Mystery service on tcp/205
From: Andrew Simmons (andrew.simmons@mis-cds.com)
Date: 03/19/03
- Previous message: gilles.lami@hays-dsia.fr: "Bluetooth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 Mar 2003 16:03:48 -0000 From: Andrew Simmons <andrew.simmons@mis-cds.com> To: pen-test@securityfocus.com('binary' encoding is not supported, stored as-is)
Hi all,
pen-testing a slightly unusual IIS 5 box. Along with
FTP, HTTP, NNTP (slightly odd... this is a corporate
webserver for the Greek branch of a large transnational
corporation), it's listening on TCP port 205. This is
listed as an unused Appletalk port.
Telnetting to it is most intriguing..:
[andrews@asdfgh andrews]# telnet
foo.bar.123-123-123-123.gr 205
Trying 123.123.123.123...
Connected to foo.bar.123-123-123-123.gr (123.123.123.123).
Escape character is '^]'.
HELP
2,0,Login required
quit
closeogin required
2,0,Login required
It sits there responding "2,0,Login required" to any
input. I've tried all the obvious strings with no
avail. My Linux telnet is seeing only a carriage return
rather than cr/nl pair, presumably because the target's
a Windows machine.
Does anyone have any idea what this could be? I've
Googled, searched the sec-focus archives etc to no avail.
----------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does. Plug your security holes now!
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html
- Previous message: gilles.lami@hays-dsia.fr: "Bluetooth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
