Penetration Testing mailing list archives
Re: Alisse
From: matteo filippetto <matteo.filippetto () gmail com>
Date: Fri, 31 Jul 2009 13:51:51 +0200
2009/7/29 Yiannis Koukouras <ikoukouras () gmail com>:
Ioannis (Yiannis) Koukouras Wim, I am covered by the RoE for this system. However i can do any social engineering attacks to get info for the server. Bellow is the hexdump of the connection. nc XXX.XXX.XXX.XXX 9025 | hexdump 0000000 3c06 4c41 5349 4553 303e 0226 5f20 f70f 0000010 c7b1 1d4b a902 9999 46b7 b50c a1f0 183e 0000020 3fb4 97fa 1eb9 229c 234b f420 0261 4902 I wrote a jolt client (stitching example code) in order to talk to the Jolt server (if this is one of those), but it is not able to even open a session to the system. Thus, maybe we should be looking at another direction. The sure thing is that this is not a rogue service. It is a legitimate service and the client knows about it, but they won't disclose more info. :( On Tue, Jul 28, 2009 at 10:13 PM, Wim Remes<wremes () gmail com> wrote:Yiannis, if it is a BEA (Jolt) system, it is a web-service, but not necessarilly a web server exposed to the world. The response you get from the server doesn't tell very much, it looks like it is some sort of binary code. AFAIK the Jolt server functions as a service catalogue, but I'm not a BEA expert ... If you can get some inside knowledge about the server (through Social Engineering?) or you know a BEA expert to tell you something more, you might want to look into Unicornscan with which you might be able to craft some nifty packages to trigger the service to tell you something more. Looks like you found some exotic stuff there ... Be sure that this kind of trickery is in your rules of engagement though ... You don't want to get slapped on the wrist for bringing down a business critical service ... Cheers, Wim On 28 Jul 2009, at 12:47, Yiannis Koukouras wrote:Hi, Nmap says it is a windows pc. unfortunately it is the only open port on the system and we can not determine neither the OS or the business role of the system. Of cource I will update you should I find anything. I did a little reasearch on the BEA scenario and it appears that it may be a BEA JSL (Jolt Server Listener). Hmm...if this is the case, this is an exposed WS to the world. right? Ioannis (Yiannis) Koukouras On Tue, Jul 28, 2009 at 1:31 PM, administrator -<illegal.visitor () gmail com> wrote:Hi there, A few questions regarding your mail: - What OS is the system running? - Any other ports/apps that might give a hint? - If it is a company pc, what branche they operate in? Answers on the above limit the scope of your/our search :-) If you ever find out what is running, pls update us. Always good to know. Cheers! illegal_visit0r On 7/27/09, Yiannis Koukouras <ikoukouras () gmail com> wrote:Hello all, During a black box pentest, I found port 9025 open on a system and when I connected with nc I got the following reply (follow link to view the reply as it is in non ASCII format): http://pastebin.ca/1494670 Do you think this is a web service listener or something like that? The tags indicate that tha this has something to do with XML. Nevertheless, it does not respond to any input.... I am open to ideas... Thnx, Ioannis (Yiannis) Koukouras ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Hi, a simple search in google shows this information http://www.seifried.org/security/ports/index.php?port_number=9025 Bye -- Matteo Filippetto ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Alisse Yiannis Koukouras (Jul 27)
- Re: Alisse Wim Remes (Jul 28)
- Re: Alisse administrator - (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Christine Kronberg (Jul 30)
- Message not available
- Re: Alisse Yiannis Koukouras (Jul 30)
- Re: Alisse matteo filippetto (Jul 31)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse Yiannis Koukouras (Jul 28)
- Re: Alisse R. DuFresne (Jul 30)
- <Possible follow-ups>
- Re: Alisse maniacode (Jul 30)