|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: check authentication-methods
From: Dennis Hurst (dennis
hurstinc.com)
Date: Sat Jun 14 2003 - 23:16:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas,
You could just Telnet to the web server on port 80 and send a simple GET
/ request, then look at the headers that come back. Here an example of
what comes back from IIS.
Server: Microsoft-IIS/5.0
Date: Sun, 15 Jun 2003 04:15:03 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
The WWW-Authenticate: NTLM header tells you it's asking for NTLM. If
it's using basic it will have BASIC in the header.
Here's how I did it
At a command prompt type: telnet <your web server> 80 <press enter>
You will get a blank screen, type GET / <press enter>
You will get the headers dumped back to you.
Hope this helps.
Have a great day,
Dennis Hurst
dhurstspidynamics.com
SPI Labs
-----Original Message-----
From: Thomas Springer [mailto:tuevserveraudit.net]
Sent: Friday, June 13, 2003 7:00 AM
To: webappsecsecurityfocus.com
Subject: check authentication-methods
Anybody knows a tool (prefferably win32) to check, wich
401-authentication-methods are supported by a webserver (i.e. basic,
ntlm)?
thomas springer
tuev-sueddeutschland
it-security
Thomas Springer
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]