>> >> >>But as we are on the subject, does anyone knows what is used as >>credentials for the Checkpoint? Are there default passwords? I did not >>found them in my default password lists... >> >Not that I know of. Which Checkpoint? You didn't talk of any. > LOL! Looks like I was *a bit* tired at that point.. anyway.. I tried the BWClient utility and realized that it sent POSTs requests while communicating with the firewall.. I think I will brute force the password but for this I must reproduce the behavior of BWClient. I know that he sends out the password ("password" in this case, but for the same password it changes each time) in this format: QOs_9OGelB05RYaW8fo70TsO7ZH5r5uHZuKdAml3BlLU1ps4Cp0g6SFV.pGLVqEN Anyone recognizes the hashing algorithm used? I searched the borderware site to no avail.. They only say that the entire session can be encrypted through ssl on port 442.. Even BWClient.exe's disassembly gave no (apparent) clues. --TB _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 12:00:34 PDT