Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pentesting a Web Applicaton
From: Anders Thulin <anders.thulin () sentor se>
Date: Fri, 01 Jun 2007 07:52:05 +0200

Stong, Ian C CTR DISA GIG-CS wrote:

When you access the router via web interface a popup comes up asking for
username/pwd. It says "Enter username and password for "DI-514" at
y.y.y.y - Then it has fields for User Name: and Password: - and then OK
or Cancel.

  Try find a DI-514 manual on the net: there's usually a way to reset these
things to factory default state.

  Not sure about 514, but at one time some D-Link routers sent out passwords on
request.  There used to be a windows utility (from D-Link) that sent out a
UDP packet to .... some port I've forgotten, and in return each D-LINK
device that received that packet would return a reply packet, in which
the full configuration appeared, including user and master passwords
in clear.

  I think D-LINK stopped doing that, but I'm not sure where or when the line
was drawn.

Anders Thulin          anders.thulin () sentor se          070-757 36 10

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]