Penetration Testing mailing list archives
Re: Unknown Port at LevelOne WBR3460B
From: Andres Riancho <andres.riancho () gmail com>
Date: Thu, 15 Oct 2009 16:52:38 -0300
Jan, On Wed, Oct 14, 2009 at 8:22 PM, Jan Germann <jan () jans-site de> wrote:
Hi, im currently trying to audit a router, my router. Generaly this router should only have one port open, port 80. But there is also the port 32764. So I googled and didnt found anything usefull about it neither about the port in context of the router nor about the port in generally. nc gives me the following data in plaintext: MMcS▒▒▒▒ In Hex its: 4d4d6353ffffffff It first needs a challenge and then returns these strange string. I know from nmap its an embedded linux 2.4.9 - 2.4.18 but that doesnt help me anyways. I seriously dont know what to do with it and how to handle this. The vendor doesnt give me any information about that. Does anyone knows something more or has an idea for me how to proceede?
If it is really *your router* and you want to take your chances, I think that the best way to go is to "jail-break" the router, get a root shell on it, and try to see if you can figure out what process is running on that port. If you have the time and skills, you might also be able to reverse engineer the binary that binds to that port. Cheers,
Greetings J ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Unknown Port at LevelOne WBR3460B Jan Germann (Oct 15)
- Re: Unknown Port at LevelOne WBR3460B Andres Riancho (Oct 19)
- Re: Unknown Port at LevelOne WBR3460B Jan Germann (Oct 19)
- RE: Unknown Port at LevelOne WBR3460B John Babio (Oct 19)
- Re: Unknown Port at LevelOne WBR3460B Carl Vincent (Oct 19)
- Re: Unknown Port at LevelOne WBR3460B Andres Riancho (Oct 19)