From: J. K. (pentest_ml@yahoo.com)
Date: Wed Jun 08 2005 - 10:05:00 EDT
Hello fellow pen-testers,
in my current engagement I bumped into a HP-UX
(B.11.11) server protected by a firewall (not an
internet facing firewall, tho).
The only open ports I can connect to are telnet and
9971.
Connecting to 9971 I get the following:
# telnet x.x.x.x 9971
Trying x.x.x.x...
Connected to x.x.x.x.
Escape character is '^]'.
CIMD2-A ConnectionInfo: SessionId = 32551 PortId = 4
Time = 050608153449 AccessType = TCPIP_SOCKET PIN =
630777
Googling around, I found that this daemon should be a
SMSC (Short Message Service Center). I also found that
on HP-UX there are a few SMSC apps available (Locus,
FEELingK,...)
My questions are:
1. Do you know of any vulnerability or attack avenue
on this protocol/service ?
2. Do you know if these SMSC apps install some default
user whose password I can try to guess ?
3. Any other idea ?
Of course I could just fire off Hydra against the
telnet server, but I would like to find something less
noisy ;)
Thanks
j.k.
__________________________________
Discover Yahoo!
Have fun online with music videos, cool games, IM and more. Check it out!
http://discover.yahoo.com/online.html
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:23 EDT