Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: HELP! PLEASE!! How can I access a remote Win98 box?

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    7

    HELP! PLEASE!! How can I access a remote Win98 box?

    Hi, Please help! I recently lost the dedicated data connection to one of my remote data-collection stations running basic Win98 (This machine is unmanned, and in an isolated location, so I can’t just have someone install “PC Anywhere” or something similar. Weather delays are preventing us from getting the line repaired, and I need to do a data pull on this machine. The machine still has an active connection to the Internet, and I have done a port-scan which reveals the standard ports as being open (80, 81, 82, 119, 389,1002, 1080, 1720), but after I attempted an HTTP://IP_Address:80, I got nothing. My predecessor didn't tell me about any firewalls, so I am stumped. I am a UNIX guy dumped into this by default. Is there anyway that I can connect to the machine through one of these open ports and access data on C:\? I had always assumed that a Windows box with open ports and an active ‘net connection was pretty much there for the taking, but darned if I can figure it out. If anyone can help, or point me to a site that will help, I would really appreciate it. Thanks, Dave

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Hrmm. It's interesting that there are some unusual ports open. Perhaps you should see what those ports hold open.

    What exactly is this for and why use a Win98 box? Windows 98 isn't exactly server technology and certainly lacks the security that is needed, especially if it's "data-collection".

    What is installed on it?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    (I feel this might be a legit cause...)

    Based on the 389(ldap) and 1720(h323hostcall) ports, it seems to me it might be running netmeeting... you might be able to connect and use the remote desktop functionnality...

    Port 82 is listed as Xfer utility, so it might help but I've never heard of such a program... Anyone?

    What happens when you try to connect with your browser (on port 80 of course)?
    Does telneting (to port 80) show anything (don't forget to send 2 returns to a server message)...

    BTW, how's that host usually managed?

    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #4
    Junior Member
    Join Date
    Feb 2003
    Posts
    7
    The machine in question is basically a dumb terminal. It takes feeds from several meteorological sensors (wind, temp, rain-fall), runs a couple of algorythms and then spits the info back down a dedicated line every six hours. (That is when the line isn't down 'cause of an ice-storm... something vaguley ironic about that isn't there?). As for the open ports, it is a bit unusual, but then the whole set-up is. It was cobbled together out of bits and pieces.... (Your tax dollars at work !!) and I just go thrown into the Sysadmin position for it a short time ago... never touched a Win98 box in my life.... Telnetting doesn't seem to get me anywhere (I understand Telnet is not an available feature on Win boxes by default?) and Doing an http:// to port 80 gets me "Connection closed by server" message

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Win98????


    That makes things a little bit tougher. It doesn't run the full suite of services that an NT box would be by default. Hence, less to exploit in an emergency. The ports you list as being open are pretty weird for a workstation. I mean....LDAP, Socks, and H323 stuff....wierd indeed. If you have access to a *nix box have you tried scanning it with nessus? It will link you to the known security exploits on those porst. You could also look on CERT for some of the exploits, but I don't know of anything right off the top of my head to try. Sorry.


    edit---damn y'all type fast. I try to post and get three ahead of me before I can even get this half-baked answer articulated.

  6. #6
    Junior Member
    Join Date
    Aug 2002
    Posts
    15
    81/tcp Name Server NS
    82/tcp XFER Utility XFER
    119/tcp Network News Transfer Protocol NNTP
    389/tcp Lightweight Directory Access Protocol LDAP
    1002 is unassigned as a standard TCP/UDP port Possible Application(s) = NetMeeting or another non-standard LDAP
    1080 is a SOCKS protocol or proxy
    1720 is another non-standard port but NetMeeting and GnomeMeeting use this as RDS (Remote Desktop Sharing) also a common DoS vulnerability port

    ??????? Data-collection?

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Thanks Xylinx for getting the Ports.

    Off-hand, my first question is are you sure its a Win98 box?

    Second, are you sure you have the right IP? Because none of those look like data collection ports (assuming standard databases).

    Have you tried telnetting to each port to see what the response is (banner info)?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Junior Member
    Join Date
    Feb 2003
    Posts
    7
    Ok... I am 99.99847875572% positive that it is a Win 98 SE box. Apparently it was grabbed at the last minute when the original machine kacked and died about six months ago. The data flow was supposed to go out on port 1720 (I think). All the 'data-collection work' is done by a fairly basic script that was put together about 3-4 years ago. It has worked, so no one ever bothered to improve on it, as for security, there is none... even if you found it, there is nothing on it but met data for a relatively unihabited area up north.

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Unless there is some type of remote software on it.. I'm afraid yer dead in the water. Someone is gonna have to brave the "snot-freezing-in-your-nose" temperatures and get the data manually from the machine.

    98 is definately not the serving out type of box. Also, there must be firewalls on this box or it's not Win98. Windows 98 ALWAYS has ports 135-139 open. Those aren't showing up in your scan.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Junior Member
    Join Date
    Feb 2003
    Posts
    7
    Ok, thanks all.. I guess worse comes to worst, I can stiff the boss for a couple of days travel and some gas & food money. Anyone wanna go for a three-hour snow-shoe? Thanks all, appreciate it, Dave

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •