Hi Dave, If you do a few searches you will see that 445 is the new "NetBios" (kinda.) Microst-DS, or Microsoft Directory Services. It's great for penetration testers because a lot of firewall admins have blocked the standard Netbios ports.
Quick Tip: Netbios brute force attacks with brutus work fine if you change the target port from 139 to 445. Quick Tip #2: Null session enumeration works over 445 too. Yay! --Aaron Higbee > hi Dave, > > NtWaK0 released an advisory to bugtraq on 15/02/2002 dealing with port > 445, here's a quick extract: > > TCP/UPD port 445 is open by default on a Fresh installed XP box. > : The attack is seriouse since it work remotly and can make the CPU > 100 % : in less then 20 Second. > > you can find the full text at: > http://online.securityfocus.com/archive/1/256830 > > it might not help with port enumeration but it could shed some light on > the machine's os.. > > good luck, > nessim > > > On Wednesday 27 Feb 2002 6:12 pm, you wrote: >> Hello All >> >> I'm currently pentesting a client and nmap reports that a particular >> host has the following ports open: 82/tcp >> 445/tcp >> 447/tcp > > <snip> > >> Does anyone have any further information on these ports and what sort >> of application might be running using these open ports (assuming they >> are what they say they are!) >> >> Also assuming it's Win2K are there any tools for enumeration on port >> 445? >> >> All help appreciated >> >> Dave > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please > see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
