>>
>>
>>But as we are on the subject, does anyone knows what is used as
>>credentials for the Checkpoint? Are there default passwords? I did not
>>found them in my default password lists...
>>
>Not that I know of. Which Checkpoint? You didn't talk of any.
>
LOL! Looks like I was *a bit* tired at that point.. anyway.. I tried the
BWClient utility and realized that it sent POSTs requests while
communicating with the firewall.. I think I will brute force the password
but for this I must reproduce the behavior of BWClient. I know that he sends
out the password ("password" in this case, but for the same password it
changes each time) in this format:
QOs_9OGelB05RYaW8fo70TsO7ZH5r5uHZuKdAml3BlLU1ps4Cp0g6SFV.pGLVqEN
Anyone recognizes the hashing algorithm used? I searched the borderware site
to no avail.. They only say that the entire session can be encrypted through
ssl on port 442.. Even BWClient.exe's disassembly gave no (apparent) clues.
--TB
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 26 2002
Intro
