RE: "MIPS" Pentesting



For the nmap scan, all I get is:

Interesting ports on 192.168.5.2:
Not shown: 99 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet ZKSoftware ZEM300 embedded linux telnetd (Kernel 2.4.20; MIPS)
Service Info: Host: Treckle; OS: Linux

I did a UDP scan but no ports were open, so I couldn't use SNMP to gather data that would allow me to access the device's login hash. A TCP scan reveals only one open port, 23. I'm still prompted for a login when I connect to port 23. It doesn't seem to use default passwords like Admin, admin, password, etc, and I couldn't find a default password for this device in any default password list. I tried to force a buffer overflow into the device by using a very long password string by doing:

ncat 192.168.5.2 23 < /dev/random

and at the same time I was Hping'ing the device to check it's uptime. But it didn't reboot...That's all the info I have on the device. If I get a shell, I'll post info on how the compiler compiles my exploits, and how exploits, if possible, work under this device.

--- On Mon, 1/4/10, Reggie Wheeler <wheeler90@xxxxxxxxxxx> wrote:

From: Reggie Wheeler <wheeler90@xxxxxxxxxxx>
Subject: RE: "MIPS" Pentesting
To: "'Elliot Fernandes'" <elliotfernandes@xxxxxxxxx>
Date: Monday, January 4, 2010, 5:28 PM
I found some information that may
help you and anyone else wondering what it
is that you found.  There is way too much to put in an
email so I will just
give the links. http://en.wikipedia.org/wiki/MIPS_architecture This
link
will explain to you what a MIPS processor is, who created
them and how they
are used today.
http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:of
ficial&ei=aetBS9ffPMKUtgfJ4byJCQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0
CAYQBSgA&q=Linux+MIPS&spell=1 This google link will
give you all of the
information you want on MIPS linux porting and the
different Linux flavors
that can be ported to work with the MIPS processor.

Hope this helps you out please post more info I am curious
to know what you
found.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
On
Behalf Of Elliot Fernandes
Sent: Monday, January 04, 2010 6:33 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: "MIPS" Pentesting

When testing a network, I was using nmap and I came up with
a system that
had port 23 open. So I netcat'ed into it and I got:

Welcome to Linux (ZEM300) for MIPS
Kernel 2.4.20 Treckle on an MIPS

Has anyone come across this before? It seems to be a login
point for a
security device (physical security) at the network. Thing
is, I have no
documentation on the "MIPS", neither from google or from
anywhere else.
Anyone got ideas on this? And I'm running hydra with a
wordlist, and a
bruteforcer at the same time on it.


     

------------------------------------------------------------------------
This list is sponsored by: Information Assurance
Certification Review Board

Prove to peers and potential employers without a doubt that
you can actually
do a proper penetration test. IACRB CPT and CEPT certs
require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------







------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages