Home page logo

pen-test logo Penetration Testing mailing list archives

Re: RE: Pentesting a Web Applicaton
From: sherwyn.williams () gmail com
Date: Fri, 1 Jun 2007 20:42:30 +0000

Agreed trying to get the password from the config is a good way to go.
Maybe check on the vendor website or forun related to the product.
Sherwyn Williams
Technical Support
The Williams Solutions  

-----Original Message-----
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Fri, 1 Jun 2007 20:38:57 
To:"Stong, Ian C CTR DISA GIG-CS" <Ian.Stong.ctr () disa mil>
Cc:pen-test () securityfocus com
Subject: Re: RE: Pentesting a Web Applicaton

In that case the easiest attack might be against the config file. (Eek
- my Netgear router stores the password in clear in its backup file!)


On 01/06/07, Stong, Ian C CTR DISA GIG-CS <Ian.Stong.ctr () disa mil> wrote:
Just for clarification - I have backups of the configs and could reset
the device and reload the config but as soon as you do that it also
restores the password. In addition you can't change the password without
knowing the old password.

Jamie Riden, CISSP / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]