Penetration Testing mailing list archives
Re: nmap shows open UDP port 113
From: "Gabriel Alexandros" <agabriel () otenet gr>
Date: Thu, 25 Mar 2004 23:09:19 +0200
hope my idea works, this is quite interesting, firstly you need to identify which ports are open in the NAT server by using nmap -sS NAT(ip) , as you mentioned it has 113 port open which is the time protocol, knowing that we have at least one port accepting traffic from systems outside the NAT server, we can gain a better prospective of what is happening behind the NAT and in order to accomplish this we will use the idle scan technique and by using nmap ( you can use hping too ) Nmap -sI NAT(ip):113 LOCAL(ip) or even better Nmap -sI NAT(ip):NAT(port) LOCAL(ip) ,the problem here would be the local ip but you can try and guess some, the most comon are 192.168.0.* 192.168.254.* 10.0.0.* and you will get a good idea what is behind in there. ----- Original Message ----- From: "BillyBobKnob" <billybobknob () hotmail com> To: <pen-test () lists securityfocus com> Sent: Thursday, March 25, 2004 4:57 AM Subject: nmap shows open UDP port 113
My friend asked me to see if I could scan or penetrate his firewall. He = only told me that it was a Linux box setup as a firewall running NAT to = hide internal IPs. - I did a nmap -O and a nmap -O --fuzzy but it said "too many = fingerprints match for accurate OS guess" but it did tell me that TCP port 113 was in the closed state - so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me = same info as this port was closed - so I tried nmap -sU and no results - then I tried nmap -sU -p 113 and it said that UDP port 113 was open !! I was then able to netcat to it (nc -u ipaddress 113) and I verified = that I was connected with a netstat. While connected via netcat I tried sending it commands like (ls, cd .., = help, echo) but got nothing. Is there anything that can be done with this connection ?? Or is there anyway to find out what internal IPs are behind it ? Thanks, Bill --------------------------------------------------------------------------
-
You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- nmap shows open UDP port 113 BillyBobKnob (Mar 25)
- Re: nmap shows open UDP port 113 WiM (Mar 25)
- Re: nmap shows open UDP port 113 R. DuFresne (Mar 25)
- RE: nmap shows open UDP port 113 Gary Rollie (Mar 25)
- Re: nmap shows open UDP port 113 David Cannings (Mar 25)
- Re: nmap shows open UDP port 113 Gabriel Alexandros (Mar 25)
- Re: nmap shows open UDP port 113 Jon Hart (Mar 26)
- Re: nmap shows open UDP port 113 Gregory Spath (Mar 30)
- <Possible follow-ups>
- Re: nmap shows open UDP port 113 Don Parker (Mar 26)