Penetration Testing mailing list archives
Re: Identify OS?
From: Tommy Jakobsen <tommy.jakobsen () telenor com>
Date: 7 May 2003 07:18:44 -0000
In-Reply-To: <OFF8BE68A9.4AAA9A44-ON86256CC2.005CE397 () mastercard com> Just telnet to the server... telnet <ipadress> 21 then write SYST And you got the OS.... mvh Tommy
Received: (qmail 19260 invoked from network); 3 Feb 2003 19:24:12 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 3 Feb 2003 19:24:12 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id B82A0A30E1; Mon, 3 Feb 2003 12:22:41 -0700 (MST)
Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <pen-test.list-id.securityfocus.com>
List-Post: <mailto:pen-test () securityfocus com>
List-Help: <mailto:pen-test-help () securityfocus com>
List-Unsubscribe: <mailto:pen-test-unsubscribe () securityfocus com>
List-Subscribe: <mailto:pen-test-subscribe () securityfocus com>
Delivered-To: mailing list pen-test () securityfocus com
Delivered-To: moderator for pen-test () securityfocus com
Received: (qmail 17784 invoked from network); 3 Feb 2003 18:43:56 -0000
Subject: Re: Identify OS?
To: "Nick Jacobsen" <nick () ethicsdesign com>
Cc: pen-test () securityfocus com
X-Mailer: Lotus Notes Release 5.0.3 March 21, 2000
Message-ID: <OFF8BE68A9.4AAA9A44-ON86256CC2.005CE397 () mastercard com>
From: "Martin Wasson" <martin_wasson () mastercard com>
Date: Mon, 3 Feb 2003 12:45:07 -0600
X-MIMETrack: Serialize by Router on MCNSTL40/MASTERCARD(Release 5.0.11
|July 24, 2002) at
02/03/2003 12:45:20 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Nick, Here's my two cents. It looks like a commercial version of Unix. My
guess
is Solaris. The first thing that struck me was port 6112/dtspc. I'm pretty sure that is a subprocess of CDE, so I doubt it's a Linux box. Kevin is right about it not being a cisco box. There is no way it's
cisco.
Look at port 7937/7938 open. That's Legato Networker 5.5 or later, it
only
runs on AIX, Solaris, IRIX, HP-UX, Linux, & Tru64. It also runs on windows, but this isn't a windows box. And it doesn't run on cisco. It looks like a honeypot or a dead ringer for a newbie install. When you did an nslookup, did it return "two-dollar-hooker.i-am-so-owned.com." ? I thought so. As was indicated before. Connect to as many ports as you
can,
and document the versions of the daemons listening from their blathering
banners. Good luck. I wonder if someone has already compiled a db
containing what versions of popular daemons are included in various
releases of *nix. Hope this helps.
Marty Wasson
Global Information Security
MasterCard International
(636) 722-2372
martin_wasson () mastercard com
"Nick
Jacobsen"
<nick@ethicsdesig To: <pen-
test () securityfocus com>
n.com> cc: (bcc: Martin
Wasson/STL/MASTERCARD)
Subject: Identify
OS?
01/31/03 01:33
AM
Please respond
to
"Nick
Jacobsen"
Hey All again, Could any of you give me an idea of what type of machine the following might be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a network, so I am thinking it is some sort of gateway, but what OS/hardware? Below is the results of telnetting to port 23, and the ruslts of an nmap scan
(tried
the identify OS option, didn't do sh*t) Nick J. Ethics Design nick () ethicsdesign com <----------------- Telnet results ----------------------------> Authorized uses only. All activity may be monitored and reported. login: cisco Password: Login incorrect <----------------- End Telnet Results -----------------------> <----------------- Nmap Scan Results ----------------------> 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 53/tcp open domain 111/tcp open sunrpc 161/tcp filtered snmp 162/tcp filtered snmptrap 389/tcp open ldap 512/tcp open exec 513/tcp open login 514/tcp open shell 1002/tcp open unknown 1169/tcp open unknown 1433/tcp filtered ms-sql-s 1720/tcp open H.323/Q.931 2410/tcp open unknown 2785/tcp open unknown 2786/tcp open unknown 6000/tcp open X11 6112/tcp open dtspc 7937/tcp open unknown 7938/tcp open unknown 32774/tcp open sometimes-rpc11 32775/tcp open sometimes-rpc13 32778/tcp open sometimes-rpc19 Too many fingerprints match this host for me to give an accurate OS guess TCP/IP fingerprint: SInfo(V=3.10ALPHA7%P=i686-pc-windows-windows%D=1/30%Time=3E394B34%O=21%
C=1)
T1(Resp=N) T2(Resp=N) T3(Resp=N) T4(Resp=N) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) <--------------------- End Nmap Scan Results ----------> --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/ --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
--------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
Current thread:
- Re: Identify OS? Tommy Jakobsen (May 08)