Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re:

From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Tue, 28 Jul 2009 19:38:51 +0300
well...it does not change at all....
I get the <Alisse></Alisse> string and then I get no reply at all no
matter what I send to it.

Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---
The information contained in this communication is intended solely
for  the  use  of the individual or entity to whom it is addressed
and others authorized to receive it.  It may  contain confidential
or legally privileged information.  If  you  are  not the intended
recipient you are hereby notified that  any  disclosure,  copying,
distribution  or  taking any action in reliance on the contents of
this  information  is  strictly  prohibited  and  may be unlawful.

If you have received this communication in error, please notify the
sender immediately  by  responding  to this email and then delete
 it from your system.



On Tue, Jul 28, 2009 at 7:04 PM, gnix<gnixmail () gmail com> wrote:

Yes, probably that reply is generated by a web service. I suggest you to
work on what does that reply mean. For example, try to figure out if that
reply changes or not and eventually try to understand how it changes.

gnix

On Mon, Jul 27, 2009 at 5:43 AM, Yiannis Koukouras <ikoukouras () gmail com>
wrote:


Hello all,

During a black box pentest, I found port 9025 open on a system and
when I connected with nc I got the following reply (follow link to
view the reply as it is in non ASCII format):

http://pastebin.ca/1494670

Do you think this is a web service listener or something like that?

The tags indicate that tha this has something to do with XML.
Nevertheless, it does not respond to any input....

I am open to ideas...

Thnx,
Ioannis (Yiannis) Koukouras

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: