Re: Remote connection to Webmin Service (Port 10000)

From: sil (jesus@resurrected.us)
Date: Thu Feb 05 2004 - 13:52:19 EST

• Next message: Rob Shein: "RE: password cracking a web form, tried hydra and brutus"
• Previous message: Wu Fei Liang: "Re: Remote connection to Webmin Service (Port 10000)"
• In reply to: Wu Fei Liang: "Remote connection to Webmin Service (Port 10000)"
• Next in thread: Travis Schack: "Re: Remote connection to Webmin Service (Port 10000)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 3 Feb 2004, Wu Fei Liang wrote:

> Hello everyone!
>
> I'm currently doing an security audit on a company as a "newbie". After
> scanning the host I leared that several ports were open - including the
> Webmin Port. I tried to connect via Browser to this port but the operation
> timed out. I believe that it is due to the fact that the Webmin Service is
> only available to the localhost. But I am wondering why I was able to connect
> with telnet and download the login-page of Webmin. A simple wget would do the
> same thing.
>
> Can anybody give me some advice and explain why this is that way?
>

I suppose many should know this already but here is my take on this.

Firstly following the well known services (ports and the programs they
use) lists should not be the 'de facto' standard when assessing what
exactly is running on a given port. e.g. If I configured ssh to listen on
port 80 - albeit stupid - does not mean that because port 80 shows up as
listening on a scan, is running an httpd server. Services lists aren't
always a given.

Now you state you downloaded the login-page but were unable to do anything
more. It could be some form of configuration such as an access list
blocking anything not given for your address.

Consider this. For one of my personals sites I have Squid configured to
run as a proxy server using the domain so I can connect from work to avoid
giving out information about the company I'm working for. I have an
extensive acl list on it. Sure you can reach the port, but you can't do
nothing else with it.

On top of that, I have mod_security settings which re-check to make sure
those ranges I do allow in, meet the criteria I chose.

Perhaps a) there are certain rules in place via a configuration on the
program itself. b) The server/service is running something similar to a
mod_security based scheme. c) Some form of other auth/sec service is
running checks to block out connections that meet or don't meet the
criteria.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The most tyrannical of governments are those which make
crimes of opinions, for everyone has an inalienable
right to his thoughts." -- Benedict Spinoza

J. Oquendo //sil

http://www.kungfunix.net http://www.politrix.org
http://www.infiltrated.net http://bush.shafted.us

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Rob Shein: "RE: password cracking a web form, tried hydra and brutus"
• Previous message: Wu Fei Liang: "Re: Remote connection to Webmin Service (Port 10000)"
• In reply to: Wu Fei Liang: "Remote connection to Webmin Service (Port 10000)"
• Next in thread: Travis Schack: "Re: Remote connection to Webmin Service (Port 10000)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT