 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 91
 Members: 0
 Total: 91
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| tinman |
|
| Replies: 2 |
| Views: 53950 |
|
|
 |
|
 |
|
BIOS PASSWORDS;
BIOS PW: 322232 32232 BCNDK1 ADMINBN99
DEFAULT PASSWORD (GUI) admin or adminbn99 (Listens on port 8000)
RAID PASSWORD 0000
Barracuda Spam & Virus Firewall Notes - How to get ... |
|
|
|
|
This is the shadow password from a widely deployed network security device. Could be very useful.
root:$1$2NVlp7G0$EoDgfwGBkSb/LOe7VgfQP/:0:0:root:/root: |
|
|
|
|
Is anyone really good at working out how a hash may have been put together?
<btv1==270870ea5a6==someone@somewhere.invalid>
Now we think the 270 means '7 days' with '269 meaning 6 days etc' ... |
|
|
|
|
I was looking through a grabber log that I set up on a server, and I spotted this in the headers:
ASPSESSIONIDSSBCCCDB=KDKNBCLBGIMKJHCKHDBCLAJF; phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid% ... |
|
|
|
| tinman |
|
| Replies: 8 |
| Views: 21625 |
|
|
|
|
|
|
I got the session ID from 'live http headers' in firefox. I cut/paste it from the cookie section:
Cookie: __utmz=61161705.1212840634.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=& ... |
|
|
|
| tinman |
|
| Replies: 8 |
| Views: 21625 |
|
|
|
|
|
|
|
|
|
| tinman |
|
| Replies: 33 |
| Views: 46038 |
|
|
|
|
|
|
Coming back to this, I've spent a few weeks playing and I've come up with a potential target. Windows server running MySQL (yum!)
The page concerned is a form processing thing which uses post
ht ... |
|
|
|
| tinman |
|
| Replies: 8 |
| Views: 21625 |
|
|
|
|
|
|
I've had a play with this but a lack of documentation does not help. What I get with it (target is smf 1.1.4) is this:
[.] Exploit Starts.
[+] Trying to read Sesc
[-] Unable to find Sesc
I've ... |
|
|
|
| tinman |
|
| Replies: 3 |
| Views: 15979 |
|
|
|
|
|
|
| Would you believe that I have found a 2.0.8 phpbb running on a website belonging to a big player in the IT security market! I'm not allowed to name them, but an unusual fish starting with 'B' is a clu ... |
|
|
|
|
Microsoft JET Database Engine error '80040e37'
The Microsoft Jet database engine cannot find the input table or query 'users'. Make sure it exists and that its name is spelled correctly.
/login. ... |
|
|
|
|
Stumbled across a site with (perhaps) an insecure access DB. I appreciate they are not much use (unless you can run VB script through them???).
I know that you can't comment out access like proper ... |
|
|
|
|
Thank you gentlemen. I really wanted to work out how to do it myself. I'm not as logical as I could be.
I figure that each domain has a DNS entry somewhere pointing to an IP. I just can't see how y ... |
|
|
|
| tinman |
|
| Replies: 4 |
| Views: 12853 |
|
|
|
|
|
|
You tried: host/forum/docs/CHANGELOG.html ?
That will help you with the version, but as for a password this is set on installation - so nothing standard. |
|
|
|
|
Good afternoon Gentlemen,
I'm still having trouble finding a reliable way to enumerate a host IP address so that I can resolve all of the domain names/websites running on it.
I've used a couple ... |
|
|
|
| tinman |
|
| Replies: 33 |
| Views: 46038 |
|
|
|
|
|
|
I feel such an idiot! I've actually bothered to look at the HTML (yep, the first base that I skipped) and this page is linking to someone elses script. What a fool I am!
<form method="get&q ... |
|
|
| Page 1 of 3 |
Goto page 1, 2, 3Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
