Penetration Testing mailing list archives

RE: Digital UNIX 5.60 recourses

From: "David S. Morgan" <captkras () earthlink net>
Date: Fri, 16 Aug 2002 14:21:12 -0400

Well said,

I usually treat Digital Unix (True 64) the same as any other version ofUnix. Find out what is running on what port (use of netcat, nmap,superscan.exe for banner grabbing and port scanning). And see if there areany known holes. You have sunrpc running on it, so enumerat that. Thereare quite a few holes in rpc anyways. I also noticed port 139 open. Is itrunning samba? That could be a possibility. X11 is also a good one to probe.


Hope that helps.

Dave Morgan
AAC Associates, Inc.

At 11:31 AM 8/16/2002 -0500, Fabrizio Siciliano wrote:

Hi Alex.

Aside from the "brute-force" password guessing on telnet and ftp ports,
you should try and look for vulnerabilities associated with the services
that are listening on that box.

Grab some of the banners coming off of those services to see exactly
what version of lets say...ftp, smtp, named (BIND) maybe it's an
exploitable version of bind, http, all the goodies. lpd is also
listening, so look for lpd exploits.

I hope this helps.

./fab

http://www.aisec.net


> -----Original Message-----
> From: Alex Balayan [mailto:balayan () bigpond net au]
> Sent: Friday, August 16, 2002 10:01 AM
> To: pen-test () securityfocus com
> Subject: Digital UNIX 5.60 recourses
>
>
> Hi all,
>
> I am conducting a penetration tests for a client running a cluster of
> Digital UNIX 5.60. All the server are exposed to the Internet.
>
> Below is an output of a nmap scan.
>
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> Interesting ports on client.digital.unix.com(XXX.XXX.XXX.XXX):
> (The 1579 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/tcp     open        ftp
> 23/tcp     open        telnet
> 25/tcp     open        smtp
> 53/tcp     open        domain
> 80/tcp     open        http
> 110/tcp    open        pop-3
> 111/tcp    open        sunrpc
> 139/tcp    filtered    netbios-ssn
> 143/tcp    open        imap2
> 436/tcp    open        dna-cml
> 513/tcp    open        login
> 514/tcp    open        shell
> 515/tcp    open        printer
> 587/tcp    open        submission
> 1024/tcp   open        kdm
> 1025/tcp   open        NFS-or-IIS
> 1026/tcp   open        LSA-or-nterm
> 1027/tcp   open        IIS
> 1029/tcp   open        ms-lsa
> 6000/tcp   open        X11
> 6112/tcp   open        dtspc
> 8081/tcp   open        blackice-icecap

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


-----
David S. Morgan CISSP, CCNP
aka: captkras () earthlink net

"Honor is a Man's Gift to Himself"
Rob Roy MacGregor, Scotland circa 1700 A.D.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Digital UNIX 5.60 recourses Alex Balayan (Aug 16)
- <Possible follow-ups>
- RE: Digital UNIX 5.60 recourses Fabrizio Siciliano (Aug 16)
- RE: Digital UNIX 5.60 recourses David S. Morgan (Aug 16)
- RE: Digital UNIX 5.60 recourses Earl Sammons (Aug 19)
- RE: Digital UNIX 5.60 recourses Muhammad Faisal Rauf Danka (Aug 19)