Penetration Testing mailing list archives
RE: "MIPS" Pentesting
From: Elliot Fernandes <elliotfernandes () yahoo com>
Date: Mon, 4 Jan 2010 05:43:39 -0800 (PST)
For the nmap scan, all I get is: Interesting ports on 192.168.5.2: Not shown: 99 closed ports PORT STATE SERVICE VERSION 23/tcp open telnet ZKSoftware ZEM300 embedded linux telnetd (Kernel 2.4.20; MIPS) Service Info: Host: Treckle; OS: Linux I did a UDP scan but no ports were open, so I couldn't use SNMP to gather data that would allow me to access the device's login hash. A TCP scan reveals only one open port, 23. I'm still prompted for a login when I connect to port 23. It doesn't seem to use default passwords like Admin, admin, password, etc, and I couldn't find a default password for this device in any default password list. I tried to force a buffer overflow into the device by using a very long password string by doing: ncat 192.168.5.2 23 < /dev/random and at the same time I was Hping'ing the device to check it's uptime. But it didn't reboot...That's all the info I have on the device. If I get a shell, I'll post info on how the compiler compiles my exploits, and how exploits, if possible, work under this device. --- On Mon, 1/4/10, Reggie Wheeler <wheeler90 () comcast net> wrote:
From: Reggie Wheeler <wheeler90 () comcast net> Subject: RE: "MIPS" Pentesting To: "'Elliot Fernandes'" <elliotfernandes () yahoo com> Date: Monday, January 4, 2010, 5:28 PM I found some information that may help you and anyone else wondering what it is that you found. There is way too much to put in an email so I will just give the links. http://en.wikipedia.org/wiki/MIPS_architecture This link will explain to you what a MIPS processor is, who created them and how they are used today. http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:of ficial&ei=aetBS9ffPMKUtgfJ4byJCQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0 CAYQBSgA&q=Linux+MIPS&spell=1 This google link will give you all of the information you want on MIPS linux porting and the different Linux flavors that can be ported to work with the MIPS processor. Hope this helps you out please post more info I am curious to know what you found. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Elliot Fernandes Sent: Monday, January 04, 2010 6:33 AM To: pen-test () securityfocus com Subject: "MIPS" Pentesting When testing a network, I was using nmap and I came up with a system that had port 23 open. So I netcat'ed into it and I got: Welcome to Linux (ZEM300) for MIPS Kernel 2.4.20 Treckle on an MIPS Has anyone come across this before? It seems to be a login point for a security device (physical security) at the network. Thing is, I have no documentation on the "MIPS", neither from google or from anywhere else. Anyone got ideas on this? And I'm running hydra with a wordlist, and a bruteforcer at the same time on it. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- "MIPS" Pentesting Elliot Fernandes (Jan 04)
- Re: "MIPS" Pentesting Robin Wood (Jan 04)
- RE: "MIPS" Pentesting alessandro telami (Jan 04)
- Re: "MIPS" Pentesting merc (Jan 04)
- RE: "MIPS" Pentesting Wayne Dawson (Jan 05)
- Re: "MIPS" Pentesting Abuse 007 (Jan 06)
- Re: "MIPS" Pentesting Adrian Puente Z. (Jan 11)
- Re: "MIPS" Pentesting Zack Payton (Jan 11)
- Re: "MIPS" Pentesting Abuse 007 (Jan 06)
- Re: "MIPS" Pentesting Shawn Merdinger (Jan 11)
- <Possible follow-ups>
- RE: "MIPS" Pentesting Elliot Fernandes (Jan 05)