RE: check authentication-methods

I've seen it in C scripts. Example
http://packetstorm.linuxsecurity.com/UNIX/cgi-scanners/httpscan-v200.c This script would check the header of the webserver. You can customize this script to return the method of authentication based on the returned buffer.
To use this script on Microsoft you need cygwin.dll in your system32 directory.

-----Original Message-----

From: Joe - [mailto:boomerangfishy@hotmail.com] Sent: Tuesday, June 17, 2003 12:29 PM
To: webappsec@securityfocus.com
Subject: RE: check authentication-methods

There is a valid reason for an automated tool to check authentication methods. On several large web portals, one might find several different

authentication methods for any number of site paths. I've seen this on a
few occasions. Yet I have not seen it in any automated tool. -Joe R.

-----Original Message-----

From: Dennis Hurst [mailto:dennis@hurstinc.com] Sent: Saturday, June 14, 2003 11:17 PM
To: 'Thomas Springer'; webappsec@securityfocus.com Subject: RE: check authentication-methods

Thomas,

You could just Telnet to the web server on port 80 and send a simple GET / request, then look at the headers that come back. Here an example of what comes back from IIS.

Server: Microsoft-IIS/5.0
Date: Sun, 15 Jun 2003 04:15:03 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The WWW-Authenticate: NTLM header tells you it's asking for NTLM. If it's using basic it will have BASIC in the header.

Here's how I did it

At a command prompt type: telnet <your web server> 80 <press enter> You will get a blank screen, type GET / <press enter> You will get the headers dumped back to you.

Hope this helps.

Have a great day,

Dennis Hurst
dhurst@spidynamics.com
SPI Labs

-----Original Message-----

From: Thomas Springer [mailto:tuev@serveraudit.net] Sent: Friday, June 13, 2003 7:00 AM
To: webappsec@securityfocus.com
Subject: check authentication-methods

Anybody knows a tool (prefferably win32) to check, wich 401-authentication-methods are supported by a webserver (i.e. basic, ntlm)?

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

thomas springer
tuev-sueddeutschland
it-security

Thomas Springer