NeBoKaDnEzZaR
Jul 16 2005, 11:37 PM
HI out there
I searched Forum and also Google but doesnt found a vuln checker for Veritas Backup Exec. Does anybody know if there is one out ??
THX
apoc_neo
Jul 17 2005, 03:16 AM
There isn't realy a checker but what you do is scan for port 6101 then use the autohacker that FLX made it is posted in the downloads section so you should be able to find it.
Edit: Here is the link for the autohacker
http://www.governmentsecurity.org/forum/in...showtopic=13414
NeBoKaDnEzZaR
Jul 17 2005, 05:27 AM
QUOTE(apoc_neo @ Jul 17 2005, 03:16 AM)
There isn't realy a checker but what you do is scan for port 6101 then use the autohacker that FLX made it is posted in the downloads section so you should be able to find it.
Edit: Here is the link for the autohacker
http://www.governmentsecurity.org/forum/in...showtopic=13414HI apoc_neo
First thank you for the reply.
Maybe im wrong please tell me if !!
I read that i have to scan port 10000.
Does i got false infos ?
"Veritas Backup Exec Windows Remote Agent Overflow"
????
slb33
Jul 17 2005, 06:25 AM
There are 2 different exploits for veritas.
I believe apoc_neo is talking about the older one.
The newer one does use the port that you specified but I haven't heard of any checker for it and it is probably dead by now since it's been out for a while now.
Unless of course you haven't updated your servers with the newer versions of veritas!
sz0n
Jul 17 2005, 07:58 AM
just make a simple ban check for port 10000. In dfind vuln ip will have banner like this €, or if you check banners by sl they will look like this: [$ B ,]. After this you can get more precise infos using check command in metasploit.
nolimit
Jul 18 2005, 02:23 AM
or you could fuzz/dissemble and look for a new one
L0rD
Jul 19 2005, 03:23 PM
HelloW,
If I don't make a mistake, I think that metasploit can check vulnerable workstations after you scan the ports
c ya
slb33
Jul 19 2005, 05:31 PM
I think what he is really looking for is a way to detect the vulnerable ones and not just what version of remote agent it is.
As far as I know there is no scanner that will tell you if it's vulnerable or not.
You just have to check it with metasploit to see if it's really vulnerable.
sz0n
Jul 19 2005, 08:23 PM
lol guys i wrote it in my previous post, just check the banners, however this vuln is already dead
apoc_neo
Jul 19 2005, 10:21 PM
just use scanline that will work.
slb33
Jul 20 2005, 01:42 AM
Yea, I use scanline myself since this exploit came out to check the banners.
I was only stating that just because you get the correct banner doesn't mean that it is vulnerable.
Most of these are now patched and not vulnerable but the still show the same kind of banner!
andi1983
Jul 21 2005, 08:11 AM
QUOTE(NeBoKaDnEzZaR @ Jul 16 2005, 11:37 PM)
HI out there
I searched Forum and also Google but doesnt found a vuln checker for Veritas Backup Exec. Does anybody know if there is one out ??
THX
just do a banner scan and check ips with banner with the exploit, so i did it.
scans without banned dont worked
NeBoKaDnEzZaR
Jul 23 2005, 04:00 AM
Thank you @ all
I tested it with bannerscann an metasploit. Looks like the whole network here is fine. Nice to know
THX.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
