Penetration Testing mailing list archives
Re: rewire the server room?
From: Volker Tanger <vtlists () wyae de>
Date: Tue, 4 Apr 2006 11:15:43 +0200
Good morning! On Mon, 3 Apr 2006 17:31:04 +0100 Ade <adrian.bradshaw () gmail com> wrote:
During a recent scan of a subnet, using NMap,
which version, with which command line switches? One idea up front: if you used the new 4.x version of nmap scanning for service and version (-sV) you get the first connect response / server header on that port printed out (filtered according to protocol). On a mailserver you might get "220 mail.example.test ESMTP Postfix" when connecting with telnet - and nmap will thus print something like PORT STATE SERVICE VERSION 25/tcp open smtp Postfix ...unless the postfix admin changed the greeting message in /etc/postfix/main.cf from smtpd_banner = $myhostname ESMTP Postfix to smtpd_banner = $myhostname ESMTP Rewire your server room! in which case you get with NMap PORT STATE SERVICE VERSION 25/tcp open smtp Rewire your server room! Some services allow to set the server header by configuration (as with e.g. Postfix, lighttpd, etc.), some need the change at compile time or in the binary with a hex editor. Another option might be a custom inetd/xinetd running at a port configured (on port tcp/81) like #------------------------- # xinetd.conf: #------------------------- service hello { port = 81 socket_type = stream wait = no user = nobody server = /bin/echo server_args = "Rewire your server room" disable = no } Or the PC is using a simple auth service echoing a static string, a static ("fake") fingerd, etc. Maybe it is easiest to investigate on the machine you found that reply from - and tell us what it was? ;-) Thanks Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- rewire the server room? Ade (Apr 03)
- Re: rewire the server room? Volker Tanger (Apr 03)
- Re: rewire the server room? bofn (Apr 03)
- Message not available
- Re: rewire the server room? bofn (Apr 03)
- Re: rewire the server room? Michael Cecil (Apr 05)
- Message not available
- Message not available
- Re: rewire the server room? Ade (Apr 03)
- Re: rewire the server room? Volker Tanger (Apr 05)
- Question about AP MAC Address Francisco Pecorella (Apr 05)
- Re: Question about AP MAC Address Ivan . (Apr 07)
- Re: Question about AP MAC Address Cedric Blancher (Apr 07)
- Re: rewire the server room? Ade (Apr 03)