RE: Unknown Telnet server

From: McCammon, Keith (Keith.McCammon@eadvancemed.com)
Date: 09/17/01


Message-ID: <BB7FD4FF9E440648A731452E5D341FB065454C@hitsexchange01.advance-med.com>
From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>
To: 'James Fullerton' <James@RS25.com>, focus-ms@securityfocus.com
Subject: RE: Unknown Telnet server
Date: Mon, 17 Sep 2001 11:31:43 -0400

First things first, nmap that bad boy and get yourself an operating system.
That's half the battle right there. Now I don't know off hand of any
exploits for the MS telnet server, but that's not to say that there aren't
any.

Also try a google search for that prompt. I did a quick one and found a few
third-party apps for NT/2000 that give the "hello>" prompt. A third-party
telnet server just increases your chances of finding an exploit. Also check
around newsgroups and such for known configuration issues. There doesn't
necessarily need to be a known exploit if you're up against a
lazy/untrained/inexperienced admin...

Keith

-----Original Message-----
From: James Fullerton [mailto:James@RS25.com]
Sent: Friday, September 14, 2001 11:38 PM
To: focus-ms@securityfocus.com
Subject: Unknown Telnet server

Hello all,

Wondering if someone can help me out. My employer has asked me to do a
security test of their network, using ANY method I can to find holes in the
network. So far I have only one tiny hole. It's a Telnet server running on
someone's desktop computer which has a hole through the firewall. However,
I have no idea what Telnet server it is, and if there are any exploits that
I could use against it. The only thing it does is, when I connect, says:

Hello>

Anything I type disconnects me, but I can connect over and over again.

Any idea on what type of Telnet server that is? Chances are that it is
running on Windows NT 4.0 with SP6, but it could be on NT server or (slight
chance) 2000 Server.

Also, does anyone know of a brute-force password guessing tool I could try
and use against it?

Thanks,

James F
James@RS25.com
Web Technical Lead



Relevant Pages

  • Re[2]: Unknown Telnet server
    ... Subject: Unknown Telnet server ... (original message has been altered to correct quoting) ... I assume it is a telnet server because it runs on port 23 ... > I can use outside of the firewall? ...
    (Focus-Microsoft)
  • Re: Unknown Telnet server
    ... Subject: Unknown Telnet server ... to the telnet server or what is running that shouldn't be. ... So far I have only one tiny hole. ... Chances are that it is ...
    (Focus-Microsoft)
  • RE: Unknown Telnet server
    ... Subject: Unknown Telnet server ... Use fport.exe on the client workstation which will show all the listening ... So far I have only one tiny hole. ...
    (Focus-Microsoft)
  • Unknown Telnet server
    ... security test of their network, using ANY method I can to find holes in the ... So far I have only one tiny hole. ... It's a Telnet server running on ... Chances are that it is ...
    (Focus-Microsoft)