[Snort-sigs] HNAP Admin attempts
jlay at ...3266...
Thu Nov 14 16:00:08 EST 2013
On 2013-11-14 13:35, Y M wrote:
> In this case base64_decode can help:
> http://manual.snort.org/node32.html#SECTION004526000000000000000 
>> Date: Thu, 14 Nov 2013 15:20:23 -0500
>> From: wkitty42 at ...3507...
>> To: snort-sigs at lists.sourceforge.net
>> Subject: Re: [Snort-sigs] HNAP Admin attempts
>> On 11/14/2013 3:54 PM, rmkml wrote:
>> > Hi,
>> > What you think about this version please ? (removed file_data +
> added uurilen +
>> > http_uri + short Authorization)
>> FWIW: YWRtaW46 decodes from base64 mime to "admin:"... it indicates
>> attempted use of the "admin" account to login with...
>> NOTE: No off-list assistance is given without prior approval.
>> Please keep mailing list traffic on the list unless
>> private contact is specifically requested and granted.
Thanks for the responses all...and that looks good RM :)
More information about the Snort-sigs