Admin Consoles, Default Creds, and Sweet Pwnage

When performing internal network penetration tests, one thing that really gets us excited is finding administrative consoles.  Tomcat and PHPMyAdmin are two of the most common that I’ve found from my experience.  The reason we get excited is that many of these consoles have never had the default credentials changed.  Why?  Because they’re on the …

Admin Consoles, Default Creds, and Sweet Pwnage Read More »