Penetration Testing mailing list archives
RE: PacketShaper
From: "Brewis, Mark" <mark.brewis () eds com>
Date: Mon, 3 May 2004 20:56:11 +0100
Filipe, I had a look at one of these about three years ago; I sent out a similar request and didn't get anything back. I didn't find anything in its deployed state, although you appear to have more ports available than I remember seeing. What is it using echo for? Obviously, a lot of things have moved on in that time with regard to application testing. Can you get anything out of the webserver at all? Is it an apache, tomcat or lynx derivative, or is it proprietary? If you haven't already, try using attacks against those as a starting place if it is proprietary, and then fuzz on those. It may be one of those things that you feel ought to break, but never does. No idea about the algorithm, I'm afraid. Good luck, Mark Mark Brewis Security Consultant EDS UK Information Assurance Group Wavendon Tower Milton Keynes Buckinghamshire MK17 8LX. Tel: +44 (0)1908 28 4013 Mbl: +44 (0)7989 291 648 Fax: +44 (0)1908 28 4393 E@: mark.brewis () eds com This email is confidential and intended solely for the use of the individual(s) to whom it is addressed. Any views or opinions presented are solely those of the author. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this mail is strictly prohibited. Precautions have been taken to minimise the risk of transmitting software viruses, but you must carry out your own virus checks on any attachment to this message. No liability can be accepted for any loss or damage caused by software viruses.
-----Original Message----- From: Filipe A. [mailto:incognito () patria ath cx] Sent: 28 April 2004 10:48 To: pen-test () securityfocus com Subject: PacketShaper Hello. I'm in the middle of a pentest. On my client's network sits a PacketShaper (v5.3.0) from Packeteer [1]. This seems to be a commom device for traffic shaping yet I can't find any published vulnerabilities for it. Open ports are 7, 21, 23 and 80. Both web and telnet interfaces require only a password for authentication, no username needed. Default pwds were no good. I can code a brute forcer but was wondering if anyone here has audited one of these boxes and can share some info. SNMP read community is also available but I don't find any sensitive information there, apart from traffic statistics. One last fact, I found this quote in Packeteer's site regarding password recovery: "[...] contact Customer Support. After you provide them with your serial number, they will generate a default password you can use to access your unit via the command-line or browser interface." If I understand correctly there's an algorithm somewhere that will generate a default pwd for each box according to it's serial number. Any ideas? (social engeneering is out of scope for this audit) Thanks in advance. [1] http://www.packeteer.com/prod-sol/products/packetshaper_topologies.cfm -------------------------------------------------------------- ---------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: PacketShaper Brewis, Mark (May 03)
- RE: PacketShaper GRUPOHEMAC.- juan davila (May 04)
- Re: PacketShaper Stephen Bernard (May 04)
- RE: PacketShaper Filipe A. (May 04)
- <Possible follow-ups>
- RE: PacketShaper Steve Goldsby (ICS) (May 04)
- RE: PacketShaper GRUPOHEMAC.- juan davila (May 04)