From: GRUPOHEMAC.- juan davila (jdavila@grupohemac.com.mx)
Date: Tue May 04 2004 - 10:26:35 EDT
Upgrade the software to version 6 and configure only access on interfaces
inbound for management .
Hemac Teleinformatica
Ing. Juan Carlos Davila Ortiz
Ingenieria
Chapultepec # 710 Col. Moderna
3616-3824 Guadalajara, Jal.
jdavila@grupohemac.com.mx
---------- Original Message -----------
From: "Brewis, Mark" <mark.brewis@eds.com>
To: "'Filipe A.'" <incognito@patria.ath.cx>, pen-test@securityfocus.com
Sent: Mon, 3 May 2004 20:56:11 +0100
Subject: RE: PacketShaper
> Filipe,
>
> I had a look at one of these about three years ago; I sent out a similar
> request and didn't get anything back. I didn't find anything in its
> deployed state, although you appear to have more ports available
> than I remember seeing. What is it using echo for?
>
> Obviously, a lot of things have moved on in that time with regard to
> application testing. Can you get anything out of the webserver at
> all? Is it an apache, tomcat or lynx derivative, or is it
> proprietary? If you haven't already, try using attacks against
> those as a starting place if it is proprietary, and then fuzz on
> those. It may be one of those things that you feel ought to break,
> but never does.
>
> No idea about the algorithm, I'm afraid.
>
> Good luck,
>
> Mark
>
> Mark Brewis
>
> Security Consultant
> EDS
> UK Information Assurance Group
> Wavendon Tower
> Milton Keynes
> Buckinghamshire
> MK17 8LX.
>
> Tel: +44 (0)1908 28 4013
> Mbl: +44 (0)7989 291 648
> Fax: +44 (0)1908 28 4393
> E@: mark.brewis@eds.com
>
> This email is confidential and intended solely for the use of the
> individual(s) to whom it is addressed. Any views or opinions
> presented are solely those of the author. If you are not the
> intended recipient, be advised that you have received this email in
> error and that any use, dissemination, forwarding, printing, or
> copying of this mail is strictly prohibited.
>
> Precautions have been taken to minimise the risk of transmitting software
> viruses, but you must carry out your own virus checks on any
> attachment to this message. No liability can be accepted for any
> loss or damage caused by software viruses.
>
>
> >>-----Original Message-----
> >>From: Filipe A. [mailto:incognito@patria.ath.cx]
> >>Sent: 28 April 2004 10:48
> >>To: pen-test@securityfocus.com
> >>Subject: PacketShaper
> >>
> >>
> >>
> >> Hello. I'm in the middle of a pentest. On my client's network sits
> >>a PacketShaper (v5.3.0) from Packeteer [1]. This seems to be a
> >>commom device for traffic shaping yet I can't find any published
> >>vulnerabilities for it. Open ports are 7, 21, 23 and 80. Both web and
> >>telnet interfaces require only a password for authentication, no
> >>username needed. Default pwds were no good. I can code a brute
> >>forcer but was wondering if anyone here has audited one of these boxes
> >>and can share some info.
> >>SNMP read community is also available but I don't find any sensitive
> >>information there, apart from traffic statistics. One last
> >>fact, I found
> >>this quote in Packeteer's site regarding password recovery:
> >>"[...] contact Customer Support. After you provide them with
> >>your serial
> >>number, they will generate a default password you can use to
> >>access your
> >>unit via the command-line or browser interface." If I understand
> >>correctly there's an algorithm somewhere that will generate a default
> >>pwd for each box according to it's serial number. Any ideas? (social
> >>engeneering is out of scope for this audit)
> >>
> >>Thanks in advance.
> >>
> >>
> >>[1]
> >>http://www.packeteer.com/prod-sol/products/packetshaper_topologies.cfm
> >>
> >>
> >>
> >>
> >>--------------------------------------------------------------
> >>----------------
> >>Ethical Hacking at the InfoSec Institute. Mention this ad and
> >>get $545 off
> >>any course! All of our class sizes are guaranteed to be 10
> >>students or less
> >>to facilitate one-on-one interaction with one of our expert
> >>instructors.
> >>Attend a course taught by an expert instructor with years of
> >>in-the-field
> >>pen testing experience in our state of the art hacking lab.
> >>Master the skills
> >>of an Ethical Hacker to better assess the security of your
> >>organization.
> >>Visit us at:
> >>http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> >>--------------------------------------------------------------
> >>-----------------
> >>
>
> ---------------------------------------------------------------------------
--- > Ethical Hacking at the InfoSec Institute. Mention this ad and get > $545 off any course! All of our class sizes are guaranteed to be 10 > students or less to facilitate one-on-one interaction with one of > our expert instructors. Attend a course taught by an expert > instructor with years of in-the-field pen testing experience in our > state of the art hacking lab. Master the skills of an Ethical Hacker > to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html > --------------------------------------------------------------------------- ---- ------- End of Original Message ------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT