Re: Pentesting a Web Applicaton

From: Hylton Conacher (ZR1HPC) (hylton@conacher.co.za)
Date: Mon Jun 04 2007 - 06:19:03 EDT


Stong, Ian C CTR DISA GIG-CS wrote:
> Just for clarification - I have backups of the configs and could reset
> the device and reload the config but as soon as you do that it also
> restores the password. In addition you can't change the password without
> knowing the old password.
I would suggest looking at the backup files, after making a copy of
them, and seeing if you can obtain a clear text password or even
password hash.
With the password hash I am almost sure you could run it through a set
of rainbow tables and also through another method to obtain the real
password, which in this case should be both the same obtained from the
rainbow tables and other app.

Take an evening, reset the device, try the cracked password. If it works
you have lost nothing and can reset the password. If it doesn't work you
have also lost nothing but you have gained the knowledge that the
cracked password is one that doesn't work.

Another thing to try is accessing the device from the cmd line via the
IP I am sure you have. Try and see if there is anything in the cmd line
help regarding lost passwords ie C;\> 'commandtoconnecttodevice -h'
sans quotes. Try the 1st cracked password too as maybe the web interface
has a different passwd.

> And it's not actually the model listed and it's not a work device.
> Didn't want to give away the actual model number, IP address and code
> version, etc in case someone got bored and tried to hack away at it
> externally :)
Now who would do something like that? :)

Let us know the outcome.
Hylton

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:51 EDT