Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Port 4662 exploitation
From: "Mohamad M" <lgpmsec () gmail com>
Date: Fri, 12 Dec 2008 23:57:40 +0200

Hi again,

I agree it looks very weird; I simply started a Syn scan with nmap, and got
that tcp 4662 is open; when I telneted to 4662, I got shell, but then did
not know how to proceed, hence my email.

Thanks,

-----Original Message-----
From: ArcSighter Elite [mailto:arcsighter () gmail com] 
Sent: Friday, December 12, 2008 11:43 PM
To: Mohamad M
Cc: pen-test () securityfocus com
Subject: Re: Port 4662 exploitation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mohamad M wrote:
Hello All,

I'm doing a vulnerability assessment for my company, and saw that port
4662
(edonkey) is open on 1 device facing the internet. I telneted to 4662, and
I
got connected; since I'm new to this domain, what are the steps needed in
order to exploit this vulnerability?

Thanks,

./Lgpmsec


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



An open port is never a vulnerability, only if the running service that
binds to that port is actually vulnerable. What makes me ask, have you
actually done a service fingerprint to determine is e-donkey?, cause
that looks pretty weird to me.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJQtqjH+KgkfcIQ8cRAgNoAJ9UwNxQVPYRoiiTFR+RodSlMKSnKQCg6pfX
66R/06sfIeFD5pxulEsjxyM=
=cYuf
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]