Penetration Testing mailing list archives
Re: RE: Pentesting a Web Applicaton
From: sherwyn.williams () gmail com
Date: Fri, 1 Jun 2007 20:42:30 +0000
Agreed trying to get the password from the config is a good way to go. Maybe check on the vendor website or forun related to the product. Sherwyn Williams Technical Support The Williams Solutions -----Original Message----- From: "Jamie Riden" <jamie.riden () gmail com> Date: Fri, 1 Jun 2007 20:38:57 To:"Stong, Ian C CTR DISA GIG-CS" <Ian.Stong.ctr () disa mil> Cc:pen-test () securityfocus com Subject: Re: RE: Pentesting a Web Applicaton In that case the easiest attack might be against the config file. (Eek - my Netgear router stores the password in clear in its backup file!) cheers, Jamie On 01/06/07, Stong, Ian C CTR DISA GIG-CS <Ian.Stong.ctr () disa mil> wrote:
Just for clarification - I have backups of the configs and could reset the device and reload the config but as soon as you do that it also restores the password. In addition you can't change the password without knowing the old password.
-- Jamie Riden, CISSP / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Pentesting a Web Applicaton Haroon Meer (Jun 01)
- <Possible follow-ups>
- RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Message not available
- RE: Pentesting a Web Applicaton Peter Wood (Jun 01)
- Message not available
- Re: Pentesting a Web Applicaton Jamie Riden (Jun 01)
- Re: Pentesting a Web Applicaton sherwyn . williams (Jun 01)
- Re: RE: Pentesting a Web Applicaton ebk_lists (Jun 01)
- RE: RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Re: RE: Pentesting a Web Applicaton Jamie Riden (Jun 01)
- Re: RE: Pentesting a Web Applicaton sherwyn . williams (Jun 01)
- RE: RE: Pentesting a Web Applicaton Alex Balayan (Jun 11)
- RE: RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Re: Pentesting a Web Applicaton Hylton Conacher (ZR1HPC) (Jun 04)