|
Penetration Testing
mailing list archives
RE: Digital UNIX 5.60 recourses
From: "Fabrizio Siciliano" <fsiciliano () optiumcorp net>
Date: Fri, 16 Aug 2002 11:31:58 -0500
Hi Alex.
Aside from the "brute-force" password guessing on telnet and ftp ports,
you should try and look for vulnerabilities associated with the services
that are listening on that box.
Grab some of the banners coming off of those services to see exactly
what version of lets say...ftp, smtp, named (BIND) maybe it's an
exploitable version of bind, http, all the goodies. lpd is also
listening, so look for lpd exploits.
I hope this helps.
./fab
http://www.aisec.net
-----Original Message-----
From: Alex Balayan [mailto:balayan () bigpond net au]
Sent: Friday, August 16, 2002 10:01 AM
To: pen-test () securityfocus com
Subject: Digital UNIX 5.60 recourses
Hi all,
I am conducting a penetration tests for a client running a cluster of
Digital UNIX 5.60. All the server are exposed to the Internet.
Below is an output of a nmap scan.
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on client.digital.unix.com(XXX.XXX.XXX.XXX):
(The 1579 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
139/tcp filtered netbios-ssn
143/tcp open imap2
436/tcp open dna-cml
513/tcp open login
514/tcp open shell
515/tcp open printer
587/tcp open submission
1024/tcp open kdm
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
1029/tcp open ms-lsa
6000/tcp open X11
6112/tcp open dtspc
8081/tcp open blackice-icecap
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
| 
Intro
