Penetration Testing mailing list archives

Re: Alisse

From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Tue, 28 Jul 2009 13:36:45 +0300

Hi Dharmendra and Wim,

I can not capture traffic as this is a PT on the internet facing
systems of the client. I am not actually sitting on the same network
as the system.

If this is a BEA web service, shouldn't it respond to HTTP requests or
at least react to my input in any way?

The only output I get is the one I posted and no matter what I sent to
it afterward it does not reply anything.

If this is a WS is there a fuzzer I can use in order to force to reply?


Ioannis (Yiannis) Koukouras

On Tue, Jul 28, 2009 at 10:39 AM, Dharmendra <dbavale () gmail com> wrote:


Hi,
This looks like an application listening on the port. Try capturing the same using ethereal and do a follow tcp 
stream. This may help in identifying the protocol.
Regards,
Dharmendra T.

2009/7/27 Yiannis Koukouras <ikoukouras () gmail com>


Hello all,

During a black box pentest, I found port 9025 open on a system and
when I connected with nc I got the following reply (follow link to
view the reply as it is in non ASCII format):

http://pastebin.ca/1494670

Do you think this is a web service listener or something like that?

The tags indicate that tha this has something to do with XML.
Nevertheless, it does not respond to any input....

I am open to ideas...

Thnx,
Ioannis (Yiannis) Koukouras

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




--
Regards,
Dharmendra T.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Alisse Yiannis Koukouras (Jul 27)
- Re: Alisse Wim Remes (Jul 28)
- Re: Alisse administrator - (Jul 28)
  - Re: Alisse Yiannis Koukouras (Jul 28)
    - Re: Alisse Christine Kronberg (Jul 30)
    - Message not available
    - Re: Alisse Yiannis Koukouras (Jul 30)
    - Re: Alisse matteo filippetto (Jul 31)
- Message not available
  - Re: Alisse Yiannis Koukouras (Jul 28)
    - Re: Alisse R. DuFresne (Jul 30)
- Re: Alisse gnix (Jul 28)
- <Possible follow-ups>
- Re: Alisse maniacode (Jul 30)