Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: pen testing management and control system
From: "Rob Shein" <shoten () starpower net>
Date: Fri, 27 Jun 2003 15:28:49 -0400

At what point in the scan did you get blocked?  It looks like the portscan
worked, except that there are a whole lot of ports I'd not expect to see on
a server like that.  Things that stand out are the presence of VNC with
Terminal Server AND Metaframe, for example.  And Metaframe on 2000 Advanced
Server seems like a terrible idea as well, from what I know of the way it
handles foreground/background priority, and how it's optimized for specific
types of server apps.  Are you sure that there isn't some kind of reactive
(firewall or IDS) configuration that's meant to throw you some red herrings
that automatically block you when you connect to them?

-----Original Message-----
From: Ronen Gottlib [mailto:ronen () avnet co il] 
Sent: Friday, June 27, 2003 4:54 AM
To: pen-test () securityfocus com
Subject: pen testing management and control system


Hi All,

I am pen testing a windows 2000 advanced server, with some 
kind of management and control software (e.g. Tivoli, 
Netcool). The system has IIS 6.0 running with lockdown enabled.

When I tried to run nessus, my ip was blocked for quite a 
long time. same happened with nikto.

Further more, although quite a few ports were found to be 
open on the remote machine, the management and control 
application is blocking the most of them while allowing 
access only to the following: 21, 23(ms telnet server), 
25(Microsoft ESMTP MAIL Service, Version: 6.0.2600.1106), 80 
(Microsoft-IIS/6.0), 110 (Microsoft Windows POP3 Service 
Version 2.0), 3389.


The system is also running Hummingbird Exceed.

Does anyone have any idea? I've kind of reached a dead end. 
Below is the results of an Nmap, if it helps.

Thank you very much for your help-

Ronen.


Port State Service
21/tcp open   ftp
22/tcp open   ssh
23/tcp open   telnet
25/tcp open           smtp
53/tcp open           domain
80/tcp open   http
98/tcp open   linuxconf
110/tcp open  pop-3
111/tcp open  sunrpc
135/tcp open  loc-srv
143/tcp open  imap2
161/tcp open          snmp
443/tcp open  https
1080/tcp open         socks
1433/tcp open         ms-sql-s
1494/tcp open         citrix-ica
1720/tcp filtered H.323/Q.931
1723/tcp filtered pptp
3389/tcp open         ms-term-serv
4000/tcp filtered remoteanything
5135/tcp open         unknown
5631/tcp open         pcanywheredata
5632/tcp open         pcanywherestat
5900/tcp open         vnc
6112/tcp open         dtspc
6660/tcp filtered unknown
6661/tcp filtered unknown
6662/tcp filtered unknown
6663/tcp filtered unknown
6664/tcp filtered unknown
6665/tcp filtered unknown
6666/tcp filtered irc-serv
6667/tcp filtered irc
6668/tcp filtered irc
6669/tcp filtered unknown
8875/tcp filtered unknown
28900/tcp filtered unknown


--------------------------------------------------------------
-------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? 
Now you can get 
trustworthy commercial-grade exploits and the latest 
techniques from a 
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 
or call 617-399-6980
--------------------------------------------------------------
--------------




---------------------------------------------------------------------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get 
trustworthy commercial-grade exploits and the latest techniques from a 
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 
or call 617-399-6980
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault