RE: Pen test, tcp/1404 found - advice needed

From: Craig Wright (cwright@bdosyd.com.au)
Date: Fri Sep 16 2005 - 22:29:51 EDT

As stated on a prior post - get some training
 
People who try to pass as being capable of doing something they can not and who do not seek to remidy this are one of the major issues in the security industry. Start learning, start acting professionally and stop the generally unprofesional attitudes to the field of enterprise you profess to have the requisite knowledge.
 
The nomenclature "Sekurity Wizard" does nothing to help your case. If you think I am being mean, welcome to the real world. The attidutes of pseudo professionals with "no clue" harm the clients they profess to aid, the profession I love and society as a whole.
 
If you wish to learn I support your enterprise wholeheartedly. The issue is that you need to learn the job prior to doing it. Who would feel ok having a physician who had not completed university operate on them? The same applies where - learn first, than operate.
 
Craig

        -----Original Message-----
        From: Sekurity Wizard [mailto:s.wizard@boundariez.com]
        Sent: Fri 16/09/2005 10:44 PM
        To: pen-test@securityfocus.com
        Cc:
        Subject: RE: Pen test, tcp/1404 found - advice needed
        
        

        SOCAT results are below:
        
        <results>
        
        ICA
        ICA
        ICA
        
        </results>
        
        That ICA is repeated every 10 seconds or so, of after a carriage return
        into the port. Obviously it's a Citrix ICA box - the problem is how to
        get it to do my bidding...
        
        S.Wiz
        
        
        -----Original Message-----
        From: Andre Ludwig [mailto:andre.ludwig@gmail.com]
        Sent: Thursday, September 15, 2005 4:14 PM
        To: Luke Eckley
        Cc: Sekurity Wizard; pen-test@securityfocus.com
        Subject: Re: Pen test, tcp/1404 found - advice needed
        
        Use your level 45 remote service enumeration spell! Be careful, as you
        wouldn't want your spell to trigger a recasting of "Perimeter ACL
        Blast". Unless of course you have learned the always handy "Unholy
        0-day of Reckoning"; hell, that has its caveats. Of course, being a
        Sekurity Wizard, you know all of this already, as opposed to a lowly
        mage such as myself.
        
        If all else fails, you may heed the guidance that the others have
        provided. I hasten to suggest usage of a network fuzzer but none the
        less you may try it.
        
        Another possible solution (using socat), this will only read the first
        1000 bytes of output.
        
        socat - tcp:yourtargetip:1404,readbytes=1000
        
        http://www.dest-unreach.org/socat/doc/socat.html#EXAMPLES
        
        Dr3
        "security mage and jester"
        
        On 9/15/05, Luke Eckley <luke@xifos.org> wrote:
> Sekurity Wizard wrote:
> > Hey folks,
> > Found tcp/1494 open to a server during a pen test, black-box
> > style. Are there any interesting tools that may be available to
> > extract information from the server on the receiving end?
>
> The easiest thing to do is telnet (or use netcat) to the port to see
> if it responds with a version or any other information.
>
> Also if you know the OS, then just google for that port and narrow
> down your results by OS.
>
> Luke
>
> ----------------------------------------------------------------------
> -------- Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site
        scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------
>
>
        
        
        
        ------------------------------------------------------------------------------
        Audit your website security with Acunetix Web Vulnerability Scanner:
        
        Hackers are concentrating their efforts on attacking applications on your
        website. Up to 75% of cyber attacks are launched on shopping carts, forms,
        login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
        futile against web application hacking. Check your website for vulnerabilities
        to SQL injection, Cross site scripting and other web attacks before hackers do!
        Download Trial at:
        
        http://www.securityfocus.com/sponsor/pen-test_050831
        -------------------------------------------------------------------------------
        
        

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT