Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
X
X
xxx2017-03-09 19:57:04
Burglary protection
xxx, 2017-03-09 19:57:04

Pentesting, get string from server (chat)?

Hello, I'm studying pentest and have a lab.
You were told that the chat server is running on the server with ip address xxxx The author does not know what port the server is running on, but he is sure that between 30000 and 30500. In addition, he said that there is a backdoor in the messaging mechanism that outputs "a certain string ". Authorization is not provided.
The goal is to find this line for yourself.
In general, netcat found out which port, connected to it. I got on the chat, and then I have no idea what to do. Any thoughts?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
T
TyzhSysAdmin, 2017-03-09
@POS_troi

Yes, look for the backdoor.
It is unrealistic to say more, you should go to the forum where this test is discussed, there people are at least aware of what you are talking about.

Report
1
15432, 2017-03-09
@15432

Typical options are to send a very long string to the chat, send non-standard characters, try sending quotes, brute force with random strings..

Similar questions
A
Andrew2016-05-02 15:46:27
Why is it not being scanned with nmap? 2Reply
S
SKEPTIC2020-08-28 01:24:47
Protection in php from downloading malicious scripts to a server when uploading a file? 4Reply
X
Xaber2018-10-30 02:01:44
For what purpose can suspicious WiFi be created at neighbors with my SSID/Key? 8Reply
V
VA2016-06-06 11:39:34
How to beat the Google DNS query flood? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question