[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Sunny WebBox Default Password
- To: noloader@xxxxxxxxx
- Subject: Re: [Full-disclosure] Sunny WebBox Default Password
- From: "Larry W. Cashdollar" <larry0@xxxxxx>
- Date: Sat, 24 Dec 2011 00:13:59 +0000 (GMT)
<html><body><div>I like in the description of the product, "The Sunny WebBox is
a multi-functional, energy-efficient data logger
which offers a wealth of options for displaying, archiving and
processing data, even in networks with strict security
regulations."</div><div><pre style="font-family: Helvetica,Arial,sans-serif;
font-size: 13px; white-space: pre-wrap" data-mce-style="font-family:
Helvetica,Arial,sans-serif; font-size: 13px; white-space: pre-wrap;">
^------- Neat.<br>-- Larry
C$</pre></div><div><br>On Dec 23, 2011, at 12:55 PM, Jeffrey Walton
<noloader@xxxxxxxxx> wrote:<br><br><div><blockquote type="cite"><div
class="msg-quote"><div class="_stretch">On Fri, Dec 23, 2011 at 11:02 AM, Hacxx
Under <<a href="mailto:hacxx20@xxxxxxxxx";
data-mce-href="mailto:hacxx20@xxxxxxxxx";>hacxx20@xxxxxxxxx</a>> wrote:<br>
> Sunny Web Box is a device that has a web interface and it's used as a<br>
> reader for solar energy microproducers.<br> ><br> > The default
password is "SMA"<br> ><br> > The devices can be founfd using intitle:
"Sunny WebBox"<br> > -------<br> > Hacked Boxes<br> ><br> > <a
href="http://mariorodrigues.dynip.sapo.pt";
data-mce-href="http://mariorodrigues.dynip.sapo.pt";>http://mariorodrigues.dynip.sapo.pt</a><br>
> <a href="http://gisolar.cannondesign.com";
data-mce-href="http://gisolar.cannondesign.com";>http://gisolar.cannondesign.com</a><br>
> <a href="http://pvpichler.dyndns.org:509";
data-mce-href="http://pvpichler.dyndns.org:509";>http://pvpichler.dyndns.org:509</a><br>
> <a href="http://217.113.37.189:80";
data-mce-href="http://217.113.37.189:80";>http://217.113.37.189:80</a><br> >
<a href="http://zodiac.hostein.org:8081";
data-mce-href="http://zodiac.hostein.org:8081";>http://zodiac.hostein.org:8081</a><br>
> <a href="http://79.1742.145.114";
data-mce-href="http://79.1742.145.114";>http://79.1742.145.114</a><br> > <a
href="http://67.78.27.35";
data-mce-href="http://67.78.27.35";>http://67.78.27.35</a><br> > <a
href="http://217.133.100.238:8082";
data-mce-href="http://217.133.100.238:8082";>http://217.133.100.238:8082</a><br>
> <a href="http://news.hartwellps.vic.edu.au";
data-mce-href="http://news.hartwellps.vic.edu.au";>http://news.hartwellps.vic.edu.au</a><br>
> <a href="http://energiasolar.ues.edu.sv";
data-mce-href="http://energiasolar.ues.edu.sv";>http://energiasolar.ues.edu.sv</a><br>
> <a href="http://solar.amy.gr";
data-mce-href="http://solar.amy.gr";>http://solar.amy.gr</a><br> > <a
href="http://xserver.clio.it";
data-mce-href="http://xserver.clio.it";>http://xserver.clio.it</a><br> They also
use MD5 in a JSON request over HTTP. Not surprisingly:<br> <br> $ echo SMA |
md5sum<br> 8872966064a33f7520d11c0fffe7e517<br> <br> [Google for
8872966064a33f7520d11c0fffe7e517]<br> <br> <a
href="http://hash.phelix.lv/md5/371bd54577d68567ed50af283052e0d1/SMA.htm";
data-mce-href="http://hash.phelix.lv/md5/371bd54577d68567ed50af283052e0d1/SMA.htm";>http://hash.phelix.lv/md5/371bd54577d68567ed50af283052e0d1/SMA.htm</a><br>
<br> It looks like this has been known for some time.<br> <br>
_______________________________________________<br> Full-Disclosure - We
believe in it.<br> Charter: <a
href="http://lists.grok.org.uk/full-disclosure-charter.html";
data-mce-href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/";
data-mce-href="http://secunia.com/";>http://secunia.com/</a><br></div></div></blockquote></div></div></body></html>_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/