Using the network dump we were able to see a dialog between a client (packets in red) and a switch (packets in blue) in TELNET.
As we can see, the client entered “manager” as login, and the switch output “manager”.
For the password, the client provided “manager” but for each character the switch output an asterisk.
The remaining question was : “What can we do with this login/password ?”… nothing (yet).
We began to reverse the firmware with binwalk…
…until a nmap scan in the 10.0.1.0/24 range revealed something very interesting : a “network switch” administration console 😀
I used the manager:manager credentials to login… and it was OK ! 🙂
Then I selected the firmware update to test, and clicked on the Update button.