RE: "MIPS" Pentesting

[Elliot Fernandes <elliotfernandes () yahoo com>]

For the nmap scan, all I get is:

Interesting ports on 192.168.5.2:
Not shown: 99 closed ports
PORT   STATE SERVICE VERSION
23/tcp open  telnet  ZKSoftware ZEM300 embedded linux telnetd (Kernel 2.4.20; MIPS)
Service Info: Host: Treckle; OS: Linux

I did a UDP scan but no ports were open, so I couldn't use SNMP to gather data that would allow me to access the 
device's login hash. A TCP scan reveals only one open port, 23. I'm still prompted for a login when I connect to port 
23. It doesn't seem to use default passwords like Admin, admin, password, etc, and I couldn't find a default password 
for this device in any default password list. I tried to force a buffer overflow into the device by using a very long 
password string by doing:

ncat 192.168.5.2 23 < /dev/random

and at the same time I was Hping'ing the device to check it's uptime. But it didn't reboot...That's all the info I have 
on the device. If I get a shell, I'll post info on how the compiler compiles my exploits, and how exploits, if 
possible, work under this device.

--- On Mon, 1/4/10, Reggie Wheeler <wheeler90 () comcast net> wrote:

> From: Reggie Wheeler <wheeler90 () comcast net>
> Subject: RE: "MIPS" Pentesting
> To: "'Elliot Fernandes'" <elliotfernandes () yahoo com>
> Date: Monday, January 4, 2010, 5:28 PM
> I found some information that may
> help you and anyone else wondering what it
> is that you found.  There is way too much to put in an
> email so I will just
> give the links. http://en.wikipedia.org/wiki/MIPS_architecture This
> link
> will explain to you what a MIPS processor is, who created
> them and how they
> are used today.
> http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:of
> ficial&ei=aetBS9ffPMKUtgfJ4byJCQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0
> CAYQBSgA&q=Linux+MIPS&spell=1 This google link will
> give you all of the
> information you want on MIPS linux porting and the
> different Linux flavors
> that can be ported to work with the MIPS processor.
>
> Hope this helps you out please post more info I am curious
> to know what you
> found.
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> On
> Behalf Of Elliot Fernandes
> Sent: Monday, January 04, 2010 6:33 AM
> To: pen-test () securityfocus com
> Subject: "MIPS" Pentesting
>
> When testing a network, I was using nmap and I came up with
> a system that
> had port 23 open. So I netcat'ed into it and I got:
>
> Welcome to Linux (ZEM300) for MIPS
> Kernel 2.4.20 Treckle on an MIPS
>
> Has anyone come across this before? It seems to be a login
> point for a
> security device (physical security) at the network. Thing
> is, I have no
> documentation on the "MIPS", neither from google or from
> anywhere else.
> Anyone got ideas on this? And I'm running hydra with a
> wordlist, and a
> bruteforcer at the same time on it.
>
>
>       
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance
> Certification Review Board
>
> Prove to peers and potential employers without a doubt that
> you can actually
> do a proper penetration test. IACRB CPT and CEPT certs
> require a full
> practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------