Penetration Testing mailing list archives
Re: Alisse
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Tue, 28 Jul 2009 13:36:45 +0300
Hi Dharmendra and Wim, I can not capture traffic as this is a PT on the internet facing systems of the client. I am not actually sitting on the same network as the system. If this is a BEA web service, shouldn't it respond to HTTP requests or at least react to my input in any way? The only output I get is the one I posted and no matter what I sent to it afterward it does not reply anything. If this is a WS is there a fuzzer I can use in order to force to reply? Ioannis (Yiannis) Koukouras On Tue, Jul 28, 2009 at 10:39 AM, Dharmendra <dbavale () gmail com> wrote:
Hi, This looks like an application listening on the port. Try capturing the same using ethereal and do a follow tcp stream. This may help in identifying the protocol. Regards, Dharmendra T. 2009/7/27 Yiannis Koukouras <ikoukouras () gmail com>Hello all, During a black box pentest, I found port 9025 open on a system and when I connected with nc I got the following reply (follow link to view the reply as it is in non ASCII format): http://pastebin.ca/1494670 Do you think this is a web service listener or something like that? The tags indicate that tha this has something to do with XML. Nevertheless, it does not respond to any input.... I am open to ideas... Thnx, Ioannis (Yiannis) Koukouras ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- Regards, Dharmendra T.
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Alisse Yiannis Koukouras (Jul 27)
- Re: Alisse Wim Remes (Jul 28)
- Re: Alisse administrator - (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Christine Kronberg (Jul 30)
- Message not available
- Re: Alisse Yiannis Koukouras (Jul 30)
- Re: Alisse matteo filippetto (Jul 31)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse R. DuFresne (Jul 30)
- <Possible follow-ups>
- Re: Alisse maniacode (Jul 30)