Penetration Testing mailing list archives
Re: "MIPS" Pentesting
From: "Adrian Puente Z." <puenteadrian () gmail com>
Date: Thu, 07 Jan 2010 01:44:58 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I can recall MIPS is an processor architecture. Some kind of embedded devices, so if you make a really aggressive attack as the hydra in the defaults threads settings does you can cause a DOS consumming all the hw resources. http://www.zk-usa.com/edk_zem500.php Maybe this is too obvious, you have tried with the default password? In my experience attacking directly this kind of devices is useless, I prefer to control a machine in the same segment (I've made a Portable WireShark) http://hackarandas.com/blog/2009/10/08/truly-portable-wireshark/ ad wait for a password. Other technique that has been really usefull is controlling the domain controller and have access to the computers in the Admin Segments It happens that someone has a neat well docummented excell file with all the devices passwords. Sometimes the sum of the vuls is the way of getting to the targets. Greets, Abuse 007 wrote:
What about an IP protocol scan? Can you sniff the network segment it is in, or are you multiple hops away? On Tue, Jan 5, 2010 at 9:10 AM, Wayne Dawson <Wayne_Dawson () inventuresolutions com> wrote:http://www.zk-usa.com/edk_zem300.php Appears to be a biometric device. "ZEM300 uses 32 bit parallel high-speed 400 MHz CPU ZK6001 that can be conveniently connected with TFT,USB Host, WIFI, GPRS/CDMA and such external equipments." -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Elliot Fernandes Sent: Monday, January 04, 2010 3:33 AM To: pen-test () securityfocus com Subject: "MIPS" Pentesting When testing a network, I was using nmap and I came up with a system that had port 23 open. So I netcat'ed into it and I got: Welcome to Linux (ZEM300) for MIPS Kernel 2.4.20 Treckle on an MIPS Has anyone come across this before? It seems to be a login point for a security device (physical security) at the network. Thing is, I have no documentation on the "MIPS", neither from google or from anywhere else. Anyone got ideas on this? And I'm running hydra with a wordlist, and a bruteforcer at the same time on it. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. If you have received this email in error, please delete this email from your system. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
- -- Adrián Puente Z. [www.hackarandas.com] Donde las ideas se dispersan en bytes... "... ruego a mi orgullo que se acompañe siempre de mi prudencia, y si algún día mi prudencia se echara a volar, que al menos pueda volar junto con mi locura" --Nietzche Huella: FBD6 4C36 2557 C64C 1318 70A8 F561 CB6F 4E40 5AFB http://www.hackarandas.com/apuente_at_hackarandas.com.asc.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktFkPoACgkQW2tF/eN2yfbTfQCfUPcBu2XdJopGx8jCpD2rs5rz rnwAnjKdmQhYJKq5NCRQedytVPugYrM6 =8yBU -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- "MIPS" Pentesting Elliot Fernandes (Jan 04)
- Re: "MIPS" Pentesting Robin Wood (Jan 04)
- RE: "MIPS" Pentesting alessandro telami (Jan 04)
- Re: "MIPS" Pentesting merc (Jan 04)
- RE: "MIPS" Pentesting Wayne Dawson (Jan 05)
- Re: "MIPS" Pentesting Abuse 007 (Jan 06)
- Re: "MIPS" Pentesting Adrian Puente Z. (Jan 11)
- Re: "MIPS" Pentesting Zack Payton (Jan 11)
- Re: "MIPS" Pentesting Abuse 007 (Jan 06)
- Re: "MIPS" Pentesting Shawn Merdinger (Jan 11)
- <Possible follow-ups>
- RE: "MIPS" Pentesting Elliot Fernandes (Jan 05)