[unisog] RE: Port 33
dwpayne at ist.uwaterloo.ca
Tue Jun 3 20:50:56 GMT 2003
Steve Bernard wrote:
> I should have mentioned that I don't currently have physical access to the
> box. I will of course do a lower level inspection when I can. Attempts to
> connect to port 33 via other protocols (FTP, HTTP, SMTP), did not produce
> any results. As the telnet message indicates, "Not Loged in". There's
> obviously some method of authenticating or otherwise accessing the service.
> That's what I was hoping someone else would be able to provide ;)
Try typing HELP after the 220 prompt. An FTP server, even a rogue one,
will often display something like (from an actual example of a rogue on
a compromised system here):
214- The following commands are recognized (* => unimplemented).
USER PORT RETR ALLO DELE SITE XMKD CDUP
PASS PASV STOR REST CWD STAT RMD XCUP
ACCT TYPE APPE RNFR XCWD HELP XRMD STOU
REIN STRU SMNT RNTO LIST NOOP PWD SIZE
QUIT MODE SYST ABOR NLST MKD XPWD MDTM
214 ask god
Other servers such as SMTP have their own responses to HELP.
More information about the unisog