RE: Pen test, tcp/1404 found - advice needed

["Sekurity Wizard" <s.wizard () boundariez com>]

SOCAT results are below:

<results>

ICA
ICA
ICA

</results> 

That ICA is repeated every 10 seconds or so, of after a carriage return
into the port.  Obviously it's a Citrix ICA box - the problem is how to
get it to do my bidding...

S.Wiz


-----Original Message-----
From: Andre Ludwig [mailto:andre.ludwig () gmail com] 
Sent: Thursday, September 15, 2005 4:14 PM
To: Luke Eckley
Cc: Sekurity Wizard; pen-test () securityfocus com
Subject: Re: Pen test, tcp/1404 found - advice needed

Use your level 45 remote service enumeration spell!  Be careful, as you
wouldn't want your spell to trigger a recasting of "Perimeter ACL
Blast".  Unless of course you have learned the always handy "Unholy
0-day of Reckoning"; hell, that has its caveats.  Of course, being a
Sekurity Wizard, you know all of this already, as opposed to a lowly
mage such as myself.

If all else fails, you may heed the guidance that the others have
provided.  I hasten to suggest usage of a network fuzzer but none the
less you may try it.

Another possible solution (using socat), this will only read the first
1000 bytes of output.

socat - tcp:yourtargetip:1404,readbytes=1000

http://www.dest-unreach.org/socat/doc/socat.html#EXAMPLES

Dr3
"security mage and jester"

On 9/15/05, Luke Eckley <luke () xifos org> wrote:
> Sekurity Wizard wrote:
> > Hey folks,
> >       Found tcp/1494 open to a server during a pen test, black-box 
> > style.  Are there any interesting tools that may be available to 
> > extract information from the server on the receiving end?
>
> The easiest thing to do is telnet (or use netcat) to the port to see 
> if it responds with a version or any other information.
>
> Also if you know the OS, then just google for that port and narrow 
> down your results by OS.
>
> Luke
>
> ----------------------------------------------------------------------
> -------- Audit your website security with Acunetix Web Vulnerability 
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications on 
> your website. Up to 75% of cyber attacks are launched on shopping 
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and 
> locked-down servers are futile against web application hacking. Check 
> your website for vulnerabilities to SQL injection, Cross site
scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------