Admin Consoles, Default Creds, and Sweet Pwnage
When performing internal network penetration tests, one thing that really gets us excited is finding administrative consoles. Tomcat and PHPMyAdmin are two of the most common that I’ve found from my experience. The reason we get excited is that many of these consoles have never had the default credentials changed. Why? Because they’re on the …