Re: Port 7777 oddities

From: Security (security@ddiction.com)
Date: Fri Aug 22 2003 - 01:12:56 EDT

• Next message: LATRECHE Abdelbaset: "Re: Using Firewall enumeration tools"
• Previous message: Anders Thulin: "Re: Pen Test mistake"
• In reply to: Alberto Guglielmo: "Re: Port 7777 oddities"
• Next in thread: Gerald Eisenhaur: "Re: Port 7777 oddities"
• Reply: Gerald Eisenhaur: "Re: Port 7777 oddities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If these are *nix boxes, do a quick
nmap -sT IPhere -p7777 -I
nmap -sU IPhere -p7777 -I

I'd also suggest firing up ethereal before establishing a connection to
the port and see what the server is responding with, might provide some
clues.

Also as a quick note, a google search for "1 has joined." came up with
virtually nothing except IRC references.

Good luck with the hunt!

Tremaine Lea
security@ddiction.com

On Thu, 2003-08-21 at 01:45, Alberto Guglielmo wrote:
> Should be an Unreal Tournament server. 7777 is the game join port (the
> actual game port is > 7777, one per gamer). But the port is UDP so I don't
> understand fully your "connect to it".... Anyway you can test it using the
> game :-) Look if the same server has the 7776 TCP port open (should be the
> default web admin port)....
> Regards
>
> Alberto Guglielmo
>
>
> ----- Original Message -----
> From: "Nick Jacobsen" <nick@ethicsdesign.com>
> To: <pen-test@securityfocus.com>
> Sent: Wednesday, August 20, 2003 6:55 PM
> Subject: Port 7777 oddities
>
>
> Hey there, hoping I could get some help...
>
> I am doing a blind penetration test for a local ISP, and on one of their
> *nix boxes, I came accross port 7777 open. When I connection to it
> (using netcat), I get the message "1 has joined."... but I can get
> nothing else out of it, no matter what I try. any idea on what this
> might be?
>
> Thanks,
> Nick Jacobsen
> Ethics Design
> nick@ethicsdesign.com <mailto:nick@ethicsdesign.com>
>
>
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier
> technical IT security event. Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
> ----------------------------------------------------------------------------
>

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: LATRECHE Abdelbaset: "Re: Using Firewall enumeration tools"
• Previous message: Anders Thulin: "Re: Pen Test mistake"
• In reply to: Alberto Guglielmo: "Re: Port 7777 oddities"
• Next in thread: Gerald Eisenhaur: "Re: Port 7777 oddities"
• Reply: Gerald Eisenhaur: "Re: Port 7777 oddities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT