Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Unusual ports found in nmap scan
From: "Aaron Higbee" <aaron () beesecure org>
Date: Fri, 1 Mar 2002 11:49:29 -0500 (EST)

Hi Dave,

If you do a few searches you will see that 445 is the new "NetBios"
(kinda.)  Microst-DS, or Microsoft Directory Services. It's great for
penetration testers because a lot of firewall admins have blocked the
standard Netbios ports.

Quick Tip:  Netbios brute force attacks with brutus work fine if you change
the target port from 139 to 445.

Quick Tip #2:  Null session enumeration works over 445 too. Yay!

--Aaron Higbee




hi Dave,

NtWaK0 released an advisory to bugtraq on 15/02/2002 dealing with port
445,  here's a quick extract:

      TCP/UPD port 445 is open by default on a Fresh installed XP
box.
       : The attack is seriouse since it work remotly and can make the CPU
      100 % : in less then 20 Second.

you can find the full text at:
http://online.securityfocus.com/archive/1/256830

it might not help with port enumeration but it could shed some light on
the  machine's os..

good luck,
nessim


On Wednesday 27 Feb 2002 6:12 pm, you wrote:
Hello All

I'm currently pentesting a client and nmap reports that a particular
host has the following ports open: 82/tcp
445/tcp
447/tcp

<snip>

Does anyone have any further information on these ports and what sort
of application might be running using these open ports (assuming they
are what they say they are!)

Also assuming it's Win2K are there any tools for enumeration on port
445?

All help appreciated

Dave

--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see: https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]