From: Erin Carroll (amoeba@amoebazone.com)
Date: Fri Jun 01 2007 - 02:00:25 EDT
List members,
To head off the already trickling in flood of emails on how to reset the
device.... Yes, I know we could all tell him how to do a manual reset of the
device with a paperclip but let's try to view this as a learning opportunity
for playing with windows brute-force tools for web-based authentication like
Ian asked and recommend some ways to tackle this without the reset shall we?
:)
Ian, if you're *really* bored you could run an HTTP proxy and play with
Expect scripting and a password dictionary... Or try THC-Hydra
(http://www.thc.org/releases.php) if Brutus is giving you issues and you
don't want to reinvent the wheel.
-- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball" > -----Original Message----- > From: listbounce@securityfocus.com > [mailto:listbounce@securityfocus.com] On Behalf Of Stong, Ian > C CTR DISA GIG-CS > Sent: Thursday, May 31, 2007 9:30 AM > To: PenTest > Subject: Pentesting a Web Applicaton > > Hi, > > I have a DLINK router/wireless device that has a web > interface for managing it via the inside interface. I know > the username but the password was cached and due to some > Winblows issues the info is gone. > > Would like some advice for tools I can run (on Windows) to > attempt to find the password. I tried brutus but wasn't able > to get it to work properly (or I misconfigured). > > When you access the router via web interface a popup comes up > asking for username/pwd. It says "Enter username and password > for "DI-514" at y.y.y.y - Then it has fields for User Name: > and Password: - and then OK or Cancel. > > > You help is appreciated, > > Ian Stong > > -------------------------------------------------------------- > ---------- > This List Sponsored by: Cenzic > > Are you using SPI, Watchfire or WhiteHat? > Consider getting clear vision with Cenzic See HOW Now with > our 20/20 program! > > http://www.cenzic.com/c/2020 > -------------------------------------------------------------- > ---------- > ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:51 EDT