Re: Plugin 11000 - default FTP passwords for HP's MPE/xx?

From: H D Moore (hdmat_private)
Date: Wed Jun 04 2003 - 02:40:45 PDT

Next message: Vincent Renardias: "[NEW] bugbear_b.nasl"

Previous message: Javier Fernandez-Sanguino: "Plugin 11000 - default FTP passwords for HP's MPE/xx?"
In reply to: Javier Fernandez-Sanguino: "Plugin 11000 - default FTP passwords for HP's MPE/xx?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The plugin only tests for "usernames" with blank passwords, the 
SUPPORT.FIELD (role.account) format is a valid FTP username under MPE/iX.  
If you modify the plugin to try common passwords as well, be aware that 
some installations lock out after 3 attempts. The lock-out issue is the 
reason we only test for blank passwords, a particular credit union 
software vendor configures the host processor systems this way.

That default account list looks wrong. The "username" is really a 
combination of role and account, which is what that list is showing in 
the password field. In my limited experience owning these things, I have 
yet to be able to login to any service with anything less than both the 
role and the account. There are various "FIELD" roles, but they are 
usually coupled with an account. There are however default role/accounts 
pairs whose password is commonly "FIELD". Maybe the fields just got 
reversed?  The op.sys and mgr.sys are two of the primary administration 
role/account pairs. 

(Any MPE/iX veterans feel free to step in and give better information to 
the contrary).

-HD

On Wednesday 04 June 2003 04:18 am, Javier Fernandez-Sanguino wrote:
> I was wondering while looking at "MPEi/X Default Accounts" plugin and
> comparing its tests with CIRT's password list [1] there seems to be
> some discrepancy between them.
>
> CIRT's lists passwords as:
>
> "Hewlett-Packard","HP 2000/3000
> MPE/xx","N/A","Multi","FIELD","SUPPORT","N/A",""
>
> That is, user "FIELD" password "SUPPORT"
>
> But the plugin lists the accounts as
> (...)
> accounts[10] = "SUPPORT.FIELD";
>
> and is sent as
> (...)
>      username = accounts[i];
>      user = string("USER ", username, CRLF);
>
> Should this be done sending first a USER (FIELD) and then a password
> (SUPPORT) or does the MPEi/X support this strange (non-RFC?) method of
> logging into a FTP server.
>
> It seems, also, that some of the default accounts listed in CIRT's are
> not included
>
> Username   | Password
> ----------------------
> OPERATOR     DISC
> FIELD        SERVICE
> FIELD        LOTUS
> FIELD        HPONLY
> HELLO        MGR.SYS
> HELLO        FIELD.SUPPORT
> HELLO        OP.OPERATOR
> MAIL         REMOTE
> MAIL         MPE
> .....
>
> I can do a better cross-check but I would like to know if the plugin
> behaviour is correct or if I'm missing something...
>
> Regards
>
> Javi
>
>
>
> [1] http://www.cirt.net/cgi-bin/passwd.pl

Next message: Vincent Renardias: "[NEW] bugbear_b.nasl"
Previous message: Javier Fernandez-Sanguino: "Plugin 11000 - default FTP passwords for HP's MPE/xx?"
In reply to: Javier Fernandez-Sanguino: "Plugin 11000 - default FTP passwords for HP's MPE/xx?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 03:12:23 PDT