Penetration Testing: Re: failure notice

["sr." <staticrez () gmail com>]

try to browse to that port with a browser.

throw the telnet prompt a GET HTTP/1.0 and see what you get back. if
you get html, then it's most likely a web server.

i've seen many instances where a server (firewall) will throw back a
bunch of open ports. ports that aren't even open on the system in
question. That host is usually sitting behind a firewall or an IPS. Of
course, the possibility that those ports are actually open because of
a careless admin also exists. let's not rule out a honeypot either.

also, verify that port 22 is actually open by telnet(ing) there as
well. sshd will usually send back a nice little version banner. use
that information and check that version for known exploits. then learn
how to run a script from a real shell because you'll have to.

sr.
<saving bandwidth>

On Mon, Dec 15, 2008 at 4:42 PM, Dante Lanznaster <dantecl () gmail com> wrote:
> I believe this scan was internal. I really hope so.
>
> 1) too many ports open / listening. You need to do service fingerprinting.
> 2) connecting via telnet to a listening port will always yield a
> "connected" prompt and that's hardly a shell.
>
>
> On Mon, Dec 15, 2008 at 9:24 AM, lgpmsec <lgpmsec () gmail com> wrote:
> > Hi again all,
> >
> > Please find below the nmap results for the specific server, and let me know
> > if it adds value:
> >
> > bt ~ # nmap -sT -vv x.x.x.120
> >
> > Starting Nmap 4.60 ( http://nmap.org ) at 2008-12-15 15:04 GMT
> > Initiating Ping Scan at 15:04
> > Scanning x.x.x.120 [2 ports]
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------