RE: Digital UNIX 5.60 recourses

From: Fabrizio Siciliano (fsiciliano@optiumcorp.net)
Date: 08/16/02 

Date: Fri, 16 Aug 2002 11:31:58 -0500
From: "Fabrizio Siciliano" <fsiciliano@optiumcorp.net>
To: "Alex Balayan" <balayan@bigpond.net.au>, <pen-test@securityfocus.com>

Hi Alex.

Aside from the "brute-force" password guessing on telnet and ftp ports,
you should try and look for vulnerabilities associated with the services
that are listening on that box.

Grab some of the banners coming off of those services to see exactly
what version of lets say...ftp, smtp, named (BIND) maybe it's an
exploitable version of bind, http, all the goodies. lpd is also
listening, so look for lpd exploits.

I hope this helps.

./fab

http://www.aisec.net

> -----Original Message-----
> From: Alex Balayan [mailto:balayan@bigpond.net.au]
> Sent: Friday, August 16, 2002 10:01 AM
> To: pen-test@securityfocus.com
> Subject: Digital UNIX 5.60 recourses
>
>
> Hi all,
>
> I am conducting a penetration tests for a client running a cluster of
> Digital UNIX 5.60. All the server are exposed to the Internet.
>
> Below is an output of a nmap scan.
>
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> Interesting ports on client.digital.unix.com(XXX.XXX.XXX.XXX):
> (The 1579 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 23/tcp open telnet
> 25/tcp open smtp
> 53/tcp open domain
> 80/tcp open http
> 110/tcp open pop-3
> 111/tcp open sunrpc
> 139/tcp filtered netbios-ssn
> 143/tcp open imap2
> 436/tcp open dna-cml
> 513/tcp open login
> 514/tcp open shell
> 515/tcp open printer
> 587/tcp open submission
> 1024/tcp open kdm
> 1025/tcp open NFS-or-IIS
> 1026/tcp open LSA-or-nterm
> 1027/tcp open IIS
> 1029/tcp open ms-lsa
> 6000/tcp open X11
> 6112/tcp open dtspc
> 8081/tcp open blackice-icecap

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Unusual ports found in nmap scan
    ... Unusual ports found in nmap scan ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: FW: baby pen-test question
    ... It's better to begin with those ports (TCP, ... Or if you are lucky enough to find an ONC RPC rexd or pcnfsd server running, ... Do a real *vulnerability* scan if at all possible, not one that says 'you may have ... This list is provided by the SecurityFocus Security Intelligence Alert Service. ...
    (Pen-Test)
  • Re: Identify OS?
    ... based on the ports open? ... I'd try and get that vague banner changed. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Scanning for blank admin passwords on a windows box
    ... SNMP queries scan for "interesting" ports, ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Identify OS?
    ... It is definately not a cisco box. ... Looking at the ports that are open, ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)