Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Unusual ports found in nmap scan

Re: Unusual ports found in nmap scan

From: Aaron Higbee <aaron_at_beesecure.org>
Date: Fri, 1 Mar 2002 11:49:29 -0500 (EST)

Hi Dave,

If you do a few searches you will see that 445 is the new "NetBios"
(kinda.) Microst-DS, or Microsoft Directory Services. It's great for
penetration testers because a lot of firewall admins have blocked the
standard Netbios ports.

Quick Tip: Netbios brute force attacks with brutus work fine if you change
the target port from 139 to 445.

Quick Tip #2: Null session enumeration works over 445 too. Yay!

--Aaron Higbee

> hi Dave,
>
> NtWaK0 released an advisory to bugtraq on 15/02/2002 dealing with port
> 445, here's a quick extract:
>
> TCP/UPD port 445 is open by default on a Fresh installed XP
box.
> : The attack is seriouse since it work remotly and can make the CPU
> 100 % : in less then 20 Second.
>
> you can find the full text at:
> http://online.securityfocus.com/archive/1/256830
>
> it might not help with port enumeration but it could shed some light on
> the machine's os..
>
> good luck,
> nessim
>
>
> On Wednesday 27 Feb 2002 6:12 pm, you wrote:
>> Hello All
>>
>> I'm currently pentesting a client and nmap reports that a particular
>> host has the following ports open: 82/tcp
>> 445/tcp
>> 447/tcp
>
> <snip>
>
>> Does anyone have any further information on these ports and what sort
>> of application might be running using these open ports (assuming they
>> are what they say they are!)
>>
>> Also assuming it's Win2K are there any tools for enumeration on port
>> 445?
>>
>> All help appreciated
>>
>> Dave
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA) Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see: https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Mar 02 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]