notas:seguridad:why_i_would_never_buy_a_dell_powerconnect_2724
Diferencias
Muestra las diferencias entre dos versiones de la página.
Próxima revisión | Revisión previa | ||
notas:seguridad:why_i_would_never_buy_a_dell_powerconnect_2724 [2016/12/27 18:19] – creado cayu | notas:seguridad:why_i_would_never_buy_a_dell_powerconnect_2724 [Fecha desconocida] (actual) – borrado - editor externo (Fecha desconocida) 127.0.0.1 | ||
---|---|---|---|
Línea 1: | Línea 1: | ||
- | ====== Why I would never buy a Dell PowerConnect 2724 ====== | ||
- | ==== Thu, 17 Mar 2011 ==== | ||
- | **Why I would never buy a Dell PowerConnect 2724** | ||
- | |||
- | At work, we acquired the above mentioned 24Port switch from Dell. It supports a so called managed mode (needs to be enabled by poking into a hole on the switch with a paperclip). | ||
- | |||
- | Enabling that sets the switch IP to 192.168.2.1/ | ||
- | |||
- | When you do that, don't be impatient, the IP needs ages to come up, but eventually you will be able to ping it. | ||
- | |||
- | I was a bit surprised that it actually only supports http on port :80, no https, no ssh, no telnet and no snmp. -- But ok, lets log in via http. | ||
- | |||
- | The login page is not only a < | ||
- | |||
- | Trying to login with the default credentials (user admin, empty password) results in a Error message User name or Password is missing. | ||
- | |||
- | Googling for that error message finds hundreds of hits of people having the same problem, and Dell support always saying the same thing: Clear your browser cache, or similar unhelpful things. People report different levels of success by using different browsers, but it appears that nobody has a clue what the real problem is. | ||
- | |||
- | But I can tell you now. After some debugging I found the problem. It's not even the javascript. That is only there to make your life difficult. | ||
- | |||
- | Here is what the login attempt looks like from Firefox: | ||
- | |||
- | < | ||
- | T 192.168.2.10: | ||
- | POST / | ||
- | indows; U; Windows NT 5.1; de; rv: | ||
- | Accept: text/ | ||
- | cept-Language: | ||
- | pt-Charset: ISO-8859-1, | ||
- | in11.htm..Cookie: | ||
- | ication/ | ||
- | .. | ||
- | T 192.168.2.10: | ||
- | Username=admin& | ||
- | f125f969b9ae31dc392cc8 | ||
- | </ | ||
- | |||
- | which results in your favourite error page: | ||
- | |||
- | < | ||
- | T 192.168.2.1: | ||
- | HTTP/1.0 200 OK..Set-Cookie: | ||
- | .Connection: | ||
- | YLESHEET" | ||
- | " src="/ | ||
- | r="# | ||
- | cument.title);</ | ||
- | assword is missing</ | ||
- | </ | ||
- | |||
- | Getting a little ahead of myself, a successfull login looks like this: | ||
- | |||
- | < | ||
- | T 192.168.2.10: | ||
- | POST / | ||
- | indows; U; Windows NT 5.1; de; rv: | ||
- | Accept: text/ | ||
- | cept-Language: | ||
- | pt-Charset: ISO-8859-1, | ||
- | in11.htm..Cookie: | ||
- | ication/ | ||
- | ..Username=admin& | ||
- | 04f433579f6737cac5d0b585.. | ||
- | |||
- | T 192.168.2.1: | ||
- | HTTP/1.0 302 Found..Location: | ||
- | 9f6737cac5d0b585; | ||
- | </ | ||
- | |||
- | See the difference? It's all in one TCP packet instead of in two. | ||
- | |||
- | That's right. Either the TCP stack, or the HTTP server are _very_ broken. | ||
- | |||
- | If you ever need to login to such a switch, here's the minimal version: | ||
- | |||
- | < | ||
- | #!/bin/sh | ||
- | ( | ||
- | |||
- | # Default user, and blank password | ||
- | user=admin | ||
- | pass= | ||
- | |||
- | # The " | ||
- | ssid=`wget -q -O - http:// | ||
- | |||
- | # Calculate the " | ||
- | pw=`echo -n ${user}${pass}${ssid}|openssl md5 -hex` | ||
- | |||
- | # Send it off to the server | ||
- | cat << EOM | ||
- | POST / | ||
- | Host: 192.168.2.1 | ||
- | Referer: http:// | ||
- | Content-Type: | ||
- | Content-Length: | ||
- | |||
- | Username=${user}& | ||
- | EOM | ||
- | ) | while read a ; do | ||
- | echo $a\\015 # Do " | ||
- | done |cat|nc 192.168.2.1 80 | ||
- | # The second " | ||
- | </ | ||
- | |||
- | You can now use the resulting cookie to access the web-interface. If you want to use your favourite browser, you can edit your cookie with the help of the [[https:// | ||
- | |||
- | Well, I hope this helps anyone out there, because we most certainly won't use this switch for anything more than a dumb switch for a test network. | ||
- | |||
- | **TL;DR**: Their TCP/HTTP code is **broken**, and their support doesn' | ||
- | |||
- | Have fun. | ||
- | |||
- | -- Sec | ||
- | |||
- | posted at: 10:07 | ||
- | |||
- | Referencia : http:// |