Penetration Testing mailing list archives
Re: Pentesting a Web Applicaton
From: sherwyn.williams () gmail com
Date: Fri, 1 Jun 2007 17:32:54 +0000
I could be wrong but I remember reading a while back that you can input certain exact path in the browser and get to various settings on there devices. Ex http:ip/config.html and so on Sherwyn Williams Technical Support The Williams Solutions -----Original Message----- From: "Stong, Ian C CTR DISA GIG-CS" <Ian.Stong.ctr () disa mil> Date: Fri, 1 Jun 2007 10:20:57 To:"Eric Smith" <defcon47 () yahoo com>,"PenTest" <pen-test () securityfocus com> Subject: RE: Pentesting a Web Applicaton Because I have years of configuration and tweaks on it and various services would be down while reconfiguring it. Looking for little to no downtime. As an example I run VOIP through it with specific source destination pairs and specific port/protocol filters. Multiply that by 30 and you have the configuration that I would have to redo on the device. Meanwhile downtime while configuring and sniffing each application to determine exact ports to allow through, VPN peers to establish, applications to NAT, port remappings for public to private ports..... Thanks -----Original Message----- From: Eric Smith [mailto:defcon47 () yahoo com] Sent: Friday, June 01, 2007 1:13 AM To: Stong, Ian C CTR DISA GIG-CS; PenTest Subject: Re: Pentesting a Web Applicaton Why not just reset the router? In the amount of time you would waste to brute force or dictionary attack it, you could reset, reconfig and be back up and running in minutes. ----- Original Message ---- From: "Stong, Ian C CTR DISA GIG-CS" <Ian.Stong.ctr () disa mil> To: PenTest <pen-test () securityfocus com> Sent: Thursday, May 31, 2007 12:29:33 PM Subject: Pentesting a Web Applicaton Hi, I have a DLINK router/wireless device that has a web interface for managing it via the inside interface. I know the username but the password was cached and due to some Winblows issues the info is gone. Would like some advice for tools I can run (on Windows) to attempt to find the password. I tried brutus but wasn't able to get it to work properly (or I misconfigured). When you access the router via web interface a popup comes up asking for username/pwd. It says "Enter username and password for "DI-514" at y.y.y.y - Then it has fields for User Name: and Password: - and then OK or Cancel. You help is appreciated, Ian Stong ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ________________________________________________________________________ ___________ You snooze, you lose. Get messages ASAP with AutoCheck in the all-new Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_html.html ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Pentesting a Web Applicaton Haroon Meer (Jun 01)
- <Possible follow-ups>
- RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Message not available
- RE: Pentesting a Web Applicaton Peter Wood (Jun 01)
- Message not available
- Re: Pentesting a Web Applicaton Jamie Riden (Jun 01)
- Re: Pentesting a Web Applicaton sherwyn . williams (Jun 01)
- Re: RE: Pentesting a Web Applicaton ebk_lists (Jun 01)
- RE: RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Re: RE: Pentesting a Web Applicaton Jamie Riden (Jun 01)
- Re: RE: Pentesting a Web Applicaton sherwyn . williams (Jun 01)
- RE: RE: Pentesting a Web Applicaton Alex Balayan (Jun 11)
- RE: RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Re: Pentesting a Web Applicaton Hylton Conacher (ZR1HPC) (Jun 04)