Re: Unusual ports found in nmap scan

From: Aaron Higbee (aaronat_private)
Date: Fri Mar 01 2002 - 08:49:29 PST

Next message: Ofir Arkin: "RE: VOIP as Gateway"

Previous message: rginskiat_private: "VOIP as Gateway"
In reply to: Nessim Kisserli: "Re: Unusual ports found in nmap scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Dave,

If you do a few searches you will see that 445 is the new "NetBios"
(kinda.)  Microst-DS, or Microsoft Directory Services. It's great for
penetration testers because a lot of firewall admins have blocked the
standard Netbios ports.

Quick Tip:  Netbios brute force attacks with brutus work fine if you change
the target port from 139 to 445.

Quick Tip #2:  Null session enumeration works over 445 too. Yay!

--Aaron Higbee




> hi Dave,
>
> NtWaK0 released an advisory to bugtraq on 15/02/2002 dealing with port
> 445,  here's a quick extract:
>
> 	TCP/UPD port 445 is open by default on a Fresh installed XP
box.
> 	 : The attack is seriouse since it work remotly and can make the CPU
> 	100 % : in less then 20 Second.
>
> you can find the full text at:
> http://online.securityfocus.com/archive/1/256830
>
> it might not help with port enumeration but it could shed some light on
> the  machine's os..
>
> good luck,
> nessim
>
>
> On Wednesday 27 Feb 2002 6:12 pm, you wrote:
>> Hello All
>>
>> I'm currently pentesting a client and nmap reports that a particular
>> host has the following ports open: 82/tcp
>> 445/tcp
>> 447/tcp
>
> <snip>
>
>> Does anyone have any further information on these ports and what sort
>> of application might be running using these open ports (assuming they
>> are what they say they are!)
>>
>> Also assuming it's Win2K are there any tools for enumeration on port
>> 445?
>>
>> All help appreciated
>>
>> Dave
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA) Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see: https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Ofir Arkin: "RE: VOIP as Gateway"
Previous message: rginskiat_private: "VOIP as Gateway"
In reply to: Nessim Kisserli: "Re: Unusual ports found in nmap scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 18:58:08 PST