Re: Port 7777 oddities

From: Security (security_at_ddiction.com)
Date: 08/22/03

  • Next message: Anders Thulin: "Re: Pen Test mistake" 
    Date: Thu, 21 Aug 2003 23:12:56 -0600
To: pen-test@securityfocus.com

    If these are *nix boxes, do a quick
    nmap -sT IPhere -p7777 -I
    nmap -sU IPhere -p7777 -I

    I'd also suggest firing up ethereal before establishing a connection to
    the port and see what the server is responding with, might provide some
    clues.

    Also as a quick note, a google search for "1 has joined." came up with
    virtually nothing except IRC references.

    Good luck with the hunt!

    Tremaine Lea
    security@ddiction.com

    On Thu, 2003-08-21 at 01:45, Alberto Guglielmo wrote:
    > Should be an Unreal Tournament server. 7777 is the game join port (the
    > actual game port is > 7777, one per gamer). But the port is UDP so I don't
    > understand fully your "connect to it".... Anyway you can test it using the
    > game :-) Look if the same server has the 7776 TCP port open (should be the
    > default web admin port)....
    > Regards
    >
    > Alberto Guglielmo
    >
    >
    > ----- Original Message -----
    > From: "Nick Jacobsen" <nick@ethicsdesign.com>
    > To: <pen-test@securityfocus.com>
    > Sent: Wednesday, August 20, 2003 6:55 PM
    > Subject: Port 7777 oddities
    >
    >
    > Hey there, hoping I could get some help...
    >
    > I am doing a blind penetration test for a local ISP, and on one of their
    > *nix boxes, I came accross port 7777 open. When I connection to it
    > (using netcat), I get the message "1 has joined."... but I can get
    > nothing else out of it, no matter what I try. any idea on what this
    > might be?
    >
    > Thanks,
    > Nick Jacobsen
    > Ethics Design
    > nick@ethicsdesign.com <mailto:nick@ethicsdesign.com>
    >
    >
    >
    > ---------------------------------------------------------------------------
    > Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier
    > technical IT security event. Modeled after the famous Black Hat event in
    > Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    > Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
    > ----------------------------------------------------------------------------
    >

  • Next message: Anders Thulin: "Re: Pen Test mistake"

    Relevant Pages

    • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
      ... When Nmap (or many ... > other applications, such as Telnet) does a connectcall, the OS is ... > supposed to choose a good souce port to bind to for the connection. ... I saw a familiar "Connection reset by peer" every time the random port ...
      (Incidents)
    • Re: Yes, trying to hack a remote control
      ... I attempted a telnet into that port, and it asked for a username/pass, ... and then upload a modified firmware to the remote. ... The latest versions of nmap have a feature whereby you can run scans ...
      (Security-Basics)
    • Re: how nmap can know my firewalled servers ?
      ... UDP or ICMP protocol), it will mark the port as closed. ... descrition, how NMAP determins, if the UDP port is open or closed. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
      (Security-Basics)
    • Re: FW: baby pen-test question
      ... I ALWAYS do an nmap sweep of varying degrees. ... As for testing a large network, I primarily base my efforts on the mission ... My first question is about port scanning. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: Help understanding NMAP results
      ... >to do with IT) but I have been playing with old computers and Linux in my ... and is set to default DROP any packets ... Went over to a friend's house, and ran an NMAP scan against myself ... You could listen on that port and see what traffic is passing when you ...
      (Security-Basics)