Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting GUID

From: Jonathan Cran <jcran () 0x0e org>
Date: Wed, 23 Dec 2009 16:47:30 -0500
Judging by the lack of replies, you're sort of on your own here. It
could be a licensing server, it could be some custom-build messaging
system, it could just be injecting a little randomness into the
universe *shrug*

amap probably isn't going to help in this case. i assume you've done
fingerprinting on the box using nmap/nessus/nexpose?

Maybe try sequencing the GUIDs to identify any interesting patterns?

jcran


On Sat, Dec 19, 2009 at 5:09 PM, Daniel Clemens
<daniel.clemens () packetninjas net> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


While doing a pentest I ran across a service which responds with what looks to be a GUID.

Example 1
Connection to x.x.x.x 35000 port [tcp/*] succeeded!
{8F418F3C-4530-4198-9988-8B6E8E646991}Q?,?,?w>f???)??
                                                    ?nX?W?EOL{8F418F3C-4530-4198-9988-8B6E8E646991}EOL


Example 2
0000:  7b46 4641 3131 4334 442d 4437 4237 2d34    [ {FFA11C4D-D7B7-4 ]
0010:  4139 312d 4146 4643 2d32 4133 3534 4143    [ A91-AFFC-2A354AC ]
0020:  3331 4539 457d 1551 ab2c ae2c b077 3e66     [ 31E9E}.Q.,.,.w>f ]
0030:  fbb8 cb29 02ab f30c fc6e 5816 1dd1 0400            [ ...).....nX..... ]
0040:  0000 1800 0000 0400 0000 5786 0000 454f     [ ..........W...EO ]
0050:  4c7b 4646 4131 3143 3444 2d44 3742 372d    [ L{FFA11C4D-D7B7- ]
0060:  3441 3931 2d41 4646 432d 3241 3335 3441    [ 4A91-AFFC-2A354A ]
0070:  4333 3145 3945 7d45 4f4c                                     [ C31E9E}EOL       ]


Has anyone run across a service which act like the information provided above or could help in why or what a service 
responding with GUID information would be used for.
(especially as an external service).

Any ideas would be appreciated.

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851
"Moments of sorrow are moments of sobriety"











-----BEGIN PGP SIGNATURE-----

iD8DBQFLLU8BlZy1vkUrR4MRAiQUAJ9hnh8Wrjrdb2PFl0/2tlsORxsUUACdFtzD
Zklf5QALah+nbM52KaGFf4U=
=e1IN
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------



--
Jonathan Cran
jcran () 0x0e org
515.890.0070

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: