Re: Service Identification

[Bart Somers <bart () doornenburg homelinux net>]

Hi John,

Just a quick sum off ideas:
Try to use
*) amap http://www.thc.org/download.php?t=r&d=amap-4.3.tar.gz
against the port, although i'm not sure if they allready support much 
databases.
*) Nmap 3.45. They support from 3.45 version-checking and maybe they can 
offer you some version
*) netcat instead of telnet. Maybe the telnetclient send some ^M or 
whatever the database don't like.

If this all doesn't provide you help, try to connect to a nearby switch 
and start ettercap ( http://ettercap.sourceforge.net ) to fool it and 
send all the traffic via your laptop (pc?). Capture the traffic and try 
to figure out what the clients are sending to you.

Hope this helps.

Regards,

Bart

John the Kiwi wrote:
> Hi all
>
> I have a remote database to pen test. It runs on port 2000 and has no
> banners. I cannot establish a telnet session without it dropping me
> instantly.
>
> I would like to do one of two things for my customer:
>
> Either sniff the records to a text file as they go to the client (I only
> need to grab email addresses as they come to the client from the server)
>
> or
>
> Figure out how to connect to the database and extract the records
>
> I'm not looking for a canned solution, more a quick summary of tools and
> processes that I should be trying.
>
> I'm sure this is covered a lot but I've searched the list and google and
> haven't found any information on service identification when no banners
> are present and it runs on a non standard port. I'm sure it's my search
> strings but any pointers would be greatly appreciated.
>
> John the Kiwi


---------------------------------------------------------------------------
----------------------------------------------------------------------------