Re: Pentesting a Web Applicaton

[Anders Thulin <anders.thulin () sentor se>]

Stong, Ian C CTR DISA GIG-CS wrote:

> When you access the router via web interface a popup comes up asking for
> username/pwd. It says "Enter username and password for "DI-514" at
> y.y.y.y - Then it has fields for User Name: and Password: - and then OK
> or Cancel.

  Try find a DI-514 manual on the net: there's usually a way to reset these
things to factory default state.

  Not sure about 514, but at one time some D-Link routers sent out passwords on
request.  There used to be a windows utility (from D-Link) that sent out a
UDP packet to .... some port I've forgotten, and in return each D-LINK
device that received that packet would return a reply packet, in which
the full configuration appeared, including user and master passwords
in clear.

  I think D-LINK stopped doing that, but I'm not sure where or when the line
was drawn.

-- 
Anders Thulin          anders.thulin () sentor se          070-757 36 10

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------