Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Remote connection to Webmin Service (Port 10000)
From: Travis Schack <Travis () Vitalisec com>
Date: 6 Feb 2004 15:33:29 -0000

In-Reply-To: <200402031825.07284.cms01017 () cms ac>

Several recommendations:

1 - Connect to the port using several methods (i.e., telnet, nc, web browser, etc) and dump the session using TCPDump 
or Ethereal.  Analysis the traffic and see what is going on. 
2 - Go to the OPRP at ISECOM (http://www.isecom.info/cgi-local/protocoldb/browse.dsp) and search for known applications 
that use that port.
3 - Use tools like amap from THC and run against the port to see if it recognizes the port.  But, you said you already 
knew it was webmin.  
4 - If you could download the page, try crawling the port. 
5 - Try Nikto against the port.
6 - Use a proxy, like achilles, and look at the responses you are getting.

Just a few of many things you could try, if you have not already.

Travis Schack
Vitalisec, Inc.

I'm currently doing an security audit on a company as a "newbie". After 
scanning the host I leared that several ports were open - including the 
Webmin Port. I tried to connect via Browser to this port but the operation 
timed out. I believe that it is due to the fact that the Webmin Service is 
only available to the localhost. But I am wondering why I was able to connect 
with telnet and download the login-page of Webmin. A simple wget would do the 
same thing.

Can anybody give me some advice and explain why this is that way?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]