From: Filipe A. (incognito@patria.ath.cx)
Date: Wed Apr 28 2004 - 05:47:50 EDT
Hello. I'm in the middle of a pentest. On my client's network sits
a PacketShaper (v5.3.0) from Packeteer [1]. This seems to be a
commom device for traffic shaping yet I can't find any published
vulnerabilities for it. Open ports are 7, 21, 23 and 80. Both web and
telnet interfaces require only a password for authentication, no
username needed. Default pwds were no good. I can code a brute
forcer but was wondering if anyone here has audited one of these boxes
and can share some info.
SNMP read community is also available but I don't find any sensitive
information there, apart from traffic statistics. One last fact, I found
this quote in Packeteer's site regarding password recovery:
"[...] contact Customer Support. After you provide them with your serial
number, they will generate a default password you can use to access your
unit via the command-line or browser interface." If I understand
correctly there's an algorithm somewhere that will generate a default
pwd for each box according to it's serial number. Any ideas? (social
engeneering is out of scope for this audit)
Thanks in advance.
[1]
http://www.packeteer.com/prod-sol/products/packetshaper_topologies.cfm
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT