Home page logo

pen-test logo Penetration Testing mailing list archives

RE: RAS Gurus
From: "Nick Besant" <Nick.Besant () ioko com>
Date: Fri, 21 Apr 2006 15:36:14 +0100

-----Original Message-----
From: Mohamed Abdel Kader [mailto:mak.pen () gmail com] 
Sent: 20 April 2006 13:10
To: pen-test () securityfocus com
Subject: RAS Gurus

Good day everyone,

Been war dialing a number and every time I connect it doesn't 
send me a prompt to try to log onto the system.  I couldn't 
identify the system responding.

THC scan simply reported that it detected a carrier... Not 
that useful in my case. I need to identify the system and try 
to connect with the respective client. And possibly 
bruteforce the device once the login screen shows.


Tried pcanywhere and carbon copy as clients and still no 
information was disclosed.


Any ideas gurus out there??

No guru, but I'll try :)

If you've actually established a connection but aren't getting any data
through, it's worth trying to send a range of control characters (or
even trying just normal characters or strings) through something like
tip (or HyperTerminal on Windows).  You may also find that nothing
obvious works; it could be a callback service.  If that's the case you
could try disconnecting and dialling back immediately to see if you get
a busy tone -obviously that won't apply for multiple lines - but it
might give you a start point.  If you've got additional information as
part of a larger pentest it might help identify what you'd expect to be
listening.  There's always the possibility it's a backdoor/maintenance
number/alarm system of some kind as well.

Nick Besant

Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation 
and for other lawful purposes.

Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information 
in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe 
that you are not the intended recipient of this communication, please contact the sender immediately. No employee is 
authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express 
written confirmation.

ioko365 Ltd.  VAT reg 656 2443 31. Reg no 3048367. All rights reserved.

This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]