Project 2068/11.1 - ObiWaN

[History |Download |Documentation |Targets |Mail ]


1) I´m far away from being a programmer.
2) I´m very far away from being a good C programmer.
3) I´m lightyears far away from speeking english.

The idea to Project 2068/11.1 came up while I tried to get administrator access to a webserver. It was a Netscape Enterprise Server and I found the port of the Administration Server. I tested some standard passwords an was tired of entering words, pressing enter, waiting and so on. The I noted that I can try so many passwords I like to. Nothing changed. An idea was born.

After some houres of thinking about it I gave this thing the codename ObiWaN. This stands for "Operation burning insecure Webserver against Netscape". Nothing about Netscape. I´d like to call it "against Microsoft" but first I like ObiWaN more then ObiWaM and second I had this idea by trying to break in a Netscape Server - not Microsoft. Thats life.
Later - as I wrote some routines for this project I gave him an "official" name: Project 2068/11.1 or real short Project 2068. This is a real good name. 2068 is the number of the RFC which describes the HTTP/1.1 protocol. 11.1 is the section which describes the basic authentication sheme. This is the mostly used authentication sheme for Webserver and used by ObiWaN.

The rest of the history is told fast: I´m a "try and coredump" programmer in UNIX. I killed my Linux box many times by using the wrong libc or misconfiguring my test Apache Server. Pointers and strings in C are a real problem for a stupid networker. And writing code that frees memory after using it is not so simply.

And now I´v got a program in version 0.6something. There are some things not implementet yet - like testing for unusual connection problems and extensive tests for people who try to use ObiWaN against a smtpd or telnetd but it looks like a stable version for me. Sure you will find many cases where it does not find the right password or produces a "Segentation fault". But please see the first 3 lines and send me a mail.