Pentesting, get string from server (chat)?

X

xxx2017-03-09 19:57:04

Burglary protection

xxx, 2017-03-09 19:57:04

Hello, I'm studying pentest and have a lab.
You were told that the chat server is running on the server with ip address xxxx The author does not know what port the server is running on, but he is sure that between 30000 and 30500. In addition, he said that there is a backdoor in the messaging mechanism that outputs "a certain string ". Authorization is not provided.
The goal is to find this line for yourself.
In general, netcat found out which port, connected to it. I got on the chat, and then I have no idea what to do. Any thoughts?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

TyzhSysAdmin, 2017-03-09
@POS_troi

Yes, look for the backdoor.
It is unrealistic to say more, you should go to the forum where this test is discussed, there people are at least aware of what you are talking about.

1

15432, 2017-03-09
@15432

Typical options are to send a very long string to the chat, send non-standard characters, try sending quotes, brute force with random strings..