Penetration Testing mailing list archives
RE: Port 4662 exploitation
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 12 Dec 2008 18:31:13 -0800
List members, Please bear in mind that we all had to start somewhere. I let posts through to the list that are obviously from people of different skill levels and backgrounds on purpose, to foster learning and information sharing. Replies which denigrate or otherwise amount to "STFU N00b!" will not be tolerated and obviously don't make it past moderation. Disagreements over technical aspects or processes are fine, even encouraged. However, personal attacks, flames, or snide remarks will make your moderator grumpy and, like some kind of retarded Hulk, "You won't like it when I'm grumpy." We all were Mohamed at one point in time. Maybe he got took on a project because he showed interest and wanted to learn or just got stuck with something outside his area of expertise. Regardless, please show some courtesy and act like decent human beings and professionals. /rant -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "I cannot brain today, I have the dumb" -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ArcSighter Elite Sent: Friday, December 12, 2008 1:43 PM To: Mohamad M Cc: pen-test () securityfocus com Subject: Re: Port 4662 exploitation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mohamad M wrote:
Hello All, I'm doing a vulnerability assessment for my company, and saw that port
4662
(edonkey) is open on 1 device facing the internet. I telneted to 4662, and
I
got connected; since I'm new to this domain, what are the steps needed in order to exploit this vulnerability? Thanks, ./Lgpmsec ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
An open port is never a vulnerability, only if the running service that binds to that port is actually vulnerable. What makes me ask, have you actually done a service fingerprint to determine is e-donkey?, cause that looks pretty weird to me. Sincerely. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJQtqjH+KgkfcIQ8cRAgNoAJ9UwNxQVPYRoiiTFR+RodSlMKSnKQCg6pfX 66R/06sfIeFD5pxulEsjxyM= =cYuf -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Port 4662 exploitation Mohamad M (Dec 12)
- Re: Port 4662 exploitation ArcSighter Elite (Dec 12)
- RE: Port 4662 exploitation Mohamad M (Dec 12)
- Re: Port 4662 exploitation Jorge L. Vazquez (Dec 13)
- Re: Port 4662 exploitation James Bensley (Dec 13)
- RE: Port 4662 exploitation Jeremi Gosney (Dec 14)
- Re: Port 4662 exploitation ArcSighter Elite (Dec 15)
- Message not available
- Message not available
- Re: Port 4662 exploitation ArcSighter Elite (Dec 15)
- Re: Port 4662 exploitation James Bensley (Dec 15)
- RE: Port 4662 exploitation Mohamad M (Dec 12)
- Re: Port 4662 exploitation ArcSighter Elite (Dec 12)
- <Possible follow-ups>
- FW: Port 4662 exploitation lgpmsec (Dec 15)
- RE: Port 4662 exploitation Shenk, Jerry A (Dec 15)
- Re: FW: Port 4662 exploitation ArcSighter Elite (Dec 15)
- Re: FW: Port 4662 exploitation Todd Haverkos (Dec 15)
- Re: FW: Port 4662 exploitation Dante Lanznaster (Dec 15)
- Re: Port 4662 exploitation Christopher (Dec 16)
- Re: Port 4662 exploitation ArcSighter Elite (Dec 18)