Penetration Testing mailing list archives
Re: Remote connection to Webmin Service (Port 10000)
From: sil <jesus () resurrected us>
Date: Thu, 5 Feb 2004 13:52:19 -0500 (EST)
On Tue, 3 Feb 2004, Wu Fei Liang wrote:
Hello everyone! I'm currently doing an security audit on a company as a "newbie". After scanning the host I leared that several ports were open - including the Webmin Port. I tried to connect via Browser to this port but the operation timed out. I believe that it is due to the fact that the Webmin Service is only available to the localhost. But I am wondering why I was able to connect with telnet and download the login-page of Webmin. A simple wget would do the same thing. Can anybody give me some advice and explain why this is that way?
I suppose many should know this already but here is my take on this. Firstly following the well known services (ports and the programs they use) lists should not be the 'de facto' standard when assessing what exactly is running on a given port. e.g. If I configured ssh to listen on port 80 - albeit stupid - does not mean that because port 80 shows up as listening on a scan, is running an httpd server. Services lists aren't always a given. Now you state you downloaded the login-page but were unable to do anything more. It could be some form of configuration such as an access list blocking anything not given for your address. Consider this. For one of my personals sites I have Squid configured to run as a proxy server using the domain so I can connect from work to avoid giving out information about the company I'm working for. I have an extensive acl list on it. Sure you can reach the port, but you can't do nothing else with it. On top of that, I have mod_security settings which re-check to make sure those ranges I do allow in, meet the criteria I chose. Perhaps a) there are certain rules in place via a configuration on the program itself. b) The server/service is running something similar to a mod_security based scheme. c) Some form of other auth/sec service is running checks to block out connections that meet or don't meet the criteria. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The most tyrannical of governments are those which make crimes of opinions, for everyone has an inalienable right to his thoughts." -- Benedict Spinoza J. Oquendo //sil http://www.kungfunix.net http://www.politrix.org http://www.infiltrated.net http://bush.shafted.us --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Remote connection to Webmin Service (Port 10000) Wu Fei Liang (Feb 05)
- Re: Remote connection to Webmin Service (Port 10000) sil (Feb 06)
- <Possible follow-ups>
- Re: Remote connection to Webmin Service (Port 10000) Wu Fei Liang (Feb 05)
- Re: Remote connection to Webmin Service (Port 10000) Jeremiah Cornelius (Feb 06)
- Re: Remote connection to Webmin Service (Port 10000) LFM (Feb 06)
- Re: Remote connection to Webmin Service (Port 10000) aaron (Feb 07)
- Re: Remote connection to Webmin Service (Port 10000) Mattias Ahnberg (Feb 11)
- Re: Remote connection to Webmin Service (Port 10000) Jeremiah Cornelius (Feb 06)
- Re: Remote connection to Webmin Service (Port 10000) Travis Schack (Feb 06)
- RE: Remote connection to Webmin Service (Port 10000) Pratt, Benjamin E. (Feb 06)
- Re: Re: Remote connection to Webmin Service (Port 10000) countz3r0 (Feb 06)
- Re: Remote connection to Webmin Service (Port 10000) Wu Fei Liang (Feb 06)