Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: WarDialing: can't identify the system (binary signature)

WarDialing: can't identify the system (binary signature)

From: Zgrp unknow <zgrp_zgrp_at_yahoo.com.br>
Date: Thu, 22 May 2008 12:38:08 -0300 (ART)

Hi pentesters

I'm conducting a WarDialing assesment and I found some
numbers from my range that "are connectable"... they
are not unix-like systems (at last I *think*), the
output produced by them is not human readable (like
binary protocols).

If I connect to some of them via Windows Hyperterminal
I get strange texts like:

"~?~?~?~?~?~?~?~?~?"
"C??N??E??T??3??0??N??E??"

Or other unreadable things like the above.

Some detailed information from the WarDailing is
below:

- SENT ATDT NUMBER01<CR>
- RECEIVED <CR><NL> 0d 0a
- RECEIVED CONNECT 300 NoEC<CR><NL>43 4f 4e
4e45 43 54 20 33 30 30 20 4e 6f 45 43 0d 0a
- RECEIVED
~?~?~?~?~?~?~?~?~?<?><NUL><BS><STX><SOH>@<DLE><BS><EOT><STX><SOH>@<DLE><BS><EOT><STX><SOH>@%<?>~?<?><EOT><DLE><?><?>D<?><?>~?
7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f
df 00 08 02 01 40 20 10 08 04 02 01 40 20 10 08 04 02
01 40 25 f6 7e 3f df 04 10 e0 d7 44 d5 f9 7e 3f
- RECEIVED <CR><NL> 0d 0a
- RECEIVED NO CARRIER<CR><NL> 4e 4f 20
4341 52 52 49 45 52 0d 0a

- SENT ATDT NUMBER02<CR>
- RECEIVED <CR><NL> 0d 0a
- RECEIVED CONNECT 300 NoEC<CR><NL> 434f
4e 4e 45 43 54 20 33 30 30 20 4e 6f 45 43 0d 0a
- RECEIVED ~?~?~?~?~?~?~?~? 7e 3f 7e
3f7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f
- RECEIVED
~?~?~?~?~?~?~?~?~<US><NUL><?>@<DLE><BS><EOT><STX><SOH>@
<DLE><BS><EOT><STX><SOH>@<?><?><?><?><EOT><DLE><?><?>D<?><?><?>
      7e 3f 7e3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f 7e 3f
7e 1f 00 81 40 20 10 08 04 02 01 40 20 10 08 04 02 01
40 20 90 c9 f6 df 04 10 e0 d7 44 d5 f9 fe
- RECEIVED <CR><NL> 0d 0a
- RECEIVED NO CARRIER<CR><NL> 4e 4f 20
4341 52 52 49 45 52 0d 0a

Do you know what application it can be? Are there any
big and constantly updated list on the internet about
WarDailing signatures that I could use to identify
them?

Any tips, ideas, are welcome.

cheers

      Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!
http://br.mail.yahoo.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 22 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos