|
Penetration Testing
mailing list archives
Re: Pentesting a Web Applicaton
From: Anders Thulin <anders.thulin () sentor se>
Date: Fri, 01 Jun 2007 07:52:05 +0200
Stong, Ian C CTR DISA GIG-CS wrote:
When you access the router via web interface a popup comes up asking for
username/pwd. It says "Enter username and password for "DI-514" at
y.y.y.y - Then it has fields for User Name: and Password: - and then OK
or Cancel.
Try find a DI-514 manual on the net: there's usually a way to reset these
things to factory default state.
Not sure about 514, but at one time some D-Link routers sent out passwords on
request. There used to be a windows utility (from D-Link) that sent out a
UDP packet to .... some port I've forgotten, and in return each D-LINK
device that received that packet would return a reply packet, in which
the full configuration appeared, including user and master passwords
in clear.
I think D-LINK stopped doing that, but I'm not sure where or when the line
was drawn.
--
Anders Thulin anders.thulin () sentor se 070-757 36 10
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
