Jump to content

Community Status Updates



"reverse engineering" the authenication process of Apple Airport Extreme's. They should not have SNMP emables with a cs of "public" by default!
Jul 09 2012 04:37 AM
  • tekio's Photo
    Looks like each Airport Utility has a public key stored in the software. Also looking like they use SNMP for configuration changes.

    Wonder if these OID's can be accessed via port 161 with a default community string of "public'. :)

    Making a perl app to bruteforce non-standard OID's to see what I can get! :)
    Jul 09 2012 06:36 AM
  • tekio's Photo
    Also, I cannot believe how many airport SOHO routers are in use! Using scanrand aimed at port 5009, then sending a 128-byte message to the port will reveal if it's an airport. They respond with an encrypted message, BUT each message is started and ended in clear text with:
    app: start message
    END| to end the message.
    Jul 09 2012 06:46 AM

BinRev is hosted by the great people at Lunarpages!