Author Topic: password AfXNtpa38x (Read 1978 times)

neusbeer · « **on:** February 11, 2014, 08:02:57 pm »

I was busy pentesting ip cam's. and found a 'strange' thing.
I use noisy scanning with Acunetix (yeah I'm lazy), and it bruteforce about
40 passwords including this one.
Example log of Acunetix scan: [size=78%]http://www.webprocomponents.com/photographer-portfolio-pro/Wildlife-portfolio1-demo/admin/attackers/94.220.67.55.log[/size]
(see the bruteforce part) note, this ain't my log

When testing a ipcam, the actual password of the HTTP Auth was AfXNtpa38x.
Not really a password you see everyday, and when I google it, there aren't many hits. (only a leak pastebin with also the same password in it. http://pastebin.com/2vMgHkYk)

Why does this (dutch) IP cam have this password.

Am I missing something? is this a standard password for IP cam's of this type or somekind of buildin hardcoded password.

Phage · « **Reply #1 on:** February 11, 2014, 10:15:44 pm »

Is it weird that people put passwords on their internet connected cams? Just asking...

vezzy · « **Reply #2 on:** February 11, 2014, 10:20:50 pm »

Quote from: Phage on February 11, 2014, 10:15:44 pm

Is it weird that people put passwords on their internet connected cams? Just asking...

It's not weird at all unless you intend on having script kiddies searching for cams on SHODAN to conduct surveillance on you.

neusbeer · « **Reply #3 on:** February 11, 2014, 10:35:32 pm »

But why is it in a the wordlist of Acunetix scanner, which uses a small list of often used passwords and the password of a random cam. how big is the chance.

Stackprotector · « **Reply #4 on:** February 11, 2014, 11:04:37 pm »

This is indeed a strange fact. Though the password also appears on that example list you shared. You sure it's only 40 passwords? Maybe it's a very specific brand default password or something underground?

neusbeer · « **Reply #5 on:** February 11, 2014, 11:18:58 pm »

Code: [Select]

around 40 yeah. like password,123456 etc.. ain't that much.. 
Acunetix uses fast bruteforce with a few standard words to speed up..
(still slow though..)
I think brand password..

Phage · « **Reply #6 on:** February 12, 2014, 08:58:53 am »

Quote from: vezzy on February 11, 2014, 10:20:50 pm

It's not weird at all unless you intend on having script kiddies searching for cams on SHODAN to conduct surveillance on you.

You clearly didn't get the irony.

Silent Infiltrator · « **Reply #7 on:** February 12, 2014, 07:00:32 pm »

I have literally 0% with IP cams. But my personal instincts would say that a certain brand must use this password, or a certain model?

Kulverstukas · « **Reply #8 on:** February 12, 2014, 07:04:55 pm »

Well it's logical that the IP cams use a default password, like many things such as routers and shit. People just forget or don't care enough, to change that password.

lucid · « **Reply #9 on:** February 12, 2014, 09:40:12 pm »

Quote from: Phage on February 12, 2014, 08:58:53 am

You clearly didn't get the irony.

I think he was adding to yours

neusbeer · « **Reply #10 on:** February 18, 2014, 07:50:30 pm »

Quote from: Kulverstukas on February 12, 2014, 07:04:55 pm

Well it's logical that the IP cams use a default password, like many things such as routers and shit. People just forget or don't care enough, to change that password.

True, but this ain't the standard password, that's admin:admin I think.
looks more like vendor password or such.

EvilZone

News:

Author Topic: password AfXNtpa38x (Read 1978 times)

neusbeer

password AfXNtpa38x

Phage

Re: password AfXNtpa38x

vezzy

Re: password AfXNtpa38x

neusbeer

Re: password AfXNtpa38x

Stackprotector

Re: password AfXNtpa38x

neusbeer

Re: password AfXNtpa38x

Phage

Re: password AfXNtpa38x

Silent Infiltrator

Re: password AfXNtpa38x

Kulverstukas

Re: password AfXNtpa38x

lucid

Re: password AfXNtpa38x

neusbeer

Re: password AfXNtpa38x