Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 4662 exploitation

From: ArcSighter Elite <arcsighter () gmail com>
Date: Fri, 12 Dec 2008 16:42:55 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mohamad M wrote:

Hello All,

I'm doing a vulnerability assessment for my company, and saw that port 4662
(edonkey) is open on 1 device facing the internet. I telneted to 4662, and I
got connected; since I'm new to this domain, what are the steps needed in
order to exploit this vulnerability?

Thanks,

./Lgpmsec


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------




An open port is never a vulnerability, only if the running service that
binds to that port is actually vulnerable. What makes me ask, have you
actually done a service fingerprint to determine is e-donkey?, cause
that looks pretty weird to me.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJQtqjH+KgkfcIQ8cRAgNoAJ9UwNxQVPYRoiiTFR+RodSlMKSnKQCg6pfX
66R/06sfIeFD5pxulEsjxyM=
=cYuf
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: