Community Status Updates
"reverse engineering" the authenication process of Apple Airport Extreme's. They should not have SNMP emables with a cs of "public" by default!
tekioLooks like each Airport Utility has a public key stored in the software. Also looking like they use SNMP for configuration changes.
Wonder if these OID's can be accessed via port 161 with a default community string of "public'. :)
Making a perl app to bruteforce non-standard OID's to see what I can get! :)
Jul 09 2012 06:36 AM
tekioAlso, I cannot believe how many airport SOHO routers are in use! Using scanrand aimed at port 5009, then sending a 128-byte message to the port will reveal if it's an airport. They respond with an encrypted message, BUT each message is started and ended in clear text with:
app: start message
END| to end the message.
Jul 09 2012 06:46 AM
BinRev is hosted by the great people at Lunarpages!