Penetration Testing mailing list archives
RE: Pen test, tcp/1404 found - advice needed
From: "Sekurity Wizard" <s.wizard () boundariez com>
Date: Fri, 16 Sep 2005 08:44:23 -0400
SOCAT results are below: <results> ICA ICA ICA </results> That ICA is repeated every 10 seconds or so, of after a carriage return into the port. Obviously it's a Citrix ICA box - the problem is how to get it to do my bidding... S.Wiz -----Original Message----- From: Andre Ludwig [mailto:andre.ludwig () gmail com] Sent: Thursday, September 15, 2005 4:14 PM To: Luke Eckley Cc: Sekurity Wizard; pen-test () securityfocus com Subject: Re: Pen test, tcp/1404 found - advice needed Use your level 45 remote service enumeration spell! Be careful, as you wouldn't want your spell to trigger a recasting of "Perimeter ACL Blast". Unless of course you have learned the always handy "Unholy 0-day of Reckoning"; hell, that has its caveats. Of course, being a Sekurity Wizard, you know all of this already, as opposed to a lowly mage such as myself. If all else fails, you may heed the guidance that the others have provided. I hasten to suggest usage of a network fuzzer but none the less you may try it. Another possible solution (using socat), this will only read the first 1000 bytes of output. socat - tcp:yourtargetip:1404,readbytes=1000 http://www.dest-unreach.org/socat/doc/socat.html#EXAMPLES Dr3 "security mage and jester" On 9/15/05, Luke Eckley <luke () xifos org> wrote:
Sekurity Wizard wrote:Hey folks, Found tcp/1494 open to a server during a pen test, black-box style. Are there any interesting tools that may be available to extract information from the server on the receiving end?The easiest thing to do is telnet (or use netcat) to the port to see if it responds with a version or any other information. Also if you know the OS, then just google for that port and narrow down your results by OS. Luke ---------------------------------------------------------------------- -------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site
scripting and other web attacks before hackers do!
Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------- ---------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pen test, tcp/1404 found - advice needed Sekurity Wizard (Sep 14)
- Re: Pen test, tcp/1404 found - advice needed Ivan . (Sep 15)
- Re: Pen test, tcp/1404 found - advice needed Luke Eckley (Sep 15)
- Re: Pen test, tcp/1404 found - advice needed Andre Ludwig (Sep 16)
- Re: Pen test, tcp/1404 found - advice needed Nicolas RUFF (Sep 16)
- Re: Pen test, tcp/1404 found - advice needed Andre Ludwig (Sep 16)
- <Possible follow-ups>
- Re: Pen test, tcp/1404 found - advice needed mike king (Sep 15)
- RE: Pen test, tcp/1404 found - advice needed Sekurity Wizard (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed Sekurity Wizard (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed DUBRAWSKY, IDO (CALLISMA) (Sep 16)
- FW: Pen test, tcp/1404 found - advice needed Craig Wright (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed MacEwen, Jeffrey B. (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed DUBRAWSKY, IDO (CALLISMA) (Sep 16)
- Re: Pen test, tcp/1404 found - advice needed Sekurity Shaman (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed Craig Wright (Sep 18)