From: methodic@libpcap.net
Date: Wed Jun 04 2003 - 16:41:00 EDT
Given that it comes back with a NETBIOS string, id run something like
nbaudit on that port...
On Wed, Jun 04, 2003 at 10:34:55AM +1000, Patrick Webster wrote:
> Hi All,
>
> Whilst doing a pen-test I came across a Windows NT4 box with IIS4. After
> doing a port scan, I noticed, among others, that port 41523 was open.
>
> Using Amap, the result returned is unknown, however the data given is:
>
> Response received from xxx.xxx.xxx.xxx port 41523 tcp (length 8 bytes):
> 0000: 424e 4532 3937 4400
> ASCII: "NETBIOS_HOSTNAME" <= I've replaced the real hostname
> Unidentified ports: 41523/tcp (total 1).
>
> I've searched google without any luck. Does anyone know what this may
> be? I don't have access to the machine to run fport.exe or similar.
> Below is the results of an Nmap, if it helps.
>
> ort State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 80/tcp open http
> 81/tcp open hosts2-ns
> 88/tcp open kerberos-sec
> 135/tcp open loc-srv
> 139/tcp open netbios-ssn
> 443/tcp open https
> 1027/tcp open IIS
> 1038/tcp open unknown
> 1041/tcp open unknown
> 1433/tcp open ms-sql-s
> 4899/tcp open radmin
> 6050/tcp open arcserve
> 8314/tcp open unknown
> 41523/tcp open unknown
>
> Thanks,
>
> -Patrick
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
-- + Cannot find nsabackdoor.dll. Please reinstall Windows. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:34 EDT