Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Port 1443

from [Lee Lawson] Network Security [Permanent Link]
Subject: Re: Port 1443
Date: Fri, 22 Dec 2006 08:40:02 +0000 
Right, let's get this clear now.  The question was "what service runs
on 1443".  This is not the 1433 and 1434 that MS SQL server runs on.

A quick search on the neohapsis port listing reveals:
1443 tcp ies-lm Integrated Engineering Software
1443 udp ies-lm Integrated Engineering Software

I expected better than the answers given from this mailing list.

I would recommend something similar to Mark Fosters solution
(obviously insert your target IP address!):

nmap -sV -P0 -p 1443 -vv 192.168.1.1
(that's two v's not one w!)

telnet 192.168.1.1 1443

But I would also suggest that you run a sniffer like tcpdump or
wireshark on your attacking system to analyse any response packets.



On 12/22/06, Jamie Riden <jamie.riden@gmail.com> wrote: 
On 22/12/06, Richards, Jim <jim.richards@dot.state.wi.us> wrote:
> Isn't that the admin port for sql-server
>
[resend, bounced due to nonsubcribed address]

Nearly. Slammer exploited a flaw in SQL server on 1434/udp. SQL server
also uses 1433/tcp IIRC.

"The worm targeting SQL Server computers is self-propagating malicious
code that exploits the vulnerability described in VU#484891
(CAN-2002-0649). This vulnerability allows for the execution of
arbitrary code on the SQL Server computer due to a stack buffer
overflow.

Once the worm compromises a machine, it will try to propagate itself.
The worm will craft packets of 376-bytes and send them to randomly
chosen IP addresses on port 1434/udp. If the packet is sent to a
vulnerable machine, this victim machine will become infected and will
also begin to propagate. Beyond the scanning activity for new hosts,
the current variant of this worm has no other payload." --
http://www.cert.org/advisories/CA-2003-04.html

cheers,
 Jamie
--
Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com
NZ Honeynet project - http://www.nz-honeynet.org/



--
Lee J Lawson
leejlawson@gmail.com
leejlawson@hushmail.com

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Banner Grabbing, Dan Catalin Vasile
Next by Date:  RE: Pen-test Freesshd 1.10, Clemens, Dan
Previous by Thread:  Re: Port 1443, Jamie Riden
Next by Thread:  Re: Port 1443, Jamie Riden
Indexes:  [Date] [Thread] [Top] [All Lists]