Well said, I usually treat Digital Unix (True 64) the same as any other version of Unix. Find out what is running on what port (use of netcat, nmap, superscan.exe for banner grabbing and port scanning). And see if there are any known holes. You have sunrpc running on it, so enumerat that. There are quite a few holes in rpc anyways. I also noticed port 139 open. Is it running samba? That could be a possibility. X11 is also a good one to probe. Hope that helps. Dave Morgan AAC Associates, Inc. At 11:31 AM 8/16/2002 -0500, Fabrizio Siciliano wrote: >Hi Alex. > >Aside from the "brute-force" password guessing on telnet and ftp ports, >you should try and look for vulnerabilities associated with the services >that are listening on that box. > >Grab some of the banners coming off of those services to see exactly >what version of lets say...ftp, smtp, named (BIND) maybe it's an >exploitable version of bind, http, all the goodies. lpd is also >listening, so look for lpd exploits. > >I hope this helps. > >./fab > >http://www.aisec.net > > > > -----Original Message----- > > From: Alex Balayan [mailto:balayanat_private] > > Sent: Friday, August 16, 2002 10:01 AM > > To: pen-testat_private > > Subject: Digital UNIX 5.60 recourses > > > > > > Hi all, > > > > I am conducting a penetration tests for a client running a cluster of > > Digital UNIX 5.60. All the server are exposed to the Internet. > > > > Below is an output of a nmap scan. > > > > Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) > > Interesting ports on client.digital.unix.com(XXX.XXX.XXX.XXX): > > (The 1579 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 23/tcp open telnet > > 25/tcp open smtp > > 53/tcp open domain > > 80/tcp open http > > 110/tcp open pop-3 > > 111/tcp open sunrpc > > 139/tcp filtered netbios-ssn > > 143/tcp open imap2 > > 436/tcp open dna-cml > > 513/tcp open login > > 514/tcp open shell > > 515/tcp open printer > > 587/tcp open submission > > 1024/tcp open kdm > > 1025/tcp open NFS-or-IIS > > 1026/tcp open LSA-or-nterm > > 1027/tcp open IIS > > 1029/tcp open ms-lsa > > 6000/tcp open X11 > > 6112/tcp open dtspc > > 8081/tcp open blackice-icecap > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ ----- David S. Morgan CISSP, CCNP aka: captkrasat_private "Honor is a Man's Gift to Himself" Rob Roy MacGregor, Scotland circa 1700 A.D. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 11:39:47 PDT