RE: Anyone know this ?

From: Kevin (kevin_at_kevincomputers.com.sg)
Date: 03/19/04

  • Next message: Rogan Dawes: "Re: Evading IDS?" 
    To: <pen-test@securityfocus.com>
Date: Sat, 20 Mar 2004 01:21:07 +0800

    It is a FTP server, running on a non-standard port to avoid detection.

    Pubstro is a term used by warez. You might have stepped into a FTP
    server used to host illegal contents, might be intentional or
    unintentional.

    You might wanna read this http://www.esec.dk/pubstro.pdf

    Kevin, Singapore.

    -----Original Message-----
    From: tester pen [mailto:apentester@yahoo.com.cn]
    Sent: Friday, March 19, 2004 3:37 PM
    To: pen-test@securityfocus.com
    Subject: Anyone know this ?

    hi,all.
    when i'm doing a pen-test on a win2k server box,i
    found a port TCP 282
    is open,and when i try to telnet it,the response is
    below:
     
    220-welcome to this capricorn pubstro!
    220-...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::..
    .:::...:
    ::...:
    220-..::
    220-..:: Welcome @ This
    220-..::
    220-..:: Capricorn PubStro
    220-..::
    220-..:: 3njoy
    220-..::
    220-...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::..
    .:::...:
    ::...:
    220-..::
    220-..:: Rulez:
    220-..:: Dont Hammer
    220-..:: Dont ReHack
    220-..:: Dont Scan This IP Range
    220-..:: Dont Delete
    220-..:: No Lame One-Word Relies
    220-..:: Dont RePost Or Give Infos - That Makes You A
    Lamer
    220-..:: Have Fun
    220-..::
    220-...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::..
    .:::...:
    ::...:
    220-..::
    220-..:: Current Uptime .................: 37 Days, 9
    Hours, 26
    Minutes, 24 Sec
    onds
    220-..:: Total KB's Uploaded ..........: 94 KB
    220-..:: Total KB's Downloaded ......: 0 KB
    220-..:: Total File's Uploaded .......: 2
    220-..:: Total File's Downloaded .....: 0
    220-..:: Average Throughput .......: 0.000 KB/sec
    220-..:: Current Bandwith .............: 0.000 KB/sec
    220-..:: No Users Logged In .........: 1
    220-..:: Max Allowed Users ...........: -1
    220-..:: No Total users ................: 1
    220-..::
    220-...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::..
    .:::...:
    ::...:
    220-..::
    220-..:: 15992.90 MB free
    220-..:: 1 users connected
    220-..:: 0.000 KB/sec is in use
    220-..::
    220
    ...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::...:::
    ...:
    ::...:
    421 Maximum session time exceeded - closing.
     
    i googled it,both about "TCP Port 282" & "Capricorn
    PubStro
    "(the keyword),but i got nothing :(
     
    it looks like a ftp server? 220,421
    anyone who recoganize this ?
     
    thx.
    sorry for my poor english.

    _________________________________________________________
    Do You Yahoo!?
    完全免费的雅虎电邮,马上注册获赠额外60兆网络存储空间
    http://cn.rd.yahoo.com/mail_cn/tag/?http://cn.mail.yahoo.com

    ------------------------------------------------------------------------ 

    ---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
  • Next message: Rogan Dawes: "Re: Evading IDS?"

    Relevant Pages

    • RE: Anyone know this ?
      ... A pubstro is a high speed, ... The "Capricorn" is probably a knock-off of the Serv-U-FTP server. ... 220-..:: Dont Hammer ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Pen-Test)
    • RE: Anyone know this ?
      ... Common hack ways used by FXP Team are IIS double-decode vulnerability, low secured password for sa user on MS SQL Server, IPC connection, etc. ... FXP is FTP Server to FTP Server transfers, the client just send the commands, traffic is directly between the 2 FTP Servers ... 220-..:: Dont Hammer ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Pen-Test)
    • RE: sftp error
      ... It sounds like there might be an ACL on the FTP server blocking the OS X ... unauthorized disclosure or use of any Confidential Information. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: ftp setup
      ... I dont have the answer, and it appears that the other's havent been able ... >I installed IIS and setup FTP. ... i cant log on to my ftp ... > setup the ftp server and all the folders but it keeps locking me out ...
      (microsoft.public.inetserver.iis.ftp)
    • Not allowing annonoumus access with FTP
      ... We have put in a ftp server as a way of sharing files (dont ask...I dont ... permissions on there to secure it down so only certain users or created ... Is it done with AD in setting up a user account and then giving that user ...
      (microsoft.public.inetserver.iis.security)
    Loading