last one for today :-D
Just got wfuzz out of my
toolbox and let it mess with my sonicwall webinterface... And I've got
surprising results ;-) There's a hidden page on each (? at least on a TZ
180/210), which lets you mess with the settings that the techies @
sonicwall don't want you to know about ;-) Just login into your
Sonicwall and browse to 'https://sonicwallip/diag.html' and you'll find
a screen like the one below:
[caption id="attachment_346" align="alignnone" width="150"
caption="diag.html - Sonicwall TZ180"]
[/caption]
I've quickly tried on a TZ180 and a TZ210, works for both. The
screenshot has been taken from a TZ180.
For those who care, wfuzz is a fuzzer (as the name indicates), which does a great job in finding hidden directories on a webserver. Other tools I've tried just rely on the HTTP-Code that's getting returned, which wfuzz does as well, but it also prints the length of the response. Sonicwall answers always with a 200-OK code, and tells only via the transferred HTML-Part that there's a 404-ERROR. Not really the nice way (and not really according to the rfc's) but since we see the response-length, nothing we have to care about atm. We can easily filter the working pages out (using awk) and see stuff we want, like the 'diag.html'. :-D
Cheers,
Raphi