![]() ![]() Specifically, I could not find a way to implement what the JavaScript was doing with chains of payload processing or recursive greps. This got me close, but I ran into some difficulties. My first instinct was to approach this problem with Burp’s macro and parameter extract functionality. I took a look at “processButn()” and determined that I minimally needed param1, id, and sessId to compose a response. Here are a couple excerpts from the login page. Looking at the login process, I concluded that I first needed to request that form, collect multiple values, and finally perform some kind of digest calculation using my proposed password. ![]() It looked like md5.Īdditionally, the URL being posted to wasn’t the same as the form it came from. Aren’t there always? The device did not submit the passwords in the HTTP request, even though they were TLS protected. I was less worried about locking out these accounts, so towards the end of the engagement I tried a straight brute-force on them once I was ready to be loud.Īh, but there were problems. I wished to target these users with a password spray, and I also wanted to have a go at some possible local users that might’ve been defined on the device, like root, fwAdmin, admin, etc. ![]() Without a lot to go on other than some usernames gathered from LinkedIn, this seemed like a door worth trying to force. Recently I was performing an external penetration test, and there was not a lot of attack surface but there was a firewall device present with one of those browser based SSL VPN services. By David Kennedy in Penetration Testing, Security Testing & Analysis ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |