pen testing management and control system

From: Ronen Gottlib (ronenat_private)
Date: Fri Jun 27 2003 - 01:54:26 PDT

Next message: Craig H. Rowland: "RE: protocol analysis"

Previous message: Cade Cairns: "protocol analysis"
Next in thread: Rob Shein: "RE: pen testing management and control system"
Reply: Rob Shein: "RE: pen testing management and control system"
Reply: Jason.Northat_private: "RE: pen testing management and control system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

I am pen testing a windows 2000 advanced server, with some kind of
management and control software (e.g. Tivoli, Netcool). The system has
IIS 6.0 running with lockdown enabled.

When I tried to run nessus, my ip was blocked for quite a long time.
same happened with nikto.

Further more, although quite a few ports were found to be open on the
remote machine, the management and control application is blocking the
most of them while allowing access only to the following: 21, 23(ms
telnet server), 25(Microsoft ESMTP MAIL Service, Version:
6.0.2600.1106), 80 (Microsoft-IIS/6.0), 110 (Microsoft Windows POP3
Service Version 2.0), 3389.


The system is also running Hummingbird Exceed.

Does anyone have any idea? I've kind of reached a dead end. 
Below is the results of an Nmap, if it helps.

Thank you very much for your help-

Ronen.


Port State Service
21/tcp open 	ftp
22/tcp open 	ssh
23/tcp open 	telnet
25/tcp open	 	smtp
53/tcp open		domain
80/tcp open 	http
98/tcp open 	linuxconf
110/tcp open 	pop-3
111/tcp open 	sunrpc
135/tcp open 	loc-srv
143/tcp open 	imap2
161/tcp open  	snmp
443/tcp open 	https
1080/tcp open 	socks
1433/tcp open 	ms-sql-s
1494/tcp open 	citrix-ica
1720/tcp filtered H.323/Q.931
1723/tcp filtered pptp
3389/tcp open 	ms-term-serv
4000/tcp filtered remoteanything
5135/tcp open 	unknown
5631/tcp open 	pcanywheredata
5632/tcp open 	pcanywherestat
5900/tcp open 	vnc
6112/tcp open 	dtspc
6660/tcp filtered unknown
6661/tcp filtered unknown
6662/tcp filtered unknown
6663/tcp filtered unknown
6664/tcp filtered unknown
6665/tcp filtered unknown
6666/tcp filtered irc-serv
6667/tcp filtered irc
6668/tcp filtered irc
6669/tcp filtered unknown
8875/tcp filtered unknown
28900/tcp filtered unknown


---------------------------------------------------------------------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get 
trustworthy commercial-grade exploits and the latest techniques from a 
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 
or call 617-399-6980
----------------------------------------------------------------------------

Next message: Craig H. Rowland: "RE: protocol analysis"
Previous message: Cade Cairns: "protocol analysis"
Next in thread: Rob Shein: "RE: pen testing management and control system"
Reply: Rob Shein: "RE: pen testing management and control system"
Reply: Jason.Northat_private: "RE: pen testing management and control system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 11:45:58 PDT