Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sunny WebBox Default Password

From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 23 Dec 2011 15:55:37 -0500
On Fri, Dec 23, 2011 at 11:02 AM, Hacxx Under <hacxx20 () gmail com> wrote:

Sunny Web Box is a device that has a web interface and it's used as a
reader for solar energy microproducers.

The default password is "SMA"

The devices can be founfd using intitle: "Sunny WebBox"
-------
Hacked Boxes

http://mariorodrigues.dynip.sapo.pt
http://gisolar.cannondesign.com
http://pvpichler.dyndns.org:509
http://217.113.37.189:80
http://zodiac.hostein.org:8081
http://79.1742.145.114
http://67.78.27.35
http://217.133.100.238:8082
http://news.hartwellps.vic.edu.au
http://energiasolar.ues.edu.sv
http://solar.amy.gr
http://xserver.clio.it

They also use MD5 in a JSON request over HTTP. Not surprisingly:

$ echo SMA | md5sum
8872966064a33f7520d11c0fffe7e517

[Google for 8872966064a33f7520d11c0fffe7e517]

http://hash.phelix.lv/md5/371bd54577d68567ed50af283052e0d1/SMA.htm

It looks like this has been known for some time.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: