about summary refs log tree commit diff
path: root/web/blog/posts/reversing-watchguard-vpn.md
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@google.com>2020-02-09T21·24+0000
committerVincent Ambo <tazjin@google.com>2020-02-09T21·24+0000
commit0bc2f8995eb6ebcd13a33282520f724451630a36 (patch)
tree45ce8228d4ad3f81b41931ac7290797c6a0217dc /web/blog/posts/reversing-watchguard-vpn.md
parent30e8f59d0262e28c0fb06eac739ca141ebad2847 (diff)
style(web/blog): Minor formatting fixes in Watchguard post r/520
Diffstat (limited to 'web/blog/posts/reversing-watchguard-vpn.md')
-rw-r--r--web/blog/posts/reversing-watchguard-vpn.md8
1 files changed, 4 insertions, 4 deletions
diff --git a/web/blog/posts/reversing-watchguard-vpn.md b/web/blog/posts/reversing-watchguard-vpn.md
index 49e9ffa908d7..f1b779d8d993 100644
--- a/web/blog/posts/reversing-watchguard-vpn.md
+++ b/web/blog/posts/reversing-watchguard-vpn.md
@@ -1,4 +1,4 @@
-**Update**: WatchGuard has
+TIP: WatchGuard has
 [responded](https://www.reddit.com/r/netsec/comments/5tg0f9/reverseengineering_watchguard_mobile_vpn/dds6knx/)
 to this post on Reddit. If you haven\'t read the post yet I\'d recommend
 doing that first before reading the response to have the proper context.
@@ -50,9 +50,9 @@ important:
 
 I started with the first one
 
-`%@?action=sslvpn_download&filename=%@&fw_password=%@&fw_username=%@`
+    %@?action=sslvpn_download&filename=%@&fw_password=%@&fw_username=%@
 
-and just =curl=ed it on the VPN host, replacing the username and
+and just curled it on the VPN host, replacing the username and
 password fields with bogus data and the filename field with
 `client.wgssl` - another string in the executable that looked like a
 filename.
@@ -64,7 +64,7 @@ after logging in to the web UI - oh well.
 
 The next endpoint I tried ended up being a bit more interesting still:
 
-`/?action=sslvpn_logon&fw_username=%@&fw_password=%@&style=fw_logon_progress.xsl&fw_logon_type=logon&fw_domain=Firebox-DB`
+    /?action=sslvpn_logon&fw_username=%@&fw_password=%@&style=fw_logon_progress.xsl&fw_logon_type=logon&fw_domain=Firebox-DB
 
 Inserting the correct username and password into the query parameters
 actually triggered the process that sent a token to my phone. The