Re: IRC bot?
From: Javier Fernandez-Sanguino (jfernandez_at_germinus.com)
Date: 09/16/03
- Previous message: morning_wood: "Re: NAT.EXE Exceptions"
- In reply to: Bryan Miller: "IRC bot?"
- Next in thread: Carlos Eduardo Pinheiro: "Re: IRC bot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Sep 2003 12:08:32 +0200 To: Bryan Miller <BMiller@sycomtech.com>
Bryan Miller wrote:
> During a pen test yesterday I came across TCP port 6501. Upon
> connecting to it via Netcat, I received the following screen:
>
> 220-W4A BotServ 2.0
> 220-==============================================
>
(...)
> Has anyone seen this before?
Not me.
> Am I correct in assuming it's some form of IRC bot? If so, how do I
talk to it to verify? Does it have some interesting uses?
It looks more like an FTP server to me:
1.- It uses '220' as a reply code, as defined in STD00009 ('220 Service
ready for new user.')
2.- it mentions KB downloaded/uploaded
3.- it mentions free disk space.
Try logging into it (USER/PASS) to see what it returns.
Javi
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
- Previous message: morning_wood: "Re: NAT.EXE Exceptions"
- In reply to: Bryan Miller: "IRC bot?"
- Next in thread: Carlos Eduardo Pinheiro: "Re: IRC bot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
