Re: linux pen-test

From: securityfocus@benmansour.net
Date: Fri Aug 05 2005 - 08:05:27 EDT

Next message: A. Ramos: "Re: Password lists"
Previous message: Lohan Spies: "AD password Auditing"
Maybe in reply to: Bruno Kovacs: "linux pen-test"
Next in thread: s0u1d13r s0u1d13r: "Re: linux pen-test"
Reply: s0u1d13r s0u1d13r: "Re: linux pen-test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Hi Bruno,

Running nmap with the -sV or -A options should yield more information.
I would be surprised if ports 25 and 110 do not bind to known services.

The version detection feature of nmap is "active" i.e. is likely to be logged by the application and any intrusion detection device on the target network.

>From http://www.insecure.org/nmap/versionscan.html :

"The new Nmap version scanning subsystem tries to answer all these questions by connecting to open ports and interrogating them for this information using probes that the specific services understand. This allows Nmap to give a much more details assessment of what is really running, rather than just what port numbers are open. Here is a real example:

# nmap -A -T4 -F www.insecure.org

Starting nmap 3.40PVT16 ( http://www.insecure.org/nmap/ ) at 2003-09-06 19:49 PDT
Interesting ports on www.insecure.org (205.217.153.53):
(The 1206 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.1p1 (protocol 1.99)
25/tcp open smtp Qmail smtpd
53/tcp open domain ISC Bind 9.2.1
80/tcp open http Apache httpd 2.0.39 ((Unix) mod_perl/1.99_07-dev Perl/v5.6.1)
113/tcp closed auth
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux Kernel 2.4.0 - 2.5.20
Uptime 108.307 days (since Wed May 21 12:27:44 2003)

Nmap run completed -- 1 IP address (1 host up) scanned in 34.962 seconds"

Good luck,

Skander Ben Mansour

-- 
http://www.benmansour.net/
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Next message: A. Ramos: "Re: Password lists"
Previous message: Lohan Spies: "AD password Auditing"
Maybe in reply to: Bruno Kovacs: "linux pen-test"
Next in thread: s0u1d13r s0u1d13r: "Re: linux pen-test"
Reply: s0u1d13r s0u1d13r: "Re: linux pen-test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:42 EDT