Penetration Testing mailing list archives

Re: Alisse

From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Tue, 28 Jul 2009 13:47:14 +0300

Hi,

Nmap says it is a windows pc.
unfortunately it is the only open port on the system and we can not
determine neither the OS or the business role of the system.

Of cource I will update you should I find anything.

I did a little reasearch on the BEA scenario and it appears that it
may be a BEA JSL (Jolt Server Listener). Hmm...if this is the case,
this is an exposed WS to the world. right?

Ioannis (Yiannis) Koukouras


On Tue, Jul 28, 2009 at 1:31 PM, administrator
-<illegal.visitor () gmail com> wrote:

Hi there,

A few questions regarding your mail:
- What OS is the system running?
- Any other ports/apps that might give a hint?
- If it is a company pc, what branche they operate in?

Answers on the above limit the scope of your/our search :-)

If you ever find out what is running, pls update us. Always good to
know. Cheers!

illegal_visit0r



On 7/27/09, Yiannis Koukouras <ikoukouras () gmail com> wrote:

Hello all,

During a black box pentest, I found port 9025 open on a system and
when I connected with nc I got the following reply (follow link to
view the reply as it is in non ASCII format):

http://pastebin.ca/1494670

Do you think this is a web service listener or something like that?

The tags indicate that tha this has something to do with XML.
Nevertheless, it does not respond to any input....

I am open to ideas...

Thnx,
Ioannis (Yiannis) Koukouras

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Alisse Yiannis Koukouras (Jul 27)
- Re: Alisse Wim Remes (Jul 28)
- Re: Alisse administrator - (Jul 28)
  - Re: Alisse Yiannis Koukouras (Jul 28)
    - Re: Alisse Christine Kronberg (Jul 30)
    - Message not available
    - Re: Alisse Yiannis Koukouras (Jul 30)
    - Re: Alisse matteo filippetto (Jul 31)
- Message not available
  - Re: Alisse Yiannis Koukouras (Jul 28)
    - Re: Alisse R. DuFresne (Jul 30)
- Re: Alisse gnix (Jul 28)
- <Possible follow-ups>
- Re: Alisse maniacode (Jul 30)