From: Tommy Jakobsen (tommy.jakobsen@telenor.com)
Date: Wed May 07 2003 - 03:18:44 EDT
Just telnet to the server...
telnet <ipadress> 21
then write SYST
And you got the OS....
mvh
Tommy
>Received: (qmail 19260 invoked from network); 3 Feb 2003 19:24:12 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
> by mail.securityfocus.com with SMTP; 3 Feb 2003 19:24:12 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id B82A0A30E1; Mon, 3 Feb 2003 12:22:41 -0700 (MST)
>Mailing-List: contact pen-test-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <pen-test.list-id.securityfocus.com>
>List-Post: <mailto:pen-test@securityfocus.com>
>List-Help: <mailto:pen-test-help@securityfocus.com>
>List-Unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:pen-test-subscribe@securityfocus.com>
>Delivered-To: mailing list pen-test@securityfocus.com
>Delivered-To: moderator for pen-test@securityfocus.com
>Received: (qmail 17784 invoked from network); 3 Feb 2003 18:43:56 -0000
>Subject: Re: Identify OS?
>To: "Nick Jacobsen" <nick@ethicsdesign.com>
>Cc: pen-test@securityfocus.com
>X-Mailer: Lotus Notes Release 5.0.3 March 21, 2000
>Message-ID: <OFF8BE68A9.4AAA9A44-ON86256CC2.005CE397@mastercard.com>
>From: "Martin Wasson" <martin_wasson@mastercard.com>
>Date: Mon, 3 Feb 2003 12:45:07 -0600
>X-MIMETrack: Serialize by Router on MCNSTL40/MASTERCARD(Release 5.0.11
|July 24, 2002) at
> 02/03/2003 12:45:20 PM
>MIME-Version: 1.0
>Content-type: text/plain; charset=us-ascii
>
>
>Nick,
>Here's my two cents. It looks like a commercial version of Unix. My
guess
>is Solaris. The first thing that struck me was port 6112/dtspc. I'm
>pretty sure that is a subprocess of CDE, so I doubt it's a Linux box.
>Kevin is right about it not being a cisco box. There is no way it's
cisco.
>Look at port 7937/7938 open. That's Legato Networker 5.5 or later, it
only
>runs on AIX, Solaris, IRIX, HP-UX, Linux, & Tru64. It also runs on
>windows, but this isn't a windows box. And it doesn't run on cisco. It
>looks like a honeypot or a dead ringer for a newbie install. When you did
>an nslookup, did it return "two-dollar-hooker.i-am-so-owned.com." ? I
>thought so. As was indicated before. Connect to as many ports as you
can,
>and document the versions of the daemons listening from their blathering
>banners. Good luck. I wonder if someone has already compiled a db
>containing what versions of popular daemons are included in various
>releases of *nix. Hope this helps.
>
>
>Marty Wasson
>Global Information Security
>MasterCard International
>(636) 722-2372
>martin_wasson@mastercard.com
>
>
>
> "Nick
Jacobsen"
> <nick@ethicsdesig To: <pen-
test@securityfocus.com>
> n.com> cc: (bcc: Martin
Wasson/STL/MASTERCARD)
> Subject: Identify
OS?
> 01/31/03 01:33
AM
> Please respond
to
> "Nick
Jacobsen"
>
>
>
>
>
>
>Hey All again,
>Could any of you give me an idea of what type of machine the following
>might
>be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a
>network,
>so I am thinking it is some sort of gateway, but what OS/hardware? Below
>is
>the results of telnetting to port 23, and the ruslts of an nmap scan
(tried
>the identify OS option, didn't do sh*t)
>
>Nick J.
>Ethics Design
>nick@ethicsdesign.com
>
><----------------- Telnet results ---------------------------->
>Authorized uses only. All activity may be monitored and reported.
>login: cisco
>Password:
>Login incorrect
><----------------- End Telnet Results ----------------------->
><----------------- Nmap Scan Results ---------------------->
>21/tcp open ftp
>22/tcp open ssh
>23/tcp open telnet
>53/tcp open domain
>111/tcp open sunrpc
>161/tcp filtered snmp
>162/tcp filtered snmptrap
>389/tcp open ldap
>512/tcp open exec
>513/tcp open login
>514/tcp open shell
>1002/tcp open unknown
>1169/tcp open unknown
>1433/tcp filtered ms-sql-s
>1720/tcp open H.323/Q.931
>2410/tcp open unknown
>2785/tcp open unknown
>2786/tcp open unknown
>6000/tcp open X11
>6112/tcp open dtspc
>7937/tcp open unknown
>7938/tcp open unknown
>32774/tcp open sometimes-rpc11
>32775/tcp open sometimes-rpc13
>32778/tcp open sometimes-rpc19
>Too many fingerprints match this host for me to give an accurate OS guess
>TCP/IP fingerprint:
>SInfo(V=3.10ALPHA7%P=i686-pc-windows-windows%D=1/30%Time=3E394B34%O=21%
C=1)
>T1(Resp=N)
>T2(Resp=N)
>T3(Resp=N)
>T4(Resp=N)
>T5(Resp=N)
>T6(Resp=N)
>T7(Resp=N)
>PU(Resp=N)
><--------------------- End Nmap Scan Results ---------->
>
>
>--------------------------------------------------------------------------
-- > >This list is provided by the SecurityFocus Security Intelligence Alert >(SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > > > > > > >-------------------------------------------------------------------------- -- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT