Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[LoWNOISE] Password hunting with webramp

From: et () CYBERSPACE ORG (ET LoWNOISE)
Date: Tue, 3 Aug 1999 11:34:59 -0400

Hi,
Just to go deeper.

Definition: (taken from www.webramp.com)
What is a WebRamp?

                        A WebRamp is a communications
                        device that allows your whole office to
                        share Internet access. You can choose
                        from a variety of different models
                        depending on your needs. While all
                        WebRamps allow you to share Internet
                        access, WebRamps can differ in the
                        types of modems they use, as well as
                        advanced features such as Access
                        Controls, VPN support, and Remote
                        Dial-in for telecommuters.

Now my stuff..

I have checked all the stuff about webramp on bugtraq and different
security lists. The only thing i have found are about DoS stuff on the M3
model but nothing more.

Today i was searching for web servers on a ISP and got many responses from
webramp servers. Some of them when you connect and ask you for
authorization they already tell you whats the username to use (wradmin).

The default username and password are: wradmin / trancell

The other ones possibly bad configurated because there wasnt any login and
password thing. Got me into their Setup Page.

On M3 models theres a page http://webramp/avconnX.htm where X is the modem
number 1,2,3.. there you can get the isp phone number they use, the
username they use, and the password like this ******, easy to get with a
sniffer or a password snooping program, OR READ THE FORM SOURCE CODE :).

On 200i models just go to express internet and you will find the same
stuff like M3. Why webramp put that info so free.. and why the passwords
are there? i dont see any utility for webramp to send usernames and
passwords to the clients that connect. it should be the other way.

Three are many other models but im only talking about M3 and 200i because
thats the ones i found.

Well, and what to do with a phone number (ISP), a username and a password?
(not one.. 3 aprox. 1 for each modem) use your imagination.

bye,

Efrain 'ET' Torres
[LoWNOISE] Colombia
et () cyberspace org

pd/gracias aleph1.
Previous By Date Next
Previous By Thread Next

Current thread: