From: Travis Schack (Travis@Vitalisec.com)
Date: Fri Feb 06 2004 - 10:33:29 EST
Several recommendations:
1 - Connect to the port using several methods (i.e., telnet, nc, web browser, etc) and dump the session using TCPDump or Ethereal. Analysis the traffic and see what is going on.
2 - Go to the OPRP at ISECOM (http://www.isecom.info/cgi-local/protocoldb/browse.dsp) and search for known applications that use that port.
3 - Use tools like amap from THC and run against the port to see if it recognizes the port. But, you said you already knew it was webmin.
4 - If you could download the page, try crawling the port.
5 - Try Nikto against the port.
6 - Use a proxy, like achilles, and look at the responses you are getting.
Just a few of many things you could try, if you have not already.
Travis Schack
Vitalisec, Inc.
>I'm currently doing an security audit on a company as a "newbie". After
>scanning the host I leared that several ports were open - including the
>Webmin Port. I tried to connect via Browser to this port but the operation
>timed out. I believe that it is due to the fact that the Webmin Service is
>only available to the localhost. But I am wondering why I was able to connect
>with telnet and download the login-page of Webmin. A simple wget would do the
>same thing.
>
>Can anybody give me some advice and explain why this is that way?
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:48 EDT