Penetration Testing mailing list archives
Help identifying modem carriers
From: sophia2521 () supanet com
Date: Mon Dec 19 01:41:50 2005
Hi I recently conducted a war dial as part of a penetration test of a large companies phone range. While I was able to identify most of the carriers found there are a few I need help with, if any one can give me any idea what these are, specific software/vendor/model details would be great. Please reply directly and I will summarize to the list. 1) The first simply asks for a password, it allows 4 tries, a dictionary attack has so far been unsuccessful. Each character typed echoes a '#', including the newline. ===== BEGIN LOG ===== CONNECT 2400/ARQ/LAPM/V42BIS PASSWORD> ##### PASSWORD> ###### PASSWORD> ##### PASSWORD> ###### NO CARRIER ===== END LOG ===== The passwords tried in the example are root, guest, test and admin. 2) The second carrier appears to be a terminal server of some kind. It offers a choice of either shell or ppp login. With the shell login you get three tries and each character in the password echoes '*' ===== BEGIN LOG ===== CONNECT 26400 Enter "c" for Solo shell or "ppp" for PPP:c solo login:root password:**** solo login:guest password:***** solo login:admin password:***** NO CARRIER ===== END LOG ===== 3) The third carrier is a simple ']' password prompt. You get three attempts until you are disconnected with what appears to be a error code, or possibly a serial number. Again a direction attack was unsuccessful. ===== BEGIN LOG ===== CONNECT 2400/ARQ/LAPM/V42BIS ] ] ] 0000004E0DD4 +++ ===== END LOG ===== Signup to supanet at https://signup.supanet.com/cgi-bin/signup?_origin=sigwebmail ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Help identifying modem carriers sophia2521 (Dec 18)