Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Port 4662 exploitation
From: "Jeremi Gosney" <Jeremi.Gosney () motricity com>
Date: Sun, 14 Dec 2008 11:33:05 -0800

"when you telnet into an unknown port you are not doing it to get a
shell, but to get a tcp header and know what services might be running
on that port.."

That statement is most definitely false. While banner collection is
certainly one facet of penetration testing, you most definitely ARE
checking for things like rootkits. Discovering a shell listening on an
arbitrary port is clearly a most valuable find. Mr Bensley's follow-up
questions are most relevant here; surely you would have known what to do
if you discovered a shell listening on a port, so my assumption is you
are mis-using the word.

Looking forward to your answers.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of James Bensley
Sent: Saturday, December 13, 2008 12:20 PM
To: pen-test () securityfocus com; Jorge L. Vazquez
Cc: Mohamad M; ArcSighter Elite
Subject: Re: Port 4662 exploitation

Wel you telnet to that port do you get a heading in return?

or when you say a shell do you actually get a prompt to start entering
commands, whats the prompt you get if so? Also if ti is a full shell can
you run any commands, what is the output when you run "whoami" ??

Use the netstat command to list any connections (irrelivent of their
state i.e. established or listening) and display the program responsible
for the connection so you can see where it is comming from?

Send us your results ;)

2008/12/13 Jorge L. Vazquez <jlvazquez825 () gmail com>:
when you telnet into an unknown port you are not doing it to get a 
shell, but to get a tcp header and know what services might be running

on that port..

-j0rg3
blog: www.pctechtips.org


Mohamad M wrote:
Hi again,

I agree it looks very weird; I simply started a Syn scan with nmap, 
and got that tcp 4662 is open; when I telneted to 4662, I got shell, 
but then did not know how to proceed, hence my email.

Thanks,

-----Original Message-----
From: ArcSighter Elite [mailto:arcsighter () gmail com]
Sent: Friday, December 12, 2008 11:43 PM
To: Mohamad M
Cc: pen-test () securityfocus com
Subject: Re: Port 4662 exploitation

Mohamad M wrote:
Hello All,

I'm doing a vulnerability assessment for my company, and saw that 
port
4662
(edonkey) is open on 1 device facing the internet. I telneted to
4662, and
I
got connected; since I'm new to this domain, what are the steps
needed in
order to exploit this vulnerability?

Thanks,

./Lgpmsec


-------------------------------------------------------------------
-----
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
-------------------------------------------------------------------
-----



An open port is never a vulnerability, only if the running service 
that binds to that port is actually vulnerable. What makes me ask, 
have you actually done a service fingerprint to determine is 
e-donkey?, cause that looks pretty weird to me.

Sincerely.

----------------------------------------------------------------------
--
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
----------------------------------------------------------------------
--





----------------------------------------------------------------------
--
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
----------------------------------------------------------------------
--





--
-----BEGIN GEEK CODE BLOCK-----
  Version: 3.1
GIT/MU/U dpu s: a--> C++>$ U+> L++> B-> P+> E?> W+++>$ N K W++ O M++>$
V-
PS+++ PE++ Y+ PGP t 5 X+ R- tv+ b+> DI D+++ G+ e(+++++) h--(++) r++ z++
------END GEEK CODE BLOCK------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault