Penetration Testing mailing list archives
Re: Looks like a Borderware firewall
From: Alif The Terrible <measl () mfn org>
Date: Mon, 26 Aug 2002 14:04:43 -0500 (CDT)
I believe the encryption algorithm was published on cypherpunks about 2 years ago: google is your friend. On Thu, 22 Aug 2002, The Blueberry wrote:
Date: Thu, 22 Aug 2002 18:52:35 +0000 From: The Blueberry <acr872k () hotmail com> To: jfernandez () germinus com Cc: pen-test () securityfocus com Subject: Looks like a Borderware firewallBut as we are on the subject, does anyone knows what is used as credentials for the Checkpoint? Are there default passwords? I did not found them in my default password lists...Not that I know of. Which Checkpoint? You didn't talk of any.LOL! Looks like I was *a bit* tired at that point.. anyway.. I tried the BWClient utility and realized that it sent POSTs requests while communicating with the firewall.. I think I will brute force the password but for this I must reproduce the behavior of BWClient. I know that he sends out the password ("password" in this case, but for the same password it changes each time) in this format: QOs_9OGelB05RYaW8fo70TsO7ZH5r5uHZuKdAml3BlLU1ps4Cp0g6SFV.pGLVqEN Anyone recognizes the hashing algorithm used? I searched the borderware site to no avail.. They only say that the entire session can be encrypted through ssl on port 442.. Even BWClient.exe's disassembly gave no (apparent) clues. --TB _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
-- Yours, J.A. Terranson sysadmin () mfn org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... -------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Looks like a Borderware firewall The Blueberry (Aug 21)
- RE: Looks like a Borderware firewall Fernando Cardoso (Aug 26)
- <Possible follow-ups>
- Looks like a Borderware firewall The Blueberry (Aug 26)
- Re: Looks like a Borderware firewall Alif The Terrible (Aug 26)