Penetration Testing: RE: Pen test, tcp/1404 found

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

RE: Pen test, tcp/1404 found - advice needed

From: "DUBRAWSKY, IDO (CALLISMA)" <id3878 () sbc com>
Date: Fri, 16 Sep 2005 11:52:44 -0500

Just download the Citrix ICA client from Citrix's website:
http://www.citrix.com/English/ss/downloads/downloads.asp?dID=2755

Typically you need a system username and password (on the target system not to download the Citrix client) to access 
the box.  Once done, you're in.

Also, I surmise that most people responded with the "nmap -sV" response based on your port number in the Subject header 
rather than the information in the body of the message.  In the subject line you have tcp/1404 and not tcp/1494.

Ido
--
Ido Dubrawsky, CISSP
Senior Security Consultant
SBC/Callisma
(571) 633-9500 (Office)
(202) 213-9029 (Mobile)

-----Original Message-----
From: Sekurity Wizard [mailto:s.wizard () boundariez com] 
Sent: Friday, September 16, 2005 8:34 AM
To: Marc.Werner () t-systems com; pen-test () securityfocus com
Subject: RE: Pen test, tcp/1404 found - advice needed

Yes - guys - already tried -sV and other scan types, results were:

      "1494/tcp open  citrix-ica Citrix Metaframe XP ICA"

What I need now is some tricks to break Citrix Megaframe XP, 
which is the crux of the problem.

Wiz

-----Original Message-----
From: Marc.Werner () t-systems com [mailto:Marc.Werner () t-systems com] 
Sent: Thursday, September 15, 2005 1:44 AM
To: Sekurity Wizard; pen-test () securityfocus com
Subject: AW: Pen test, tcp/1404 found - advice needed

Hi Wiz,

Have you already tried a nmap version scan on the port(nmap -sV)?
Or you can try amap from THC (http://www.thc.org/).
Good luck :-)

Cheers Marc

-----Ursprüngliche Nachricht-----
Von: Sekurity Wizard [mailto:s.wizard () boundariez com]
Gesendet: Dienstag, 13. September 2005 05:30
An: pen-test () securityfocus com
Betreff: Pen test, tcp/1404 found - advice needed

Hey folks,
      Found tcp/1494 open to a server during a pen test, 
black-box style.  Are there any interesting tools that may be 
available to extract information from the server on the receiving end?

Please reply to list, or offline to me if necessary.

Cheers,
      Wiz

--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking 
applications on your website. Up to 75% of cyber attacks are 
launched on shopping carts, forms, login pages, dynamic 
content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website 
for vulnerabilities to SQL injection, Cross site scripting 
and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------

--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking 
applications on your 
website. Up to 75% of cyber attacks are launched on shopping 
carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and 
locked-down servers are 
futile against web application hacking. Check your website 
for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks 
before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

By Date By Thread

Current thread:

RE: Pen test, tcp/1404 found - advice needed, (continued)
- RE: Pen test, tcp/1404 found - advice needed Sekurity Wizard (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed Sekurity Wizard (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed DUBRAWSKY, IDO (CALLISMA) (Sep 16)
- FW: Pen test, tcp/1404 found - advice needed Craig Wright (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed MacEwen, Jeffrey B. (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed DUBRAWSKY, IDO (CALLISMA) (Sep 16)
- Re: Pen test, tcp/1404 found - advice needed Sekurity Shaman (Sep 16)
- RE: Pen test, tcp/1404 found - advice needed Craig Wright (Sep 18)