pen testing management and control system

From: Ronen Gottlib (ronen@avnet.co.il)
Date: Fri Jun 27 2003 - 04:54:26 EDT

• Next message: Craig H. Rowland: "RE: protocol analysis"
• Previous message: Cade Cairns: "protocol analysis"
• Next in thread: Rob Shein: "RE: pen testing management and control system"
• Reply: Rob Shein: "RE: pen testing management and control system"
• Maybe reply: Jason.North@ch2m.com: "RE: pen testing management and control system"
• Maybe reply: Ronen Gottlib: "RE: pen testing management and control system"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

I am pen testing a windows 2000 advanced server, with some kind of
management and control software (e.g. Tivoli, Netcool). The system has
IIS 6.0 running with lockdown enabled.

When I tried to run nessus, my ip was blocked for quite a long time.
same happened with nikto.

Further more, although quite a few ports were found to be open on the
remote machine, the management and control application is blocking the
most of them while allowing access only to the following: 21, 23(ms
telnet server), 25(Microsoft ESMTP MAIL Service, Version:
6.0.2600.1106), 80 (Microsoft-IIS/6.0), 110 (Microsoft Windows POP3
Service Version 2.0), 3389.

The system is also running Hummingbird Exceed.

Does anyone have any idea? I've kind of reached a dead end.
Below is the results of an Nmap, if it helps.

Thank you very much for your help-

Ronen.

Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
98/tcp open linuxconf
110/tcp open pop-3
111/tcp open sunrpc
135/tcp open loc-srv
143/tcp open imap2
161/tcp open snmp
443/tcp open https
1080/tcp open socks
1433/tcp open ms-sql-s
1494/tcp open citrix-ica
1720/tcp filtered H.323/Q.931
1723/tcp filtered pptp
3389/tcp open ms-term-serv
4000/tcp filtered remoteanything
5135/tcp open unknown
5631/tcp open pcanywheredata
5632/tcp open pcanywherestat
5900/tcp open vnc
6112/tcp open dtspc
6660/tcp filtered unknown
6661/tcp filtered unknown
6662/tcp filtered unknown
6663/tcp filtered unknown
6664/tcp filtered unknown
6665/tcp filtered unknown
6666/tcp filtered irc-serv
6667/tcp filtered irc
6668/tcp filtered irc
6669/tcp filtered unknown
8875/tcp filtered unknown
28900/tcp filtered unknown

---------------------------------------------------------------------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get
trustworthy commercial-grade exploits and the latest techniques from a
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1
or call 617-399-6980
----------------------------------------------------------------------------

• Next message: Craig H. Rowland: "RE: protocol analysis"
• Previous message: Cade Cairns: "protocol analysis"
• Next in thread: Rob Shein: "RE: pen testing management and control system"
• Reply: Rob Shein: "RE: pen testing management and control system"
• Maybe reply: Jason.North@ch2m.com: "RE: pen testing management and control system"
• Maybe reply: Ronen Gottlib: "RE: pen testing management and control system"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT