[prev in list] [next in list] [prev in thread] [next in thread]
List: pen-test
Subject: Re: Interesting GUID
From: James Wright <jamfwright () gmail ! com>
Date: 2009-12-29 14:58:46
Message-ID: 769328c60912290658od6e0547j76e611208bd57ac6 () mail ! gmail ! com
[Download RAW message or body]
It may be MS RIS, as it uses client GUIDS as part of the
authentication to install MS operating systems. Not sure if it sends
out it's own though. A licensing server is a good guess, MS WDS may
be another possibility.
Thanks,
James
On Wed, Dec 23, 2009 at 4:47 PM, Jonathan Cran <jcran@0x0e.org> wrote:
> Judging by the lack of replies, you're sort of on your own here. It
> could be a licensing server, it could be some custom-build messaging
> system, it could just be injecting a little randomness into the
> universe *shrug*
>
> amap probably isn't going to help in this case. i assume you've done
> fingerprinting on the box using nmap/nessus/nexpose?
>
> Maybe try sequencing the GUIDs to identify any interesting patterns?
>
> jcran
>
>
> On Sat, Dec 19, 2009 at 5:09 PM, Daniel Clemens
> <daniel.clemens@packetninjas.net> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > While doing a pentest I ran across a service which responds with what looks to be \
> > a GUID.
> > Example 1
> > Connection to x.x.x.x 35000 port [tcp/*] succeeded!
> > {8F418F3C-4530-4198-9988-8B6E8E646991}Q?,?,?w>f???)??
> > ?nX?W?EOL{8F418F3C-4530-4198-9988-8B6E8E646991}EOL
> >
> >
> > Example 2
> > 0000: 7b46 4641 3131 4334 442d 4437 4237 2d34 [ {FFA11C4D-D7B7-4 ]
> > 0010: 4139 312d 4146 4643 2d32 4133 3534 4143 [ A91-AFFC-2A354AC ]
> > 0020: 3331 4539 457d 1551 ab2c ae2c b077 3e66 [ 31E9E}.Q.,.,.w>f ]
> > 0030: fbb8 cb29 02ab f30c fc6e 5816 1dd1 0400 [ ...).....nX..... ]
> > 0040: 0000 1800 0000 0400 0000 5786 0000 454f [ ..........W...EO ]
> > 0050: 4c7b 4646 4131 3143 3444 2d44 3742 372d [ L{FFA11C4D-D7B7- ]
> > 0060: 3441 3931 2d41 4646 432d 3241 3335 3441 [ 4A91-AFFC-2A354A ]
> > 0070: 4333 3145 3945 7d45 4f4c [ C31E9E}EOL \
> > ]
> >
> > Has anyone run across a service which act like the information provided above or \
> > could help in why or what a service responding with GUID information would be \
> > used for. (especially as an external service).
> >
> > Any ideas would be appreciated.
> >
> > > Daniel Uriah Clemens
> > > Packetninjas L.L.C | | http://www.packetninjas.net
> > > c. 205.567.6850 | | o. 866.267.8851
> > "Moments of sorrow are moments of sobriety"
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> >
> > iD8DBQFLLU8BlZy1vkUrR4MRAiQUAJ9hnh8Wrjrdb2PFl0/2tlsORxsUUACdFtzD
> > Zklf5QALah+nbM52KaGFf4U=
> > =e1IN
> > -----END PGP SIGNATURE-----
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a \
> > proper penetration test. IACRB CPT and CEPT certs require a full practical \
> > examination in order to become certified. http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
>
> --
> Jonathan Cran
> jcran@0x0e.org
> 515.890.0070
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a \
> proper penetration test. IACRB CPT and CEPT certs require a full practical \
> examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a \
proper penetration test. IACRB CPT and CEPT certs require a full practical \
examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic