Penetration Testing mailing list archives
Re: Alisse
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 28 Jul 2009 15:28:47 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You'd have to login to an account to get much more of a response.And it's very likely there are other sec devices in the path, we, where I work do proxies as well as a secure pre-login <almost an ssl-vpn thingie> to even get to the bealogic auth screen.
Thanks, Ron DuFresne On Tue, 28 Jul 2009, Yiannis Koukouras wrote:
Hi Dharmendra and Wim, I can not capture traffic as this is a PT on the internet facing systems of the client. I am not actually sitting on the same network as the system. If this is a BEA web service, shouldn't it respond to HTTP requests or at least react to my input in any way? The only output I get is the one I posted and no matter what I sent to it afterward it does not reply anything. If this is a WS is there a fuzzer I can use in order to force to reply? Ioannis (Yiannis) Koukouras On Tue, Jul 28, 2009 at 10:39 AM, Dharmendra <dbavale () gmail com> wrote:Hi, This looks like an application listening on the port. Try capturing the same using ethereal and do a follow tcp stream. This may help in identifying the protocol. Regards, Dharmendra T. 2009/7/27 Yiannis Koukouras <ikoukouras () gmail com>Hello all, During a black box pentest, I found port 9025 open on a system and when I connected with nc I got the following reply (follow link to view the reply as it is in non ASCII format): http://pastebin.ca/1494670 Do you think this is a web service listener or something like that? The tags indicate that tha this has something to do with XML. Nevertheless, it does not respond to any input.... I am open to ideas... Thnx, Ioannis (Yiannis) Koukouras ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- Regards, Dharmendra T.------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 These things happened. They were glorious and they changed the world..., and then we fucked up the endgame. --Charlie Wilson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKb1Fyst+vzJSwZikRAoUJAJ4m+6mmTtdbvc7w15rN31v/DXoM2QCfV4lR SrCSW4MDQrlAuJu/WmP0JxM= =5sFy -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Alisse Yiannis Koukouras (Jul 27)
- Re: Alisse Wim Remes (Jul 28)
- Re: Alisse administrator - (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Christine Kronberg (Jul 30)
- Message not available
- Re: Alisse Yiannis Koukouras (Jul 30)
- Re: Alisse matteo filippetto (Jul 31)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse R. DuFresne (Jul 30)
- <Possible follow-ups>
- Re: Alisse maniacode (Jul 30)