Hi, Just to go deeper. Definition: (taken from www.webramp.com) What is a WebRamp? A WebRamp is a communications device that allows your whole office to share Internet access. You can choose from a variety of different models depending on your needs. While all WebRamps allow you to share Internet access, WebRamps can differ in the types of modems they use, as well as advanced features such as Access Controls, VPN support, and Remote Dial-in for telecommuters. Now my stuff.. I have checked all the stuff about webramp on bugtraq and different security lists. The only thing i have found are about DoS stuff on the M3 model but nothing more. Today i was searching for web servers on a ISP and got many responses from webramp servers. Some of them when you connect and ask you for authorization they already tell you whats the username to use (wradmin). The default username and password are: wradmin / trancell The other ones possibly bad configurated because there wasnt any login and password thing. Got me into their Setup Page. On M3 models theres a page http://webramp/avconnX.htm where X is the modem number 1,2,3.. there you can get the isp phone number they use, the username they use, and the password like this ******, easy to get with a sniffer or a password snooping program, OR READ THE FORM SOURCE CODE :). On 200i models just go to express internet and you will find the same stuff like M3. Why webramp put that info so free.. and why the passwords are there? i dont see any utility for webramp to send usernames and passwords to the clients that connect. it should be the other way. Three are many other models but im only talking about M3 and 200i because thats the ones i found. Well, and what to do with a phone number (ISP), a username and a password? (not one.. 3 aprox. 1 for each modem) use your imagination. bye, Efrain 'ET' Torres [LoWNOISE] Colombia etat_private pd/gracias aleph1.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:54 PDT