Penetration Testing mailing list archives
RE: Digital UNIX 5.60 recourses
From: "Fabrizio Siciliano" <fsiciliano () optiumcorp net>
Date: Fri, 16 Aug 2002 11:31:58 -0500
Hi Alex. Aside from the "brute-force" password guessing on telnet and ftp ports, you should try and look for vulnerabilities associated with the services that are listening on that box. Grab some of the banners coming off of those services to see exactly what version of lets say...ftp, smtp, named (BIND) maybe it's an exploitable version of bind, http, all the goodies. lpd is also listening, so look for lpd exploits. I hope this helps. ./fab http://www.aisec.net
-----Original Message----- From: Alex Balayan [mailto:balayan () bigpond net au] Sent: Friday, August 16, 2002 10:01 AM To: pen-test () securityfocus com Subject: Digital UNIX 5.60 recourses Hi all, I am conducting a penetration tests for a client running a cluster of Digital UNIX 5.60. All the server are exposed to the Internet. Below is an output of a nmap scan. Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on client.digital.unix.com(XXX.XXX.XXX.XXX): (The 1579 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop-3 111/tcp open sunrpc 139/tcp filtered netbios-ssn 143/tcp open imap2 436/tcp open dna-cml 513/tcp open login 514/tcp open shell 515/tcp open printer 587/tcp open submission 1024/tcp open kdm 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1029/tcp open ms-lsa 6000/tcp open X11 6112/tcp open dtspc 8081/tcp open blackice-icecap
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Digital UNIX 5.60 recourses Alex Balayan (Aug 16)
- <Possible follow-ups>
- RE: Digital UNIX 5.60 recourses Fabrizio Siciliano (Aug 16)
- RE: Digital UNIX 5.60 recourses David S. Morgan (Aug 16)
- RE: Digital UNIX 5.60 recourses Earl Sammons (Aug 19)
- RE: Digital UNIX 5.60 recourses Muhammad Faisal Rauf Danka (Aug 19)