Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Port 4662 exploitation
From: "Boogie B." <boogiebruva () yahoo co uk>
Date: Thu, 18 Dec 2008 21:00:06 +0100

off the top of my head, isn't that one of the ports that emule uses?

ArcSighter Elite wrote:
sr. wrote:
try to browse to that port with a browser.

throw the telnet prompt a GET HTTP/1.0 and see what you get back. if
you get html, then it's most likely a web server.

i've seen many instances where a server (firewall) will throw back a
bunch of open ports. ports that aren't even open on the system in
question. That host is usually sitting behind a firewall or an IPS. Of
course, the possibility that those ports are actually open because of
a careless admin also exists. let's not rule out a honeypot either.

also, verify that port 22 is actually open by telnet(ing) there as
well. sshd will usually send back a nice little version banner. use
that information and check that version for known exploits. then learn
how to run a script from a real shell because you'll have to.

sr.
<saving bandwidth>

On Mon, Dec 15, 2008 at 4:42 PM, Dante Lanznaster
<dantecl () gmail com> wrote:
I believe this scan was internal. I really hope so.

1) too many ports open / listening. You need to do service
fingerprinting.
2) connecting via telnet to a listening port will always yield a
"connected" prompt and that's hardly a shell.


On Mon, Dec 15, 2008 at 9:24 AM, lgpmsec <lgpmsec () gmail com> wrote:
Hi again all,

Please find below the nmap results for the specific server, and
let me know
if it adds value:

bt ~ # nmap -sT -vv x.x.x.120

Starting Nmap 4.60 ( http://nmap.org ) at 2008-12-15 15:04 GMT
Initiating Ping Scan at 15:04
Scanning x.x.x.120 [2 ports]
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


Excuses to everyone not alluded, but don't you people know this:

    nmap -sS -P0 -T0 -sV -O host 445

It just basic nmap, and will give us the clues we need to help the author.

It's just that, one targeted port on 445 or 22 with service
fingerprinting, and the like. We only need this to get a clue about the
host's purpose.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault