thor_consulting@yahoo.com wrote:
> whoa chief!!!
>
> i have a better understanding of your predicament.
>
> another work-around i came across for NS servers was to hack the binary to
> disable TRACE requests.
>
> i'm a firm believer in hacking any binaries that exclude source code as a
> means of security through obfuscation.
>
> my favorite binary editor has always been beav:
> ftp://rpmfind.net/linux/contrib/libc6/i386/beav-14.0.6-2.i386.rpm
>
> i just hacked the httpd binary, changing TRACE to SPACE:
>
> [apache@asgaard]$ GET -m TRACE http://asgaard.mineshaftgap.org:79/
> --surrounding_h_t_m_l_tags_deleted_so_this_makes_it_through_the_anal_filteri
> ng--
> 403 Forbidden
>
> --surrounding_h_t_m_l_tags_deleted_so_this_makes_it_through_the_anal_filteri
> ng--
>
> 20 minutes of hacking and voila! no TRACE!
>
> thor
>
>
This looks very promising. I'm giving it a try.
When you say "NS servers" above, do you mean Netscape or did you
fat-finger MS? (No pun intended.)
I had a touch of RPM dependency hell with beav, but I'm working on it.
I tried jed, and obviously did something very wrong, ending up with a
file that was several hundred bytes different in size and a segmentation
fault. On a lark I thought I'd resort to my favorite, vi (vim), and for
this purpose it looked about the same as jed. A few occurances of
"trace", followed by about four occurances of "TRACE" and then a few
more "trace" near the end of the file. The RFC says it is
case-sensitive and UPPER-CASE, so I only changed the "TR" to "SP".
After editing, the file is 1 byte larger, but it runs. apachectl start
and stop seem to behave normally. httpd -l and -V show expected output.
The java GUI on top of it runs fine.
Tomorrow I hope to get the not-so-PHB's guys to assess this crippled
server's vulnerabilities again, with hope that we will be permitted to
deploy it.
You pulled off something that looked nifty to me right before the first
html tag above. It looks like you were testing a web server's ability
to respond to the TRACE method from the command line. Yeah, I was
stupid enough to type "man GET" in hopes of learning what the -m switch
did. How did you get the server to send that HTML error message?
Still thankful,
Greg
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:02:52 EDT