Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RAS Gurus

from [Nick Besant] Network Security [Permanent Link]
Subject: RE: RAS Gurus
Date: Fri, 21 Apr 2006 15:36:14 +0100 
-----Original Message-----
From: Mohamed Abdel Kader [mailto:mak.pen@gmail.com] 
Sent: 20 April 2006 13:10
To: pen-test@securityfocus.com
Subject: RAS Gurus

Good day everyone,

Been war dialing a number and every time I connect it doesn't 
send me a prompt to try to log onto the system.  I couldn't 
identify the system responding.

THC scan simply reported that it detected a carrier... Not 
that useful in my case. I need to identify the system and try 
to connect with the respective client. And possibly 
bruteforce the device once the login screen shows.

 

Tried pcanywhere and carbon copy as clients and still no 
information was disclosed.

 

Any ideas gurus out there??



No guru, but I'll try :)

If you've actually established a connection but aren't getting any data
through, it's worth trying to send a range of control characters (or
even trying just normal characters or strings) through something like
tip (or HyperTerminal on Windows).  You may also find that nothing
obvious works; it could be a callback service.  If that's the case you
could try disconnecting and dialling back immediately to see if you get
a busy tone -obviously that won't apply for multiple lines - but it
might give you a start point.  If you've got additional information as
part of a larger pentest it might help identify what you'd expect to be
listening.  There's always the possibility it's a backdoor/maintenance
number/alarm system of some kind as well.

Nick Besant


Communications on or through ioko's computer systems may be monitored or 
recorded to secure effective system operation and for other lawful purposes.

Unless otherwise agreed expressly in writing, this communication is to be 
treated as confidential and the information in it may not be used or disclosed 
except for the purpose for which it has been sent. If you have reason to 
believe that you are not the intended recipient of this communication, please 
contact the sender immediately. No employee is authorised to conclude any 
binding agreement on behalf of ioko with another party by e-mail without prior 
express written confirmation.

ioko365 Ltd.  VAT reg 656 2443 31. Reg no 3048367. All rights reserved.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Which language for sorting scan results?, Eoin
Next by Date:  RE: AS400 telnet traffic, McLean, Michael R
Previous by Thread:  RE: RAS Gurus, Christaan de Vries
Next by Thread:  Live Linux Distro, Hank
Indexes:  [Date] [Thread] [Top] [All Lists]