RE: RAS Gurus

From: Christaan de Vries (christiaan@apcare.net)
Date: Fri Apr 21 2006 - 08:56:47 EDT

Hi there,

I know some systems wait for YOU to select a service BEFORE prompting
you with username etc to login.. (FYI: Older IBM systems (and/or AT&T)
expected characters like 'a', '.' or '$' for them to start the services
connected to older mainframe appplications; even for Notes they had a
TSO application, just type in a ':' and you can download your .nsf file
updates! :-) Woooot..)

At what speed (and modem protocol) are you connecting? This 'COULD' help
you identify which service it is...

Also, you need to dial DIRECTLY from the modem instead of using programs
like CC and/or PcAnywhere.. They in fact to exactly what I stated above
(identify with a string to select a service) but now you are limited to
PcAnywhere and CC strings, if you dial DIRECTLY from the modem, you can
send you own string types. - Start Hyperterminal and go to COMx.. Then,
type use AT commands to fire up that connection! ATDTxxxxxxxxx

Good luck! ;-)

Regards,
Christiaan de Vries
Apcare BV

-----Original Message-----
From: Shenk, Jerry A [mailto:jshenk@decommunications.com]
Sent: Friday, April 21, 2006 2:50 AM
To: Mohamed Abdel Kader; pen-test@securityfocus.com
Subject: RE: RAS Gurus

Have you tried connecting to it with a simple terminal program to see if
it responds with anything that might give a clue. Try sending a couple
return or control codes each time you connect. Honestly, if THC doesn't
guess what it is, it might be tough to figure out. Try connecting at
different speeds too...maybe it's not autosensing.

-----Original Message-----
From: Mohamed Abdel Kader [mailto:mak.pen@gmail.com]
Sent: Thursday, April 20, 2006 8:10 AM
To: pen-test@securityfocus.com
Subject: RAS Gurus

Good day everyone,

Been war dialing a number and every time I connect it doesn't send me a
prompt to try to log onto the system. I couldn't identify the system
responding.

THC scan simply reported that it detected a carrier... Not that useful
in my
case. I need to identify the system and try to connect with the
respective
client. And possibly bruteforce the device once the login screen shows.

 

Tried pcanywhere and carbon copy as clients and still no information was
disclosed.

 

Any ideas gurus out there??

 

Thanks...

MAK

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic
has the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------

**DISCLAIMER
This e-mail message and any files transmitted with it are intended for
the use of the individual or entity to which they are addressed and may
contain information that is privileged, proprietary and confidential. If
you are not the intended recipient, you may not use, copy or disclose to
anyone the message or any information contained in the message. If you
have received this communication in error, please notify the sender and
delete this e-mail message. The contents do not represent the opinion of
D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic
has the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:51 EDT