Penetration Testing mailing list archives

RE: Digital UNIX 5.60 recourses

From: "Fabrizio Siciliano" <fsiciliano () optiumcorp net>
Date: Fri, 16 Aug 2002 11:31:58 -0500

Hi Alex.

Aside from the "brute-force" password guessing on telnet and ftp ports,
you should try and look for vulnerabilities associated with the services
that are listening on that box.

Grab some of the banners coming off of those services to see exactly
what version of lets say...ftp, smtp, named (BIND) maybe it's an
exploitable version of bind, http, all the goodies. lpd is also
listening, so look for lpd exploits.

I hope this helps.

./fab

http://www.aisec.net

-----Original Message-----
From: Alex Balayan [mailto:balayan () bigpond net au] 
Sent: Friday, August 16, 2002 10:01 AM
To: pen-test () securityfocus com
Subject: Digital UNIX 5.60 recourses


Hi all,

I am conducting a penetration tests for a client running a cluster of 
Digital UNIX 5.60. All the server are exposed to the Internet.

Below is an output of a nmap scan.

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on client.digital.unix.com(XXX.XXX.XXX.XXX):
(The 1579 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
23/tcp     open        telnet
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
110/tcp    open        pop-3
111/tcp    open        sunrpc
139/tcp    filtered    netbios-ssn
143/tcp    open        imap2
436/tcp    open        dna-cml
513/tcp    open        login
514/tcp    open        shell
515/tcp    open        printer
587/tcp    open        submission
1024/tcp   open        kdm
1025/tcp   open        NFS-or-IIS
1026/tcp   open        LSA-or-nterm
1027/tcp   open        IIS
1029/tcp   open        ms-lsa
6000/tcp   open        X11
6112/tcp   open        dtspc
8081/tcp   open        blackice-icecap


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Digital UNIX 5.60 recourses Alex Balayan (Aug 16)
- <Possible follow-ups>
- RE: Digital UNIX 5.60 recourses Fabrizio Siciliano (Aug 16)
- RE: Digital UNIX 5.60 recourses David S. Morgan (Aug 16)
- RE: Digital UNIX 5.60 recourses Earl Sammons (Aug 19)
- RE: Digital UNIX 5.60 recourses Muhammad Faisal Rauf Danka (Aug 19)