RE: Port 4662 exploitation

["Mohamad M" <lgpmsec () gmail com>]

Hi again,

I agree it looks very weird; I simply started a Syn scan with nmap, and got
that tcp 4662 is open; when I telneted to 4662, I got shell, but then did
not know how to proceed, hence my email.

Thanks,

-----Original Message-----
From: ArcSighter Elite [mailto:arcsighter () gmail com] 
Sent: Friday, December 12, 2008 11:43 PM
To: Mohamad M
Cc: pen-test () securityfocus com
Subject: Re: Port 4662 exploitation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mohamad M wrote:
> Hello All,
>
> I'm doing a vulnerability assessment for my company, and saw that port
4662
> (edonkey) is open on 1 device facing the internet. I telneted to 4662, and
I
> got connected; since I'm new to this domain, what are the steps needed in
> order to exploit this vulnerability?
>
> Thanks,
>
> ./Lgpmsec
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------

An open port is never a vulnerability, only if the running service that
binds to that port is actually vulnerable. What makes me ask, have you
actually done a service fingerprint to determine is e-donkey?, cause
that looks pretty weird to me.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJQtqjH+KgkfcIQ8cRAgNoAJ9UwNxQVPYRoiiTFR+RodSlMKSnKQCg6pfX
66R/06sfIeFD5pxulEsjxyM=
=cYuf
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------