Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Pentesting a Web Applicaton
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Thu, 31 May 2007 23:00:25 -0700

List members,

To head off the already trickling in flood of emails on how to reset the
device.... Yes, I know we could all tell him how to do a manual reset of the
device with a paperclip but let's try to view this as a learning opportunity
for playing with windows brute-force tools for web-based authentication like
Ian asked and recommend some ways to tackle this without the reset shall we?
:)

Ian, if you're *really* bored you could run an HTTP proxy and play with
Expect scripting and a password dictionary... Or try THC-Hydra
(http://www.thc.org/releases.php) if Brutus is giving you issues and you
don't want to reinvent the wheel.


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 


-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Stong, Ian 
C CTR DISA GIG-CS
Sent: Thursday, May 31, 2007 9:30 AM
To: PenTest
Subject: Pentesting a Web Applicaton

Hi,

I have a DLINK router/wireless device that has a web 
interface for managing it via the inside interface. I know 
the username but the password was cached and due to some 
Winblows issues the info is gone. 

Would like some advice for tools I can run (on Windows) to 
attempt to find the password. I tried brutus but wasn't able 
to get it to work properly (or I misconfigured).  

When you access the router via web interface a popup comes up 
asking for username/pwd. It says "Enter username and password 
for "DI-514" at y.y.y.y - Then it has fields for User Name: 
and Password: - and then OK or Cancel.


You help is appreciated,

Ian Stong

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with 
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault