[NeBoKaDnEzZaR]

HI out there

I searched Forum and also Google but doesnt found a vuln checker for Veritas Backup Exec. Does anybody know if there is one out ??

THX

[apoc_neo]

There isn't realy a checker but what you do is scan for port 6101 then use the autohacker that FLX made it is posted in the downloads section so you should be able to find it.

Edit: Here is the link for the autohacker http://www.governmen...showtopic=13414

This post has been edited by apoc_neo: 16 July 2005 - 07:19 PM

[NeBoKaDnEzZaR]

apoc_neo, on Jul 17 2005, 03:16 AM, said:

There isn't realy a checker but what you do is scan for port 6101 then use the autohacker that FLX made it is posted in the downloads section so you should be able to find it.

Edit: Here is the link for the autohacker http://www.governmen...showtopic=13414

<{POST_SNAPBACK}>

HI apoc_neo

First thank you for the reply.
Maybe im wrong please tell me if !!
I read that i have to scan port 10000.
Does i got false infos ?
"Veritas Backup Exec Windows Remote Agent Overflow"

????

[slb33]

There are 2 different exploits for veritas.
I believe apoc_neo is talking about the older one.
The newer one does use the port that you specified but I haven't heard of any checker for it and it is probably dead by now since it's been out for a while now.

Unless of course you haven't updated your servers with the newer versions of veritas! :blink:

[sz0n]

just make a simple ban check for port 10000. In dfind vuln ip will have banner like this �, or if you check banners by sl they will look like this: [$ B ,]. After this you can get more precise infos using check command in metasploit.

[nolimit]

or you could fuzz/dissemble and look for a new one

[L0rD]

HelloW,

If I don't make a mistake, I think that metasploit can check vulnerable workstations after you scan the ports

c ya :ph34r:

[slb33]

I think what he is really looking for is a way to detect the vulnerable ones and not just what version of remote agent it is.
As far as I know there is no scanner that will tell you if it's vulnerable or not.
You just have to check it with metasploit to see if it's really vulnerable.

[sz0n]

lol guys i wrote it in my previous post, just check the banners, however this vuln is already dead

[apoc_neo]

just use scanline that will work.

[slb33]

Yea, I use scanline myself since this exploit came out to check the banners.
I was only stating that just because you get the correct banner doesn't mean that it is vulnerable.
Most of these are now patched and not vulnerable but the still show the same kind of banner!

[andi1983]

NeBoKaDnEzZaR, on Jul 16 2005, 11:37 PM, said:

HI out there

I searched Forum and also Google but doesnt found a vuln checker for Veritas Backup Exec. Does anybody know if there is one out ??

THX

<{POST_SNAPBACK}>

just do a banner scan and check ips with banner with the exploit, so i did it.
scans without banned dont worked

[NeBoKaDnEzZaR]

Thank you @ all

I tested it with bannerscann an metasploit. Looks like the whole network here is fine. Nice to know :D THX.

[re_tlp21]

I wanted to use Nmap to check the banner, but how can you define threads in Nmap. If i would use it like this

--max_hostgroup 150 --min_hostgroup 100 --max_parallelism 200 --min_par
allelism 50 192.168.1.*

for example, it still cheks only one ip at the same time.

thanks