From: Bart Somers (bart@doornenburg.homelinux.net)
Date: Tue Sep 23 2003 - 15:02:52 EDT
Hi John,
Just a quick sum off ideas:
Try to use
*) amap http://www.thc.org/download.php?t=r&d=amap-4.3.tar.gz
against the port, although i'm not sure if they allready support much
databases.
*) Nmap 3.45. They support from 3.45 version-checking and maybe they can
offer you some version
*) netcat instead of telnet. Maybe the telnetclient send some ^M or
whatever the database don't like.
If this all doesn't provide you help, try to connect to a nearby switch
and start ettercap ( http://ettercap.sourceforge.net ) to fool it and
send all the traffic via your laptop (pc?). Capture the traffic and try
to figure out what the clients are sending to you.
Hope this helps.
Regards,
Bart
John the Kiwi wrote:
> Hi all
>
> I have a remote database to pen test. It runs on port 2000 and has no
> banners. I cannot establish a telnet session without it dropping me
> instantly.
>
> I would like to do one of two things for my customer:
>
> Either sniff the records to a text file as they go to the client (I only
> need to grab email addresses as they come to the client from the server)
>
> or
>
> Figure out how to connect to the database and extract the records
>
> I'm not looking for a canned solution, more a quick summary of tools and
> processes that I should be trying.
>
> I'm sure this is covered a lot but I've searched the list and google and
> haven't found any information on service identification when no banners
> are present and it runs on a non standard port. I'm sure it's my search
> strings but any pointers would be greatly appreciated.
>
> John the Kiwi
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT