Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: "MIPS" Pentesting
From: Zack Payton <zpayton () gmail com>
Date: Wed, 6 Jan 2010 21:28:23 -0800

You could use Maltego, nbtstat, and/or Active Directory, to build a
list of possible users and passwords and then use something like Hydra
to run a massive parallel brute force.

Additionally you could call the company in the link Wayne pointed out
above and find out from them their default passwords (perhaps you can
download a PDF of the manual).  Additionally the manual may give you
some ideas for filenames you could grab/write using TFTP (which the
site says the ZEM supports).

Z

On Tue, Jan 5, 2010 at 5:06 AM, Abuse 007 <abuse007 () gmail com> wrote:
What about an IP protocol scan?

Can you sniff the network segment it is in, or are you multiple hops away?


On Tue, Jan 5, 2010 at 9:10 AM, Wayne Dawson
<Wayne_Dawson () inventuresolutions com> wrote:
http://www.zk-usa.com/edk_zem300.php

Appears to be a biometric device.

"ZEM300 uses 32 bit parallel high-speed 400 MHz CPU ZK6001 that can be conveniently connected with TFT,USB Host, 
WIFI, GPRS/CDMA and such external equipments."

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Elliot Fernandes
Sent: Monday, January 04, 2010 3:33 AM
To: pen-test () securityfocus com
Subject: "MIPS" Pentesting

When testing a network, I was using nmap and I came up with a system that had port 23 open. So I netcat'ed into it 
and I got:

Welcome to Linux (ZEM300) for MIPS
Kernel 2.4.20 Treckle on an MIPS

Has anyone come across this before? It seems to be a login point for a security device (physical security) at the 
network. Thing is, I have no documentation on the "MIPS", neither from google or from anywhere else. Anyone got 
ideas on this? And I'm running hydra with a wordlist, and a bruteforcer at the same time on it.




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


This email and any files transmitted with it are confidential and intended solely for the use of the individual to 
whom they are addressed. If you have received this email in error, please delete this email from your system.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault