[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Sunny WebBox Default Password

To: Hacxx Under <hacxx20@xxxxxxxxx>
Subject: Re: [Full-disclosure] Sunny WebBox Default Password
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Fri, 23 Dec 2011 15:55:37 -0500

On Fri, Dec 23, 2011 at 11:02 AM, Hacxx Under <hacxx20@xxxxxxxxx> wrote:
> Sunny Web Box is a device that has a web interface and it's used as a
> reader for solar energy microproducers.
>
> The default password is "SMA"
>
> The devices can be founfd using intitle: "Sunny WebBox"
> -------
> Hacked Boxes
>
> http://mariorodrigues.dynip.sapo.pt
> http://gisolar.cannondesign.com
> http://pvpichler.dyndns.org:509
> http://217.113.37.189:80
> http://zodiac.hostein.org:8081
> http://79.1742.145.114
> http://67.78.27.35
> http://217.133.100.238:8082
> http://news.hartwellps.vic.edu.au
> http://energiasolar.ues.edu.sv
> http://solar.amy.gr
> http://xserver.clio.it
They also use MD5 in a JSON request over HTTP. Not surprisingly:

$ echo SMA | md5sum
8872966064a33f7520d11c0fffe7e517

[Google for 8872966064a33f7520d11c0fffe7e517]

http://hash.phelix.lv/md5/371bd54577d68567ed50af283052e0d1/SMA.htm

It looks like this has been known for some time.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Sunny WebBox Default Password
  - From: Larry W. Cashdollar

References:
- [Full-disclosure] Sunny WebBox Default Password
  - From: Hacxx Under

Prev by Date: [Full-disclosure] Exploit Pack - Happy new year!
Next by Date: [Full-disclosure] [ MDVSA-2011:192 ] mozilla
Previous by thread: [Full-disclosure] Sunny WebBox Default Password
Next by thread: Re: [Full-disclosure] Sunny WebBox Default Password
Index(es):
- Date
- Thread