Re: HNAP Admin attempts

[James Lay <jlay () slave-tothe-box net>]

On 2013-11-14 13:35, Y M wrote:
> In this case base64_decode can help:
>
> http://manual.snort.org/node32.html#SECTION004526000000000000000 [1]
>
> > Date: Thu, 14 Nov 2013 15:20:23 -0500
> > From: wkitty42 () windstream net
> > To: snort-sigs () lists sourceforge net
> > Subject: Re: [Snort-sigs] HNAP Admin attempts
> >
> > On 11/14/2013 3:54 PM, rmkml wrote:
> > > Hi,
> > >
> > > What you think about this version please ? (removed file_data +
> added uurilen +
> > > http_uri + short Authorization)
> >
> > FWIW: YWRtaW46 decodes from base64 mime to "admin:"... it indicates
> the
> > attempted use of the "admin" account to login with...
> >
> > --
> > NOTE: No off-list assistance is given without prior approval.
> > Please keep mailing list traffic on the list unless
> > private contact is specifically requested and granted.

Thanks for the responses all...and that looks good RM :)

James


------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!