Home page logo

pen-test logo Penetration Testing mailing list archives

Re: failure notice
From: "sr." <staticrez () gmail com>
Date: Mon, 15 Dec 2008 19:17:43 -0500

try to browse to that port with a browser.

throw the telnet prompt a GET HTTP/1.0 and see what you get back. if
you get html, then it's most likely a web server.

i've seen many instances where a server (firewall) will throw back a
bunch of open ports. ports that aren't even open on the system in
question. That host is usually sitting behind a firewall or an IPS. Of
course, the possibility that those ports are actually open because of
a careless admin also exists. let's not rule out a honeypot either.

also, verify that port 22 is actually open by telnet(ing) there as
well. sshd will usually send back a nice little version banner. use
that information and check that version for known exploits. then learn
how to run a script from a real shell because you'll have to.

<saving bandwidth>

On Mon, Dec 15, 2008 at 4:42 PM, Dante Lanznaster <dantecl () gmail com> wrote:

I believe this scan was internal. I really hope so.

1) too many ports open / listening. You need to do service fingerprinting.
2) connecting via telnet to a listening port will always yield a
"connected" prompt and that's hardly a shell.

On Mon, Dec 15, 2008 at 9:24 AM, lgpmsec <lgpmsec () gmail com> wrote:
Hi again all,

Please find below the nmap results for the specific server, and let me know
if it adds value:

bt ~ # nmap -sT -vv x.x.x.120

Starting Nmap 4.60 ( http://nmap.org ) at 2008-12-15 15:04 GMT
Initiating Ping Scan at 15:04
Scanning x.x.x.120 [2 ports]

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]