Penetration Testing mailing list archives
Re: x.25 / x.28 pentesting
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Thu, 28 Jul 2005 16:37:03 +0200 (CEST)
Hey Marcos,
Someone have experinece doing audit on x.25 networks?
Yeah. Good to know there's someone else who's still carrying on X.25 audits nowadays, thought i remained almost alone ;)
I need to audit a service that use x.28 access (calling by modem) to connect to a host in a x.25 network. I remember from loooong time ago about tools to do scannings in x25 networks through a x28 dialin PAD and try some kind of basic hack in the host that found. But I have forget the name of this tools (and also lose it in some diskette). Any idea about some more moderm (or old) tool to help with x25?
Ah, nice question... X.25 is still a really effective attack vector: nevertheless a lot of people seem to forget about it or believe that's secure only 'cause it's old -- this is a common (and pretty dangerous) misunderstanding that involves other old communication protocols too [1]. X.25 penetration testing through an X.28 pad is always painful, but you could try to build minicom scripts to automate some tasks (scanning of NUAs and/or subaddresses, depending on your testing scope, etc.). You should also try to search the web for some Perl scripts (i remember one that was able to scan Sprintnet NUAs, but it was easily customizable IIRC... it was called x25cat or something like that) and for the good old ADMx25 suite by antilove. There were also some tools for NUI scanning, but i don't think you're gonna need them. Also, take a look at some old tools and whitepapers me and some friends wrote. The tools aren't really meant for X.25 testing through X.28, but maybe you'll find them useful after you penetrate the first system: http://www.0xdeadbeef.info/code/vudu http://www.0xdeadbeef.info/code/fvudu http://www.0xdeadbeef.info/code/autoscan.pl http://www.0xdeadbeef.info/code/psibrute.com http://www.0xdeadbeef.info/code/backdoor.bas http://wayreth.eu.org/x25bru.c http://blackhats.it/it/papers/x25.pdf Finally, even if someone was indeed able to develop a working remote exploit for X.25 networks [2], remember that X.25 hacking is mostly based on manual password guessing sessions, so you'd better be prepared ;) Hope it helps. Ciao, [1] "Since DECnet is a less well-known protocol, nobody is attempting to hack it": http://itmanagement.earthweb.com/erp/article.php/3517186 [2] Remote login exploit via X25 pad. Working on Solaris 2.6/7/8. (CVE-2001-0797) by inode. The code is not public yet. -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
Current thread:
- x.25 / x.28 pentesting Marcos Monge (Jul 20)
- <Possible follow-ups>
- Re: x.25 / x.28 pentesting Marco Ivaldi (Jul 28)