Penetration Testing mailing list archives
RE: RAS Gurus
From: "Christaan de Vries" <christiaan () apcare net>
Date: Fri, 21 Apr 2006 14:56:47 +0200
Hi there, I know some systems wait for YOU to select a service BEFORE prompting you with username etc to login.. (FYI: Older IBM systems (and/or AT&T) expected characters like 'a', '.' or '$' for them to start the services connected to older mainframe appplications; even for Notes they had a TSO application, just type in a ':' and you can download your .nsf file updates! :-) Woooot..) At what speed (and modem protocol) are you connecting? This 'COULD' help you identify which service it is... Also, you need to dial DIRECTLY from the modem instead of using programs like CC and/or PcAnywhere.. They in fact to exactly what I stated above (identify with a string to select a service) but now you are limited to PcAnywhere and CC strings, if you dial DIRECTLY from the modem, you can send you own string types. - Start Hyperterminal and go to COMx.. Then, type use AT commands to fire up that connection! ATDTxxxxxxxxx Good luck! ;-) Regards, Christiaan de Vries Apcare BV -----Original Message----- From: Shenk, Jerry A [mailto:jshenk () decommunications com] Sent: Friday, April 21, 2006 2:50 AM To: Mohamed Abdel Kader; pen-test () securityfocus com Subject: RE: RAS Gurus Have you tried connecting to it with a simple terminal program to see if it responds with anything that might give a clue. Try sending a couple return or control codes each time you connect. Honestly, if THC doesn't guess what it is, it might be tough to figure out. Try connecting at different speeds too...maybe it's not autosensing. -----Original Message----- From: Mohamed Abdel Kader [mailto:mak.pen () gmail com] Sent: Thursday, April 20, 2006 8:10 AM To: pen-test () securityfocus com Subject: RAS Gurus Good day everyone, Been war dialing a number and every time I connect it doesn't send me a prompt to try to log onto the system. I couldn't identify the system responding. THC scan simply reported that it detected a carrier... Not that useful in my case. I need to identify the system and try to connect with the respective client. And possibly bruteforce the device once the login screen shows. Tried pcanywhere and carbon copy as clients and still no information was disclosed. Any ideas gurus out there?? Thanks... MAK ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ------ ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- RAS Gurus Mohamed Abdel Kader (Apr 20)
- Re: RAS Gurus William Hancock (Apr 23)
- Re: RAS Gurus (OT) Mathieu CHATEAU (Apr 25)
- <Possible follow-ups>
- RE: RAS Gurus Shenk, Jerry A (Apr 20)
- RE: RAS Gurus Christaan de Vries (Apr 23)
- RE: RAS Gurus Nick Besant (Apr 23)