Penetration Testing mailing list archives
RE: Pentesting a HP-UX with SMSC
From: Sebastian Muñiz <smuniz () elinpar com>
Date: Fri, 10 Jun 2005 12:05:05 -0300
This apps Do install default user/password but depends on the one that you found.... You should try to indentify this one but thought SMSC has no tcp port specially assigned to it, it won't help you unless this software version is in the default port (and identifying the version of every SMSC arround should be a very hard work)... If you want to connect to it, you should get an ESME (which is the client that connects to a SMSC in this kind of Client-Server architecture) but the protocol SMPP they use (Short Message Peer To Peer) uses username and password (the password could be blank is the SMSC admin wanted so). Here I sent you a link to a page where you can find the SMPP protocol specification and a ESME client made in java to test against this server of yours. http://opensmpp.logica.com/CommonPart/Download/download2.html You could allways try to get the source code for this inplementation (if this is available) and try to find bugs in it but it is a subject for another post ;-) ohh... and i am not aware of any exploit arround for any implementation of this protocol!!! :( But if you get one, let me know :) anyway..... Are you sure it is an SMSC server that you found???? Cheers, Sebastian -----Mensaje original----- De: J. K. [mailto:pentest_ml () yahoo com] Enviado el: Miércoles, 08 de Junio de 2005 11:05 a.m. Para: pen-test () securityfocus com Asunto: Pentesting a HP-UX with SMSC Hello fellow pen-testers, in my current engagement I bumped into a HP-UX (B.11.11) server protected by a firewall (not an internet facing firewall, tho). The only open ports I can connect to are telnet and 9971. Connecting to 9971 I get the following: # telnet x.x.x.x 9971 Trying x.x.x.x... Connected to x.x.x.x. Escape character is '^]'. CIMD2-A ConnectionInfo: SessionId = 32551 PortId = 4 Time = 050608153449 AccessType = TCPIP_SOCKET PIN = 630777 Googling around, I found that this daemon should be a SMSC (Short Message Service Center). I also found that on HP-UX there are a few SMSC apps available (Locus, FEELingK,...) My questions are: 1. Do you know of any vulnerability or attack avenue on this protocol/service ? 2. Do you know if these SMSC apps install some default user whose password I can try to guess ? 3. Any other idea ? Of course I could just fire off Hydra against the telnet server, but I would like to find something less noisy ;) Thanks j.k. __________________________________ Discover Yahoo! Have fun online with music videos, cool games, IM and more. Check it out! http://discover.yahoo.com/online.html
Current thread:
- Pentesting a HP-UX with SMSC J. K. (Jun 08)
- <Possible follow-ups>
- RE: Pentesting a HP-UX with SMSC Sebastian Muñiz (Jun 10)
- RE: Pentesting a HP-UX with SMSC J. K. (Jun 12)
- RE: Pentesting a HP-UX with SMSC Sebastian Muñiz (Jun 12)
- Pentesting a SONUS / SIP Network Luis H. Gomez-Danes Mejia (Jun 12)
- Re: Pentesting a SONUS / SIP Network Mihai Amarandei (Jun 13)
- Pentesting a SONUS / SIP Network Luis H. Gomez-Danes Mejia (Jun 12)