How to expolit?

From: intel96 (intel96@bellsouth.net)
Date: Tue Jan 31 2006 - 10:24:32 EST


I am conducting a pentest and want to know if there is a way to take
advantage of two potential security issues.

The first is an embedded password in the application, which is stored on
an internal flash (there is only a LAN connection to this device and no
other access). Is there a way to obtain this password without taking
the device apart?

The second are potential buffer overflows (caused by sending various
size packets to the device over IP) in the device and several registered
locations , which causes the device to reboot and issue kernel panics.
Is there a way to take advantage of these buffer overflow to gain
administrator access to the device?

Thanks in advance for any help.

Intel96

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT