Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

WarDialing: can't identify the system (binary signature)

From: Zgrp unknow <zgrp_zgrp () yahoo com br>
Date: Thu, 22 May 2008 12:38:08 -0300 (ART)
Hi pentesters

I'm conducting a WarDialing assesment and I found some
numbers from my range that "are connectable"... they
are not unix-like systems (at last I *think*), the
output produced by them is not human readable (like
binary protocols).

If I connect to some of them via Windows Hyperterminal
I get strange texts like:

"~?~?~?~?~?~?~?~?~?"
"C??N??E??T??3??0??N??E??"

Or other unreadable things like the above.

Some detailed information from the WarDailing is
below:


- SENT            ATDT NUMBER01<CR>
- RECEIVED        <CR><NL>                0d 0a
- RECEIVED        CONNECT 300 NoEC<CR><NL>43 4f 4e
4e45 43 54 20 33 30 30 20 4e 6f 45 43 0d 0a
- RECEIVED      
~?~?~?~?~?~?~?~?~?<?><NUL><BS><STX><SOH>@<DLE><BS><EOT><STX><SOH>@<DLE><BS><EOT><STX><SOH>@%<?>~?<?><EOT><DLE><?><?>D<?><?>~?
7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f
df 00 08 02 01 40 20 10 08 04 02 01 40 20 10 08 04 02
01 40 25 f6 7e 3f df 04 10 e0 d7 44 d5 f9 7e 3f
- RECEIVED        <CR><NL>        0d 0a
- RECEIVED        NO CARRIER<CR><NL>      4e 4f 20
4341 52 52 49 45 52 0d 0a


- SENT            ATDT NUMBER02<CR>
- RECEIVED        <CR><NL>        0d 0a
- RECEIVED        CONNECT 300 NoEC<CR><NL>        434f
4e 4e 45 43 54 20 33 30 30 20 4e 6f 45 43 0d 0a
- RECEIVED        ~?~?~?~?~?~?~?~?        7e 3f 7e
3f7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f
- RECEIVED       
~?~?~?~?~?~?~?~?~<US><NUL><?>@<DLE><BS><EOT><STX><SOH>@
<DLE><BS><EOT><STX><SOH>@<?><?><?><?><EOT><DLE><?><?>D<?><?><?>
      7e 3f 7e3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f
7e 1f 00 81 40 20 10 08 04 02 01 40 20 10 08 04 02 01
40 20 90 c9 f6 df 04 10 e0 d7 44 d5 f9 fe
- RECEIVED        <CR><NL>        0d 0a
- RECEIVED        NO CARRIER<CR><NL>      4e 4f 20
4341 52 52 49 45 52 0d 0a


Do you know what application it can be? Are there any
big and constantly updated list on the internet about
WarDailing signatures that I could use to identify
them?

Any tips, ideas, are welcome.

cheers


      Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!
http://br.mail.yahoo.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: