Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Looks like a Borderware firewall
From: Alif The Terrible <measl () mfn org>
Date: Mon, 26 Aug 2002 14:04:43 -0500 (CDT)


I believe the encryption algorithm was published on cypherpunks about 2 years
ago: google is your friend.

On Thu, 22 Aug 2002, The Blueberry wrote:

Date: Thu, 22 Aug 2002 18:52:35 +0000
From: The Blueberry <acr872k () hotmail com>
To: jfernandez () germinus com
Cc: pen-test () securityfocus com
Subject: Looks like a Borderware firewall



But as we are on the subject, does anyone knows what is used as 
credentials for the Checkpoint? Are there default passwords? I did not 
found them in my default password lists...

Not that I know of. Which Checkpoint? You didn't talk of any.


LOL! Looks like I was *a bit* tired at that point.. anyway.. I tried the 
BWClient utility and realized that it sent POSTs requests while 
communicating with the firewall.. I think I will brute force the password 
but for this I must reproduce the behavior of BWClient. I know that he sends 
out the password ("password" in this case, but for the same password it 
changes each time) in this format:

QOs_9OGelB05RYaW8fo70TsO7ZH5r5uHZuKdAml3BlLU1ps4Cp0g6SFV.pGLVqEN

Anyone recognizes the hashing algorithm used? I searched the borderware site 
to no avail.. They only say that the entire session can be encrypted through 
ssl on port 442.. Even BWClient.exe's disassembly gave no (apparent) clues.

--TB

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



-- 
Yours, 
J.A. Terranson
sysadmin () mfn org

If Governments really want us to behave like civilized human beings, they
should give serious consideration towards setting a better example:
Ruling by force, rather than consensus; the unrestrained application of
unjust laws (which the victim-populations were never allowed input on in
the first place); the State policy of justice only for the rich and 
elected; the intentional abuse and occassionally destruction of entire
populations merely to distract an already apathetic and numb electorate...
This type of demogoguery must surely wipe out the fascist United States
as surely as it wiped out the fascist Union of Soviet Socialist Republics.

The views expressed here are mine, and NOT those of my employers,
associates, or others.  Besides, if it *were* the opinion of all of
those people, I doubt there would be a problem to bitch about in the
first place...
--------------------------------------------------------------------



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]