Re: linux pen-test

From: okrehel@loews.com
Date: Fri Aug 05 2005 - 09:06:00 EDT

Next message: Omar Herrera: "Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)"
Previous message: Adli Abdul Wahid: "Re: linux pen-test"
In reply to: Bruno Kovacs: "linux pen-test"
Next in thread: Chris Benedict: "Re: linux pen-test"
Reply: Chris Benedict: "Re: linux pen-test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Bruno,

Tried to get application versions of these services and see if they have
any security flaws reported in the past.
Use "nc" or "telnet" to service, grab banners. SMTP maybe can list users,
port 80 could have
a web server with cgi or some application running bugs, run nikto or others
CGI scanners.
Maybe you can upload some code into the web server. Be creative.
Maybe 110 pop3 can give you some info about users, perhaps you can brute
force some accounts there, etc...

Ondrej Krehel

             "Bruno Kovacs"
             <bruno@saga.com.b
             r> To
                                       <pen-test@lists.securityfocus.com>
             08/04/05 02:40 PM cc

                                                                   Subject
             Please respond to linux pen-test
              "Bruno Kovacs"
             <bruno@saga.com.b
                    r>

Hi,

Im pen-testing a linux system and I could port-scan the following open tcp
ports:

21
25
53
59
80
110
119
143
443

Strangely, there is this 59 port open. I googled it and it seems to be a
mIRC DCC Server.
Didnt help too much.

I know port 80 and 443 are running Apache 2.0.40 and there are a few bugs
about it,
but nothing really scaring. I cant grab other apps version even with amap.

As I dont have local access, I get frustrated cause the only thing I can
think is exploiting some app remotely.

Any suggestions ? I need at least a shell.
I´ve looked Metasploit exploits but the are no one appropriate.

Bruno Kovacs (CCSE)

Bruno Kovacs (CCSE)
Saga Sistemas e Computadores S.A.
Tel: +55 21 2518-3161
bruno@saga.com.br

------------------------------------------------------------------------------

FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Next message: Omar Herrera: "Re: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)"
Previous message: Adli Abdul Wahid: "Re: linux pen-test"
In reply to: Bruno Kovacs: "linux pen-test"
Next in thread: Chris Benedict: "Re: linux pen-test"
Reply: Chris Benedict: "Re: linux pen-test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:42 EDT