Given that it comes back with a NETBIOS string, id run something like nbaudit on that port... On Wed, Jun 04, 2003 at 10:34:55AM +1000, Patrick Webster wrote: > Hi All, > > Whilst doing a pen-test I came across a Windows NT4 box with IIS4. After > doing a port scan, I noticed, among others, that port 41523 was open. > > Using Amap, the result returned is unknown, however the data given is: > > Response received from xxx.xxx.xxx.xxx port 41523 tcp (length 8 bytes): > 0000: 424e 4532 3937 4400 > ASCII: "NETBIOS_HOSTNAME" <= I've replaced the real hostname > Unidentified ports: 41523/tcp (total 1). > > I've searched google without any luck. Does anyone know what this may > be? I don't have access to the machine to run fport.exe or similar. > Below is the results of an Nmap, if it helps. > > ort State Service > 21/tcp open ftp > 22/tcp open ssh > 80/tcp open http > 81/tcp open hosts2-ns > 88/tcp open kerberos-sec > 135/tcp open loc-srv > 139/tcp open netbios-ssn > 443/tcp open https > 1027/tcp open IIS > 1038/tcp open unknown > 1041/tcp open unknown > 1433/tcp open ms-sql-s > 4899/tcp open radmin > 6050/tcp open arcserve > 8314/tcp open unknown > 41523/tcp open unknown > > Thanks, > > -Patrick > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- -- + Cannot find nsabackdoor.dll. Please reinstall Windows. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 16:13:27 PDT