Always on a mission away from my country, I still resides at the hotel. And the evenings are long and cold this season ... This pretty hotel has WiFi ... Unsecured, but one that requires a login / password to browse the Web. Let's take a closer close ...
Already I was told at the beginning of the stay mdp connection changes daily. And it gives me a paper with written on it: Client / Edf45sEr. Here is the login / password. Brute-force? No it means bof bof. Looking shorter.
So Let's login to the WiFi. Trying to connect to my friend Google ... A nice login screen appears:
And in the url, a bunch of parameters: https: / / 192.168.2.1/cgi-bin/hotspotlogin.cgi? Res = & notyet uamip = 192.168.2.1 & uamport = 3990 & challenge = 3c1d263bd4ac9a9dcaaf25e62d416650 userURL & = & Nasidi etap = & mac = 00-AA-DE-8B-78-A4
It shows the MAC address, port and other info. Good and what is hidden in the site root?
Aahhh damn, I can not connect to localhost ... :) Well it not replace the IP address ... ;) 
And duh, what I get ... Administration Console users. With the couple login / password for the account "customer."
And if you looked at the list of other users ... Ah ben y 'admin account ... Bravo calf! :)
So login and pwd for connection can be found as soon as one is connected to a WiFi network. Not glop: (lol
Conclusion:
obfuscation Security through these limitations and is very very limited as security strategy ... You still hide your keys under the flowerpot of the entry you? And ben ... there is such
By scratching a little more, we see that it is an apache that runs the service ... it would have been wise to separate the authentication client to the administration and restrict access with a setting like "Allow from localhost . Hoping a screen to be connected ...:)
0 comments:
Post a Comment