Security Basics mailing list archives
print server comprimise?
From: T Shawn Knisely <t_shawn () sbcglobal net>
Date: Fri, 16 Jul 2004 14:49:23 -0400
Fairly new to security field.Ran across this by accident while researching an unrelated issue on our network. I ran nmap against an IP address to see if it was the SQL server I was looking for. Here is the output of the nmap scan. What I want to know is this; (yes I googled first with no results) Is it possible to compromise a print server? I was able to ftp to the device, with no password required. Among the oddities is that it seems to have nmap on the print server?
This is the list of commands available: 230 User Name Accepted. ftp> help Commands may be abbreviated. Commands are: ! features mls proxy size $ fget mlsd put sndbuf account form mlst pwd status append ftp mode quit struct ascii gate modtime quote sunique bell get more rate system binary glob mput rcvbuf tenex bye hash msend recv throttle case help newer reget trace cd idle nlist remopts type cdup image nmap rename umask chmod lcd ntrans reset unset close less open restart usage cr lpage page rhelp user debug lpwd passive rmdir verbose delete ls pdir rstatus xferbuf dir macdef pls runique ? disconnect mdelete pmlsd send edit mdir preserve sendport epsv4 mget progress set exit mkdir prompt site Here is the nmap output. Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2004-07-16 13:56 EDT Host 10.x.x.x appears to be up ... good. Initiating SYN Stealth Scan against 10.x.x.x at 13:56 Adding open port 139/tcp Adding open port 515/tcp Adding open port 23/tcp Adding open port 2501/tcp Adding open port 21/tcp Adding open port 3001/tcp Adding open port 80/tcp The SYN Stealth Scan took 2 seconds to scan 1644 ports.For OSScan assuming that port 21 is open and port 1 is closed and neither are firewalled
Interesting ports on 10.x.x.x: (The 1637 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open printer 2501/tcp open rtsclient 3001/tcp open nessusd Device type: print server Running: Intel embedded OS details: Intel InBusiness Print Station OS Fingerprint: (None) TCP Sequence Prediction: Class=64K rule Difficulty=1 (Trivial joke) TCP ISN Seq. Numbers: 465000 474A00 484400 493E00 4A3800 4B3200 IPID Sequence Generation: Incremental Ideas? Thanks in advance, T Shawn ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- print server comprimise? T Shawn Knisely (Jul 16)