Penetration Testing mailing list archives
Re: Port 9090 WServer??
From: xyberpix <xyberpix () xyberpix com>
Date: Tue, 17 May 2005 23:38:18 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, Just like to say thanks to everyone that replied. I've got more than enough to go on now. xyberpix On 17 May 2005, at 19:25, Nathan Einwechter wrote:
Looks to me as though they're using telnet to do client-server communications/commands. This could definitely be a possible vulnerability point. If this is the case, I would suggest you can do one of a few things. 1) Do a little reverse engineering on the programs to find some interesting strings that may be commands etc..2) Place the software into a test environment and sniff the exchanges toand from this port during normal operation. These should give you a general idea of what the server expects and, potentially, where you could cram it full of data to create a buffer overflow, information leakage, etc. -- Nathan -----Original Message----- From: xyberpix [mailto:xyberpix () xyberpix com] Sent: Tuesday, May 17, 2005 11:12 AM To: pen-test () securityfocus com Subject: Port 9090 WServer?? Hi All, I am evaluating a bit of kit here, and it has 3 open ports on it, 22, 9090 and 30000. 22 is obviously ssh, as I have an account on the device, and using ssh to gain access drops me into a restricted shell.I have tried a couple of wayof breaking out of this, and none of them seem to work, so if anyone has any sure fire ways to break out of a restricted shell, would they pleasebe kind enough to share them. The next interesting point about the device is that if I telnet to port 9090, this is what I get: xyberpix@su621unix1> telnet hmc 9090 Trying 10.163.8.42... Connected to sa44bshmc01. Escape character is '^]'. ---> Now I hit Enter a couple of times and get this: Language received from client: Setlocale: C Memory fault WServer.HANDSHAKING 30001 WServer.HANDSHAKING Connection to sa44bshmc01 closed by foreign host. xyberpix@su621unix1> Does anyone know of anyway that I could try and use this to my advantage, as it looks hopefull, but I'm not too sure? TIA xyberpix
For Security And Open Source News And Info Visit: http://www.xyberpix.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCinJbcRMkOnlkwMERAkS6AJ9X4YCIqToJP/r/SXE6HUdT2U2TyACcCuzf HBP20/stqq4Sbz0p23ecYSw= =4Poh -----END PGP SIGNATURE-----
Current thread:
- Re: Wireless cards, (continued)
- Re: Wireless cards Jeffrey Denton (May 15)
- Re: Wireless cards Zac Mutrux (May 15)
- Re: Wireless cards Lockdown (May 16)
- Re: Wireless cards Mark Owen (May 15)
- Message not available
- Re: Wireless cards (Unsupported Card fix) Mark Owen (May 16)
- Message not available
- Re: Wireless cards Guido Bolognesi [Zen] (May 15)
- Re: Wireless cards Larent (May 16)
- Re: Wireless cards rusty chiles (May 16)
- Port 9090 WServer?? xyberpix (May 17)
- RE: Port 9090 WServer?? Nathan Einwechter (May 18)
- Re: Port 9090 WServer?? xyberpix (May 18)
- Re: Port 9090 WServer?? Anders Thulin (May 18)
- Port 9090 WServer?? xyberpix (May 17)
- Westell wirespeed modem Sherwyn Williams (May 27)
- RE: Wireless cards Mark Dickson (May 16)
- RE: Wireless cards marko ruotsalainen (May 16)
- RE: Wireless cards Richard Zaluski (May 16)