Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Port 9090 WServer??

from [xyberpix] Network Security [Permanent Link]
Subject: Re: Port 9090 WServer??
Date: Tue, 17 May 2005 23:38:18 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

Just like to say thanks to everyone that replied.
I've got more than enough to go on now.

xyberpix

On 17 May 2005, at 19:25, Nathan Einwechter wrote:

Looks to me as though they're using telnet to do client-server
communications/commands. This could definitely be a possible
vulnerability point.

If this is the case, I would suggest you can do one of a few things.

1) Do a little reverse engineering on the programs to find some
interesting strings that may be commands etc..
2) Place the software into a test environment and sniff the exchanges to
and from this port during normal operation.

These should give you a general idea of what the server expects and,
potentially, where you could cram it full of data to create a buffer
overflow, information leakage, etc.

-- Nathan

-----Original Message-----
From: xyberpix [mailto:xyberpix@xyberpix.com]
Sent: Tuesday, May 17, 2005 11:12 AM
To: pen-test@securityfocus.com
Subject: Port 9090 WServer??

Hi All,

I am evaluating a bit of kit here, and it has 3 open ports on it, 22,
9090
and 30000.
22 is obviously ssh, as I have an account on the device, and using ssh
to
gain access drops me into a restricted shell.I have tried a couple of
way
of breaking out of this, and none of them seem to work, so if anyone has
any sure fire ways to break out of a restricted shell, would they please
be kind enough to share them.
The next interesting point about the device is that if I telnet to port
9090, this is what I get:

xyberpix@su621unix1> telnet hmc 9090
Trying 10.163.8.42...
Connected to sa44bshmc01.
Escape character is '^]'.


---> Now I hit Enter a couple of times and get this:

Language received from client:
Setlocale: C
Memory fault
WServer.HANDSHAKING 30001 WServer.HANDSHAKING
Connection to sa44bshmc01 closed by foreign host.
xyberpix@su621unix1>

Does anyone know of anyway that I could try and use this to my
advantage,
as it looks hopefull, but I'm not too sure?

TIA

xyberpix




For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCinJbcRMkOnlkwMERAkS6AJ9X4YCIqToJP/r/SXE6HUdT2U2TyACcCuzf
HBP20/stqq4Sbz0p23ecYSw=
=4Poh
-----END PGP SIGNATURE-----

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Netcat through Squid HTTP Proxy, Joachim Schipper
Next by Date:  penetrating web-based authentication if you know one of the usernames, Ølstad, Roger
Previous by Thread:  RE: Port 9090 WServer??, Nathan Einwechter
Next by Thread:  Re: Port 9090 WServer??, Anders Thulin
Indexes:  [Date] [Thread] [Top] [All Lists]