[Snort-sigs] HNAP Admin attempts

James Lay jlay at ...3266...
Thu Nov 14 16:00:08 EST 2013


On 2013-11-14 13:35, Y M wrote:
> In this case base64_decode can help:
>
> http://manual.snort.org/node32.html#SECTION004526000000000000000 [1]
>
>> Date: Thu, 14 Nov 2013 15:20:23 -0500
>> From: wkitty42 at ...3507...
>> To: snort-sigs at lists.sourceforge.net
>> Subject: Re: [Snort-sigs] HNAP Admin attempts
>>
>> On 11/14/2013 3:54 PM, rmkml wrote:
>> > Hi,
>> >
>> > What you think about this version please ? (removed file_data +
> added uurilen +
>> > http_uri + short Authorization)
>>
>> FWIW: YWRtaW46 decodes from base64 mime to "admin:"... it indicates
> the
>> attempted use of the "admin" account to login with...
>>
>> --
>> NOTE: No off-list assistance is given without prior approval.
>> Please keep mailing list traffic on the list unless
>> private contact is specifically requested and granted.
>>

Thanks for the responses all...and that looks good RM :)

James





More information about the Snort-sigs mailing list