Re: Port 9090 WServer??

From: xyberpix (xyberpix@xyberpix.com)
Date: Tue May 17 2005 - 18:38:18 EDT

• Next message: Ølstad, Roger: "penetrating web-based authentication if you know one of the usernames"
• Previous message: Joachim Schipper: "Re: Netcat through Squid HTTP Proxy"
• In reply to: Nathan Einwechter: "RE: Port 9090 WServer??"
• Next in thread: Anders Thulin: "Re: Port 9090 WServer??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

Just like to say thanks to everyone that replied.
I've got more than enough to go on now.

xyberpix

On 17 May 2005, at 19:25, Nathan Einwechter wrote:

> Looks to me as though they're using telnet to do client-server
> communications/commands. This could definitely be a possible
> vulnerability point.
>
> If this is the case, I would suggest you can do one of a few things.
>
> 1) Do a little reverse engineering on the programs to find some
> interesting strings that may be commands etc..
> 2) Place the software into a test environment and sniff the exchanges
> to
> and from this port during normal operation.
>
> These should give you a general idea of what the server expects and,
> potentially, where you could cram it full of data to create a buffer
> overflow, information leakage, etc.
>
> -- Nathan
>
> -----Original Message-----
> From: xyberpix [mailto:xyberpix@xyberpix.com]
> Sent: Tuesday, May 17, 2005 11:12 AM
> To: pen-test@securityfocus.com
> Subject: Port 9090 WServer??
>
> Hi All,
>
> I am evaluating a bit of kit here, and it has 3 open ports on it, 22,
> 9090
> and 30000.
> 22 is obviously ssh, as I have an account on the device, and using ssh
> to
> gain access drops me into a restricted shell.I have tried a couple of
> way
> of breaking out of this, and none of them seem to work, so if anyone
> has
> any sure fire ways to break out of a restricted shell, would they
> please
> be kind enough to share them.
> The next interesting point about the device is that if I telnet to port
> 9090, this is what I get:
>
> xyberpix@su621unix1> telnet hmc 9090
> Trying 10.163.8.42...
> Connected to sa44bshmc01.
> Escape character is '^]'.
>
>
> ---> Now I hit Enter a couple of times and get this:
>
> Language received from client:
> Setlocale: C
> Memory fault
> WServer.HANDSHAKING 30001 WServer.HANDSHAKING
> Connection to sa44bshmc01 closed by foreign host.
> xyberpix@su621unix1>
>
> Does anyone know of anyway that I could try and use this to my
> advantage,
> as it looks hopefull, but I'm not too sure?
>
> TIA
>
> xyberpix
>
>
>
>
For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCinJbcRMkOnlkwMERAkS6AJ9X4YCIqToJP/r/SXE6HUdT2U2TyACcCuzf
HBP20/stqq4Sbz0p23ecYSw=
=4Poh
-----END PGP SIGNATURE-----

• Next message: Ølstad, Roger: "penetrating web-based authentication if you know one of the usernames"
• Previous message: Joachim Schipper: "Re: Netcat through Squid HTTP Proxy"
• In reply to: Nathan Einwechter: "RE: Port 9090 WServer??"
• Next in thread: Anders Thulin: "Re: Port 9090 WServer??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:21 EDT