Penetration Testing mailing list archives
Re: Alisse
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Tue, 28 Jul 2009 13:47:14 +0300
Hi, Nmap says it is a windows pc. unfortunately it is the only open port on the system and we can not determine neither the OS or the business role of the system. Of cource I will update you should I find anything. I did a little reasearch on the BEA scenario and it appears that it may be a BEA JSL (Jolt Server Listener). Hmm...if this is the case, this is an exposed WS to the world. right? Ioannis (Yiannis) Koukouras On Tue, Jul 28, 2009 at 1:31 PM, administrator -<illegal.visitor () gmail com> wrote:
Hi there, A few questions regarding your mail: - What OS is the system running? - Any other ports/apps that might give a hint? - If it is a company pc, what branche they operate in? Answers on the above limit the scope of your/our search :-) If you ever find out what is running, pls update us. Always good to know. Cheers! illegal_visit0r On 7/27/09, Yiannis Koukouras <ikoukouras () gmail com> wrote:Hello all, During a black box pentest, I found port 9025 open on a system and when I connected with nc I got the following reply (follow link to view the reply as it is in non ASCII format): http://pastebin.ca/1494670 Do you think this is a web service listener or something like that? The tags indicate that tha this has something to do with XML. Nevertheless, it does not respond to any input.... I am open to ideas... Thnx, Ioannis (Yiannis) Koukouras ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Alisse Yiannis Koukouras (Jul 27)
- Re: Alisse Wim Remes (Jul 28)
- Re: Alisse administrator - (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Christine Kronberg (Jul 30)
- Message not available
- Re: Alisse Yiannis Koukouras (Jul 30)
- Re: Alisse matteo filippetto (Jul 31)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse R. DuFresne (Jul 30)
- <Possible follow-ups>
- Re: Alisse maniacode (Jul 30)