Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Remote connection to Webmin Service (Port 10000)
From: sil <jesus () resurrected us>
Date: Thu, 5 Feb 2004 13:52:19 -0500 (EST)

On Tue, 3 Feb 2004, Wu Fei Liang wrote:

Hello everyone!

I'm currently doing an security audit on a company as a "newbie". After
scanning the host I leared that several ports were open - including the
Webmin Port. I tried to connect via Browser to this port but the operation
timed out. I believe that it is due to the fact that the Webmin Service is
only available to the localhost. But I am wondering why I was able to connect
with telnet and download the login-page of Webmin. A simple wget would do the
same thing.

Can anybody give me some advice and explain why this is that way?

I suppose many should know this already but here is my take on this.

Firstly following the well known services (ports and the programs they
use) lists should not be the 'de facto' standard when assessing what
exactly is running on a given port. e.g. If I configured ssh to listen on
port 80 - albeit stupid - does not mean that because port 80 shows up as
listening on a scan, is running an httpd server. Services lists aren't
always a given.

Now you state you downloaded the login-page but were unable to do anything
more. It could be some form of configuration such as an access list
blocking anything not given for your address.

Consider this. For one of my personals sites I have Squid configured to
run as a proxy server using the domain so I can connect from work to avoid
giving out information about the company I'm working for. I have an
extensive acl list on it. Sure you can reach the port, but you can't do
nothing else with it.

On top of that, I have mod_security settings which re-check to make sure
those ranges I do allow in, meet the criteria I chose.

Perhaps a) there are certain rules in place via a configuration on the
program itself. b) The server/service is running something similar to a
mod_security based scheme. c) Some form of other auth/sec service is
running checks to block out connections that meet or don't meet the

"The most tyrannical of governments are those which make
crimes of  opinions, for everyone has an inalienable
right to his thoughts." -- Benedict Spinoza

J. Oquendo //sil

http://www.kungfunix.net   http://www.politrix.org
http://www.infiltrated.net http://bush.shafted.us


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]