Posted: Tue Oct 13, 2009 2:46 am Post subject: Windows 7/Vista *All* UPnP Exploit Help???
Need help with this one
PORT STATE SERVICE VERSION
1862/tcp open unknown
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
22504/tcp open unknown
45100/tcp open unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bi…..submit.cgi :
SF-Port22504-TCP:V=5.00%I=7%D=10/6%Time=4ACBD3C2%P=i686-pc-linux-gnu%r(Get
SF:Request,6E,"HTTP/1.0×20406x20Notx20AcceptablernDate:x20Wed,x200
SF:7×20Octx202009×2003:33:17×20GMTrnServer:x20Frosty/4.17.2rnCo
SF:ntent-Length:x200rnrn")%r(FourOhFourRequest,7E,"HTTP/1.0×20400x
SF:20Badx20RequestrnDate:x20Wed,x2007×20Octx202009×2003:33:28×20G
SF:MTrnServer:x20Frosty/4.17.2rnContent-Length:x200rnConnection:
SF:x20Closernrn");
MAC Address: 00:1D:09:96:07:44 (Dell)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2008|Vista
OS details: Microsoft Windows Server 2008 Beta 3, Microsoft Windows Vista SP0 or SP1 or Server 2008 SP1
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=10/6%OT=1862%CT=%CU=%PV=Y%DS=1%G=N%M=001D09%TM=4ACBD3FF%P=
OS:i686-pc-linux-gnu)SEQ(SP=108%GCD=1%ISR=10B%TI=I%TS=7)OPS(O1=M5B4NW8ST11%
OS:O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11
OS:)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%TG=80%
OS:W=2000%O=M5B4NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R
OS:=N)T3(R=N)T4(R=N)U1(R=N)IE(R=N)
Uptime guess: 0.367 days (since Tue Oct 6 14:45:58 2009)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows
The port of intrest is 5357. After doing some search I have found that it belongs to a something like Limewire,Frostwire, or something like it… I have been using an exploit I found on Milw0rm to see if I could exploit the program behind the port…
All I get is this…
[+] checking if host exists…
[+] 192.168.1.94 exists…connecting…
[+] Connected…sending the request…
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 07 Oct 2009 03:54:40 GMT
Connection: close
Content-Length: 334
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request – Invalid Hostname</h2>
<hr><p>HTTP Error 400. The request hostname is invalid.</p>
</BODY></HTML>
I have been looking for help with this since Wednesday of last week... any help is much appreciated.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum