Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: "MIPS" Pentesting
From: Elliot Fernandes <elliotfernandes () yahoo com>
Date: Mon, 4 Jan 2010 05:43:39 -0800 (PST)

For the nmap scan, all I get is:

Interesting ports on 192.168.5.2:
Not shown: 99 closed ports
PORT   STATE SERVICE VERSION
23/tcp open  telnet  ZKSoftware ZEM300 embedded linux telnetd (Kernel 2.4.20; MIPS)
Service Info: Host: Treckle; OS: Linux

I did a UDP scan but no ports were open, so I couldn't use SNMP to gather data that would allow me to access the 
device's login hash. A TCP scan reveals only one open port, 23. I'm still prompted for a login when I connect to port 
23. It doesn't seem to use default passwords like Admin, admin, password, etc, and I couldn't find a default password 
for this device in any default password list. I tried to force a buffer overflow into the device by using a very long 
password string by doing:

ncat 192.168.5.2 23 < /dev/random

and at the same time I was Hping'ing the device to check it's uptime. But it didn't reboot...That's all the info I have 
on the device. If I get a shell, I'll post info on how the compiler compiles my exploits, and how exploits, if 
possible, work under this device.

--- On Mon, 1/4/10, Reggie Wheeler <wheeler90 () comcast net> wrote:

From: Reggie Wheeler <wheeler90 () comcast net>
Subject: RE: "MIPS" Pentesting
To: "'Elliot Fernandes'" <elliotfernandes () yahoo com>
Date: Monday, January 4, 2010, 5:28 PM
I found some information that may
help you and anyone else wondering what it
is that you found.  There is way too much to put in an
email so I will just
give the links. http://en.wikipedia.org/wiki/MIPS_architecture This
link
will explain to you what a MIPS processor is, who created
them and how they
are used today.
http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:of
ficial&ei=aetBS9ffPMKUtgfJ4byJCQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0
CAYQBSgA&q=Linux+MIPS&spell=1 This google link will
give you all of the
information you want on MIPS linux porting and the
different Linux flavors
that can be ported to work with the MIPS processor.

Hope this helps you out please post more info I am curious
to know what you
found.

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On
Behalf Of Elliot Fernandes
Sent: Monday, January 04, 2010 6:33 AM
To: pen-test () securityfocus com
Subject: "MIPS" Pentesting

When testing a network, I was using nmap and I came up with
a system that
had port 23 open. So I netcat'ed into it and I got:

Welcome to Linux (ZEM300) for MIPS
Kernel 2.4.20 Treckle on an MIPS

Has anyone come across this before? It seems to be a login
point for a
security device (physical security) at the network. Thing
is, I have no
documentation on the "MIPS", neither from google or from
anywhere else.
Anyone got ideas on this? And I'm running hydra with a
wordlist, and a
bruteforcer at the same time on it.


      

------------------------------------------------------------------------
This list is sponsored by: Information Assurance
Certification Review Board

Prove to peers and potential employers without a doubt that
you can actually
do a proper penetration test. IACRB CPT and CEPT certs
require a full
practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------







------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault