Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-17 Thread endrazine
Hi, you dont want to ask nmap to determine the OS based on port 23 scan only. so, s/p23// in the second nmap call. hence: #!/bin/bash # solaris-telnetd-audit.sh IPSFILE=./ips.lst; # file containing IPs to scan MESSAGE=possible-Solaris-telnet-server-found; EMAIL=[EMAIL PROTECTED]; for IP in

Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-17 Thread pagvac
Hello Endrazine! That's more complete but more slow at the same time due to service fingerprinting being launched against 1665 ports rather than just one. However, increasing the chance of finding a vulnerable target it's a good idea. Thanks! :-) Here is version 0.03 of solaris-telnetd-audit.sh,

Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-17 Thread Marcin Antkiewicz
On Sat, 17 Feb 2007, endrazine wrote: Hi, you dont want to ask nmap to determine the OS based on port 23 scan only. so, s/p23// in the second nmap call. That would run through nmap's list of default ports (2000). OS guess needs one closed, and one open port to be effective. I will supply

Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-16 Thread pagvac
The following script might also help find Solaris telnet servers on your network. Note: I give no guarantees that it will work # solaris-telnetd-audit.sh IPSFILE=./ip-addresses.lst; MESSAGE=possible Sun Solaris telned found; EMAIL=[EMAIL PROTECTED]; for IP in `cat $IPSFILE` do echo

Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-16 Thread pagvac
On 2/17/07, Marcin Antkiewicz [EMAIL PROTECTED] wrote: On Sat, 17 Feb 2007, pagvac wrote: The following script might also help find Solaris telnet servers on your network. [...] for IP in `cat $IPSFILE` do echo Trying $IP ...; if nmap -P0 -n -p23 -sS $IP | grep -i

Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-12 Thread Oscar Fajardo Sanchez
-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork? Johannes Ullrich from the SANS ISC sent this to me and then I saw it on the DSHIELD list: If you run Solaris, please check if you got telnet enabled NOW. If you can, block port 23

Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-12 Thread Michael Holstein
If you run Solaris, please check if you got telnet enabled NOW. Simple test : nmap -sV -oG - -p23 your.net/cidr |grep Sun Solaris Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?

2007-02-12 Thread K K
On 2/12/07, Michael Holstein [EMAIL PROTECTED] wrote: If you run Solaris, please check if you got telnet enabled NOW. Simple test : nmap -sV -oG - -p23 your.net/cidr |grep Sun Solaris Note that this bug was introduced in Solaris 10, earlier versions are *not* vulnerable. Kevin