Nmap Development mailing list archives
Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS
From: Paulino Calderon <paulino () calderonpale com>
Date: Sat, 23 Jul 2011 19:49:54 -0500
On 07/23/2011 06:35 PM, Hani Benhabiles wrote:
Just checked a d-link DSL-2640U, it has admin/admin creds as default. Request/Response: GET / HTTP/1.1 Host: 192.168.1.1 Connection: keep-alive Authorization: Basic YWRtaW46YWRtaW4= User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 HTTP/1.1 200 Ok Server: micro_httpd Cache-Control: no-cache Date: Sat, 01 Jan 2000 00:36:33 GMT Content-Type: text/html Connection: close On Sat, Jul 23, 2011 at 10:13 AM, Shinnok<admin () shinnok com> wrote:On 07/23/2011 12:02 PM, Shinnok wrote:Hey Paulino, You should probably check the emulators for d-link routers available on d-link's website. The give you access to the interface of d-link routers as well as their login process. Examples: http://support.dlink.com/emulators/dir825/113NA/Login.html http://support.dlink.com/emulators/di624s/ http://support.dlink.com/EMULATORS/DI524/ They should provide insight you into urls and for some the http post login process. However, I don't own a d-link router and thus I can't attest to their exact fidelity as presented on the website's sandbox, so, if someone reading this e-mail owns a d-link router, can you please find the emulator for it on the website and check that the urls and the login process match the ones on the actual device? You can find a list of all emulators available here: http://www.dlink.com/support/faq/?prod_id=1457 The default username and password for D-Link DI(http auth) and WBR(http post) series are "admin" and blank password. http://www.dlink.com/support/faq/ More default router logins: http://www.routerpasswords.com/ http://www.phenoelit-us.org/dpl/dpl.html http://cirt.net/passwords http://defaultpasswords.in/ http://portforward.com/default_username_password/ http://www.virus.org/default-password/ http://www.3ice.hu/tool/dpl/DefaultRouterPasswordList.html http://urbanwireless.info/default-router-passwords Set top boxes logins: http://www.receiverpasswords.com/ Regards, ShinnokForgot to mention this: Another good way of fingerprinting routers and other devices besides url probes, that authenticate via http-auth is by checking the WWW-Authenticate http header field realm: http://www.shodanhq.com/?q=d-link http://www.shodanhq.com/?q=d-link+router http://www.shodanhq.com/?q=linksys You can cross-check identifier strings with lists like: http://www.http-stats.com/header/Www-Authenticate Shinnok _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Thanks! I'll add these signatures ASAP. Shinook: Great suggestions! I'll look into it. Cheers. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New NSE script: http-default-accounts.nse - Default account access checker Paulino Calderon (Jul 01)
- Re: New NSE script: http-default-accounts.nse - Default account access checker Gutek (Jul 02)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Paulino Calderon (Jul 16)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Shinnok (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Shinnok (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Hani Benhabiles (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Paulino Calderon (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Shinnok (Jul 23)