Follow up:Apache Nosejob

• Previous message: hellNbak: "Re: exploiting printers, home routers & smb routers"
• Next in thread: Darroch: "Re: Follow up:Apache Nosejob"
• Reply: Darroch: "Re: Follow up:Apache Nosejob"
• Reply: Craig: "Re: Follow up:Apache Nosejob"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 Aug 2002 10:15:06 -0700
From: "Jeremy Junginger" <jjunginger@interactcommerce.com>
To: <pen-test@securityfocus.com>, <vuln-dev@securityfocus.com>

After perfiorming some research, I noticed that the apache worm that is
plaguing FreeBSD machines uses the following settings (please correct me
if I'm wrong):

FreeBSD 4.5 x86 / Apache/1.3.20 (Unix):
D=-146,
B= 0xbfbfde00,
R= 6
Z= 36

FreeBSD 4.5 x86 / Apache/1.3.22-24 (Unix)
D=-134
B= 0xbfbfdb00
R= 3
Z=36

After seeing this, I think I have a patched version of Apache installed,
as the second exploit, which should work, does not. If any of you have
an older, vulnerable version of apache or know where I can find one, let
me know. Anyways, thanks for the help.

-Jeremy

***************************
ORIGINAL MESSAGE:
***************************

Good Morning,

I've got a lab set up with the following host:

FreeBSD 4.5
Apache 1.3.23 (downloaded from
http://packetstormsecurity.org/UNIX/admin/apache_1.3.23.tar.gz )

And am running the apache-nosejob script against it in order to
understand the chunked encoding vulnerability:

http://packetstorm.decepticons.org/0206-exploits/apache-nosejob.c

When I ran ./apache-nosejob -o f -h x.x.x.x(address of host), the script
ran for over 12 hours with no successful penetration :). I have also
tried the script with the -b 0x80a0000, -d -150, -z 36, -r 6 switches to
no avail. Perhaps you could suggest some alternate r|d|z values for the
Brute Force settings? Thanks,

-Jeremy

• Previous message: hellNbak: "Re: exploiting printers, home routers & smb routers"
• Next in thread: Darroch: "Re: Follow up:Apache Nosejob"
• Reply: Darroch: "Re: Follow up:Apache Nosejob"
• Reply: Craig: "Re: Follow up:Apache Nosejob"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Publishing Nimda Logs ... > pull IIS settings out of the registry, download and install Apache ... That is worse than infecting machines with a worm. ... (Vuln-Dev) XP pro and Apache 2 ... I am trying to setup the Apache ... On the Connections tab, click Settings. ... So you'd better ask in a microsoft ... # be placed in the first column followed by the corresponding host name. ... (microsoft.public.windowsxp.configuration_manage) Re: The connection was refused when trying to connect to ... ... Really having a hard time getting my apache web server ... >> When setting up my server initially I set up with medium firewall, ... >> thinking I could modify the settings later. ... Either Apache is not listening to the outside world, ... (comp.os.linux.misc) RE: Publishing Nimda Logs ... Apache on those machines, while keeping all the previous settings, such as ... (Vuln-Dev) Re: FrontPage 2003 Feedback Page ... |>Begin by renaming the page..you're on Apache ... |>|>> settings for the submit button. ... (microsoft.public.frontpage.client)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint