Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Identify OS?

From: "Pete Herzog" <lists () isecom org>
Date: Tue, 4 Feb 2003 16:11:01 +0100
Marty,

Dru, who runs the Open Protocol Resource Project at
http://www.isecom.org/projects/protocolresource.htm is actually interested
now in taking the resource a step further and putting together a database of
default install protocols for various versions of OSes is looking for help.
I think the DB has a lot of potential for pen-testers.

Sincerely,
-pete.


-----Original Message-----
From: Martin Wasson [mailto:martin_wasson () mastercard com]
Sent: Monday, February 03, 2003 7:45 PM
To: Nick Jacobsen
Cc: pen-test () securityfocus com
Subject: Re: Identify OS?



Nick,
Here's my two cents.  It looks like a commercial version of Unix.  My guess
is Solaris.  The first thing that struck me was port 6112/dtspc.  I'm
pretty sure that is a subprocess of CDE, so I doubt it's a Linux box.
Kevin is right about it not being a cisco box.  There is no way it's cisco.
Look at port 7937/7938 open.  That's Legato Networker 5.5 or later, it only
runs on AIX, Solaris, IRIX, HP-UX, Linux, & Tru64.  It also runs on
windows, but this isn't a windows box.  And it doesn't run on cisco.  It
looks like a honeypot or a dead ringer for a newbie install.  When you did
an nslookup, did it return "two-dollar-hooker.i-am-so-owned.com." ?  I
thought so.  As was indicated before.  Connect to as many ports as you can,
and document the versions of the daemons listening from their blathering
banners.  Good luck.   I wonder if someone has already compiled a db
containing what versions of popular daemons are included in various
releases of *nix.  Hope this helps.


Marty Wasson
Global Information Security
MasterCard International
(636) 722-2372
martin_wasson () mastercard com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: