('binary' encoding is not supported, stored as-is) In-Reply-To: <OFF8BE68A9.4AAA9A44-ON86256CC2.005CE397at_private> Just telnet to the server... telnet <ipadress> 21 then write SYST And you got the OS.... mvh Tommy >Received: (qmail 19260 invoked from network); 3 Feb 2003 19:24:12 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 3 Feb 2003 19:24:12 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id B82A0A30E1; Mon, 3 Feb 2003 12:22:41 -0700 (MST) >Mailing-List: contact pen-test-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <pen-test.list-id.securityfocus.com> >List-Post: <mailto:pen-testat_private> >List-Help: <mailto:pen-test-helpat_private> >List-Unsubscribe: <mailto:pen-test-unsubscribeat_private> >List-Subscribe: <mailto:pen-test-subscribeat_private> >Delivered-To: mailing list pen-testat_private >Delivered-To: moderator for pen-testat_private >Received: (qmail 17784 invoked from network); 3 Feb 2003 18:43:56 -0000 >Subject: Re: Identify OS? >To: "Nick Jacobsen" <nickat_private> >Cc: pen-testat_private >X-Mailer: Lotus Notes Release 5.0.3 March 21, 2000 >Message-ID: <OFF8BE68A9.4AAA9A44-ON86256CC2.005CE397at_private> >From: "Martin Wasson" <martin_wassonat_private> >Date: Mon, 3 Feb 2003 12:45:07 -0600 >X-MIMETrack: Serialize by Router on MCNSTL40/MASTERCARD(Release 5.0.11 |July 24, 2002) at > 02/03/2003 12:45:20 PM >MIME-Version: 1.0 >Content-type: text/plain; charset=us-ascii > > >Nick, >Here's my two cents. It looks like a commercial version of Unix. My guess >is Solaris. The first thing that struck me was port 6112/dtspc. I'm >pretty sure that is a subprocess of CDE, so I doubt it's a Linux box. >Kevin is right about it not being a cisco box. There is no way it's cisco. >Look at port 7937/7938 open. That's Legato Networker 5.5 or later, it only >runs on AIX, Solaris, IRIX, HP-UX, Linux, & Tru64. It also runs on >windows, but this isn't a windows box. And it doesn't run on cisco. It >looks like a honeypot or a dead ringer for a newbie install. When you did >an nslookup, did it return "two-dollar-hooker.i-am-so-owned.com." ? I >thought so. As was indicated before. Connect to as many ports as you can, >and document the versions of the daemons listening from their blathering >banners. Good luck. I wonder if someone has already compiled a db >containing what versions of popular daemons are included in various >releases of *nix. Hope this helps. > > >Marty Wasson >Global Information Security >MasterCard International >(636) 722-2372 >martin_wassonat_private > > > > "Nick Jacobsen" > <nick@ethicsdesig To: <pen- testat_private> > n.com> cc: (bcc: Martin Wasson/STL/MASTERCARD) > Subject: Identify OS? > 01/31/03 01:33 AM > Please respond to > "Nick Jacobsen" > > > > > > >Hey All again, >Could any of you give me an idea of what type of machine the following >might >be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a >network, >so I am thinking it is some sort of gateway, but what OS/hardware? Below >is >the results of telnetting to port 23, and the ruslts of an nmap scan (tried >the identify OS option, didn't do sh*t) > >Nick J. >Ethics Design >nickat_private > ><----------------- Telnet results ----------------------------> >Authorized uses only. All activity may be monitored and reported. >login: cisco >Password: >Login incorrect ><----------------- End Telnet Results -----------------------> ><----------------- Nmap Scan Results ----------------------> >21/tcp open ftp >22/tcp open ssh >23/tcp open telnet >53/tcp open domain >111/tcp open sunrpc >161/tcp filtered snmp >162/tcp filtered snmptrap >389/tcp open ldap >512/tcp open exec >513/tcp open login >514/tcp open shell >1002/tcp open unknown >1169/tcp open unknown >1433/tcp filtered ms-sql-s >1720/tcp open H.323/Q.931 >2410/tcp open unknown >2785/tcp open unknown >2786/tcp open unknown >6000/tcp open X11 >6112/tcp open dtspc >7937/tcp open unknown >7938/tcp open unknown >32774/tcp open sometimes-rpc11 >32775/tcp open sometimes-rpc13 >32778/tcp open sometimes-rpc19 >Too many fingerprints match this host for me to give an accurate OS guess >TCP/IP fingerprint: >SInfo(V=3.10ALPHA7%P=i686-pc-windows-windows%D=1/30%Time=3E394B34%O=21% C=1) >T1(Resp=N) >T2(Resp=N) >T3(Resp=N) >T4(Resp=N) >T5(Resp=N) >T6(Resp=N) >T7(Resp=N) >PU(Resp=N) ><--------------------- End Nmap Scan Results ----------> > > >-------------------------------------------------------------------------- -- > >This list is provided by the SecurityFocus Security Intelligence Alert >(SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > > > > > > >-------------------------------------------------------------------------- -- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 10:29:02 PDT