Windows 7/Vista *All* UPnP Exploit Help???

Networking/Security Forums -> Exploits // System Weaknesses

Author: stream_venomLocation: Atlanta,GA PostPosted: Tue Oct 13, 2009 2:46 am    Post subject: Windows 7/Vista *All* UPnP Exploit Help???
    ----
Need help with this one

PORT STATE SERVICE VERSION
1862/tcp open unknown
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
22504/tcp open unknown
45100/tcp open unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bi…..submit.cgi :
SF-Port22504-TCP:V=5.00%I=7%D=10/6%Time=4ACBD3C2%P=i686-pc-linux-gnu%r(Get
SF:Request,6E,"HTTP/1.0×20406x20Notx20AcceptablernDate:x20Wed,x200
SF:7×20Octx202009×2003:33:17×20GMTrnServer:x20Frosty/4.17.2rnCo
SF:ntent-Length:x200rnrn")%r(FourOhFourRequest,7E,"HTTP/1.0×20400x
SF:20Badx20RequestrnDate:x20Wed,x2007×20Octx202009×2003:33:28×20G
SF:MTrnServer:x20Frosty/4.17.2rnContent-Length:x200rnConnection:
SF:x20Closernrn");
MAC Address: 00:1D:09:96:07:44 (Dell)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2008|Vista
OS details: Microsoft Windows Server 2008 Beta 3, Microsoft Windows Vista SP0 or SP1 or Server 2008 SP1
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=10/6%OT=1862%CT=%CU=%PV=Y%DS=1%G=N%M=001D09%TM=4ACBD3FF%P=
OS:i686-pc-linux-gnu)SEQ(SP=108%GCD=1%ISR=10B%TI=I%TS=7)OPS(O1=M5B4NW8ST11%
OS:O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11
OS:)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%TG=80%
OS:W=2000%O=M5B4NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R
OS:=N)T3(R=N)T4(R=N)U1(R=N)IE(R=N)

Uptime guess: 0.367 days (since Tue Oct 6 14:45:58 2009)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows

The port of intrest is 5357. After doing some search I have found that it belongs to a something like Limewire,Frostwire, or something like it… I have been using an exploit I found on Milw0rm to see if I could exploit the program behind the port…

All I get is this…

[+] checking if host exists…
[+] 192.168.1.94 exists…connecting…
[+] Connected…sending the request…
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 07 Oct 2009 03:54:40 GMT
Connection: close
Content-Length: 334

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request – Invalid Hostname</h2>
<hr><p>HTTP Error 400. The request hostname is invalid.</p>
</BODY></HTML>

I have been looking for help with this since Wednesday of last week... any help is much appreciated.



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group