Penetration Testing mailing list archives
RE: RAS Gurus
From: "Nick Besant" <Nick.Besant () ioko com>
Date: Fri, 21 Apr 2006 15:36:14 +0100
-----Original Message----- From: Mohamed Abdel Kader [mailto:mak.pen () gmail com] Sent: 20 April 2006 13:10 To: pen-test () securityfocus com Subject: RAS Gurus Good day everyone, Been war dialing a number and every time I connect it doesn't send me a prompt to try to log onto the system. I couldn't identify the system responding. THC scan simply reported that it detected a carrier... Not that useful in my case. I need to identify the system and try to connect with the respective client. And possibly bruteforce the device once the login screen shows. Tried pcanywhere and carbon copy as clients and still no information was disclosed. Any ideas gurus out there??
No guru, but I'll try :) If you've actually established a connection but aren't getting any data through, it's worth trying to send a range of control characters (or even trying just normal characters or strings) through something like tip (or HyperTerminal on Windows). You may also find that nothing obvious works; it could be a callback service. If that's the case you could try disconnecting and dialling back immediately to see if you get a busy tone -obviously that won't apply for multiple lines - but it might give you a start point. If you've got additional information as part of a larger pentest it might help identify what you'd expect to be listening. There's always the possibility it's a backdoor/maintenance number/alarm system of some kind as well. Nick Besant Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes. Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation. ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- RAS Gurus Mohamed Abdel Kader (Apr 20)
- Re: RAS Gurus William Hancock (Apr 23)
- Re: RAS Gurus (OT) Mathieu CHATEAU (Apr 25)
- <Possible follow-ups>
- RE: RAS Gurus Shenk, Jerry A (Apr 20)
- RE: RAS Gurus Christaan de Vries (Apr 23)
- RE: RAS Gurus Nick Besant (Apr 23)