Home page logo

pen-test logo Penetration Testing mailing list archives

Re: FW: Port 4662 exploitation
From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 15 Dec 2008 14:26:27 -0600

"lgpmsec" <lgpmsec () gmail com> writes:
Hi again all,

Please find below the nmap results for the specific server, and let me know
if it adds value:

bt ~ # nmap -sT -vv x.x.x.120

Starting Nmap 4.60 ( http://nmap.org ) at 2008-12-15 15:04 GMT

Completed SYN Stealth Scan at 16:05, 3639.22s elapsed (1715 total ports)
Host x.y.com (x.x.x.120) appears to be up ... good.
Interesting ports on x.y.com (x.x.x.120):
Not shown: 1611 filtered ports, 55 closed ports
17/tcp   open  qotd
4662/tcp open  edonkey
I also telneted to the 4662 port, getting:

bt ~ # telnet x.x.x.120 4662
Trying x.x.x.120...
Connected to x.x.x.120.
Escape character is '^]'.

^QConnection closed by foreign host.

Please advise on how to proceed

You've manually confirmed nmap's results that there is _something_
listening there.  Instead of telnet, I prefer nc -v x.x.x120 4662 to
get a connection confirmation in netcat's verbose output.

One usual thing to do is to hit those open ports with a -sV version
scan.  If you'd like to see what nmap is doing in trying to divine its
version detection, you can scan just that port and look at the version
trace for ideas on how to do such manual futzing in the future:

nmap --version_trace -P0 -n -v -v -sV -p 4662 x.x.x.120 

The scan you performed does no service fingerprinting (-sV) specified,
so nmap is just showing what /etc/services has for the port number in
question, which for ports off the beaten path is often wrong or

Todd Haverkos, LPT MsCompE

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]