Walter Pearce: "RE: Apache-Nosejob"
- Reply: Muhammad Faisal Rauf Danka: "Re: Apache-Nosejob"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
