Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Service Identification
From: Bart Somers <bart () doornenburg homelinux net>
Date: Tue, 23 Sep 2003 21:02:52 +0200

Hi John,

Just a quick sum off ideas:
Try to use
*) amap http://www.thc.org/download.php?t=r&d=amap-4.3.tar.gz
against the port, although i'm not sure if they allready support much databases. *) Nmap 3.45. They support from 3.45 version-checking and maybe they can offer you some version *) netcat instead of telnet. Maybe the telnetclient send some ^M or whatever the database don't like.

If this all doesn't provide you help, try to connect to a nearby switch and start ettercap ( http://ettercap.sourceforge.net ) to fool it and send all the traffic via your laptop (pc?). Capture the traffic and try to figure out what the clients are sending to you.

Hope this helps.



John the Kiwi wrote:
Hi all

I have a remote database to pen test. It runs on port 2000 and has no
banners. I cannot establish a telnet session without it dropping me

I would like to do one of two things for my customer:

Either sniff the records to a text file as they go to the client (I only
need to grab email addresses as they come to the client from the server)


Figure out how to connect to the database and extract the records

I'm not looking for a canned solution, more a quick summary of tools and
processes that I should be trying.

I'm sure this is covered a lot but I've searched the list and google and
haven't found any information on service identification when no banners
are present and it runs on a non standard port. I'm sure it's my search
strings but any pointers would be greatly appreciated.

John the Kiwi


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]