Penetration Testing mailing list archives
Re: Port 4662 exploitation
From: ArcSighter Elite <arcsighter () gmail com>
Date: Tue, 16 Dec 2008 16:40:00 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 sr. wrote:
try to browse to that port with a browser. throw the telnet prompt a GET HTTP/1.0 and see what you get back. if you get html, then it's most likely a web server. i've seen many instances where a server (firewall) will throw back a bunch of open ports. ports that aren't even open on the system in question. That host is usually sitting behind a firewall or an IPS. Of course, the possibility that those ports are actually open because of a careless admin also exists. let's not rule out a honeypot either. also, verify that port 22 is actually open by telnet(ing) there as well. sshd will usually send back a nice little version banner. use that information and check that version for known exploits. then learn how to run a script from a real shell because you'll have to. sr. <saving bandwidth> On Mon, Dec 15, 2008 at 4:42 PM, Dante Lanznaster <dantecl () gmail com> wrote:I believe this scan was internal. I really hope so. 1) too many ports open / listening. You need to do service fingerprinting. 2) connecting via telnet to a listening port will always yield a "connected" prompt and that's hardly a shell. On Mon, Dec 15, 2008 at 9:24 AM, lgpmsec <lgpmsec () gmail com> wrote:Hi again all, Please find below the nmap results for the specific server, and let me know if it adds value: bt ~ # nmap -sT -vv x.x.x.120 Starting Nmap 4.60 ( http://nmap.org ) at 2008-12-15 15:04 GMT Initiating Ping Scan at 15:04 Scanning x.x.x.120 [2 ports]------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Excuses to everyone not alluded, but don't you people know this: nmap -sS -P0 -T0 -sV -O host 445 It just basic nmap, and will give us the clues we need to help the author. It's just that, one targeted port on 445 or 22 with service fingerprinting, and the like. We only need this to get a clue about the host's purpose. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJSCAvH+KgkfcIQ8cRAtIhAJ44BCmNUhBhsz5xJcigCeNTwgB0ywCfS9fV L6iJZAg0EN1P+SgROBumtlk= =dgdQ -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: failure notice sr. (Dec 16)
- Re: Port 4662 exploitation ArcSighter Elite (Dec 18)
- Re: Port 4662 exploitation Boogie B. (Dec 18)
- Re: Port 4662 exploitation Boogie B. (Dec 18)
- Re: Port 4662 exploitation Boogie B. (Dec 18)
- Re: Port 4662 exploitation ArcSighter Elite (Dec 18)