RE: Pentesting a Web Applicaton

From: Stong, Ian C CTR DISA GIG-CS (Ian.Stong.ctr@disa.mil)
Date: Fri Jun 01 2007 - 10:20:57 EDT

• Next message: ebk_lists@hotmail.com: "Interesting Ruling Regarding WiFi access"
• Previous message: Haroon Meer: "Re: Pentesting a Web Applicaton"
• In reply to: Eric Smith: "Re: Pentesting a Web Applicaton"
• Next in thread: Jamie Riden: "Re: Pentesting a Web Applicaton"
• Reply: Jamie Riden: "Re: Pentesting a Web Applicaton"
• Reply: sherwyn.williams@gmail.com: "Re: Pentesting a Web Applicaton"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Because I have years of configuration and tweaks on it and various
services would be down while reconfiguring it. Looking for little to no
downtime. As an example I run VOIP through it with specific source
destination pairs and specific port/protocol filters. Multiply that by
30 and you have the configuration that I would have to redo on the
device. Meanwhile downtime while configuring and sniffing each
application to determine exact ports to allow through, VPN peers to
establish, applications to NAT, port remappings for public to private
ports.....

Thanks

-----Original Message-----
From: Eric Smith [mailto:defcon47@yahoo.com]
Sent: Friday, June 01, 2007 1:13 AM
To: Stong, Ian C CTR DISA GIG-CS; PenTest
Subject: Re: Pentesting a Web Applicaton

Why not just reset the router? In the amount of time you would waste to
brute force or dictionary attack it, you could reset, reconfig and be
back up and running in minutes.

----- Original Message ----
From: "Stong, Ian C CTR DISA GIG-CS" <Ian.Stong.ctr@disa.mil>
To: PenTest <pen-test@securityfocus.com>
Sent: Thursday, May 31, 2007 12:29:33 PM
Subject: Pentesting a Web Applicaton

Hi,

I have a DLINK router/wireless device that has a web interface for
managing it via the inside interface. I know the username but the
password was cached and due to some Winblows issues the info is gone.

Would like some advice for tools I can run (on Windows) to attempt to
find the password. I tried brutus but wasn't able to get it to work
properly (or I misconfigured).

When you access the router via web interface a popup comes up asking for
username/pwd. It says "Enter username and password for "DI-514" at
y.y.y.y - Then it has fields for User Name: and Password: - and then OK
or Cancel.

You help is appreciated,

Ian Stong

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with our 20/20
program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

 
________________________________________________________________________
___________
You snooze, you lose. Get messages ASAP with AutoCheck in the all-new
Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/newmail_html.html

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: ebk_lists@hotmail.com: "Interesting Ruling Regarding WiFi access"
• Previous message: Haroon Meer: "Re: Pentesting a Web Applicaton"
• In reply to: Eric Smith: "Re: Pentesting a Web Applicaton"
• Next in thread: Jamie Riden: "Re: Pentesting a Web Applicaton"
• Reply: Jamie Riden: "Re: Pentesting a Web Applicaton"
• Reply: sherwyn.williams@gmail.com: "Re: Pentesting a Web Applicaton"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:51 EDT