Hello all!
During a network audit, I came across a host running a service on a high port (34604). Not recognizing the port, I used a tool called 'amap' (
THC-AMAP - fast and reliable application fingerprint mapper) to fingerprint it.
This tool also did not fingerprint it correctly, but did manage to get a response from the service.
Here is the output:
0000: 0000 0001 412e 3031 2e31 3500 6674 7000 [ ....A.01.15.ftp. ]
0010: 6365 6420 4469 736b 2041 7272 6179 2073 [ ced Disk Array s ]
0020: 6572 6961 6c20 6e75 6d62 6572 203f 3a20 [ erial number ?: ]
0030: 4561 723a 3a4c 6973 7465 6e28 2930 3030 [ Ear::Listen()000 ]
0040: 3030 3132 3042 3846 3600 0000 000d 0000 [ 00120B8F6....... ]
0050: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0060: 00bc 0004 1000 0000 0000 0000 0000 0000 [ ................ ]
0070: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0080: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0090: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
00a0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
00b0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
00c0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
00d0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
00e0: 0000 0000 0000 0000 0000 0000 0000 4003 [ ..............@. ]
00f0: 7980 0000 0000 0000 00b1 0003 0000 0000 [ y............... ]
0100: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0110: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0120: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0130: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0140: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0150: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0160: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0170: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0180: 0003 2f76 6172 2f6f 7074 2f68 7061 7272 [ ../var/opt/hparr ]
0190: 6179 2f61 646d 696e 2f30 3030 3030 3132 [ ay/admin/0000012 ]
01a0: 3042 3846 362e 0000 0000 0000 0000 0000 [ 0B8F6........... ]
01b0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
01c0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
01d0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
01e0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
01f0: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0200: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0210: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0220: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0230: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0240: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0250: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0260: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0270: 0000 0000 0000 0000 0000 0000 0000 0000 [ ................ ]
0280: 0000 0000 0000 00 [ ....... ]
I started googling around for the string "/var/opt/hparray" and I found a lot of resourced for AutoRAID controllers.
Unfortunately, i could not find any information about a remote client that could be used to connect this service. (ie. nothing with port numbers etc)
Does anyone know of such a piece of software, or am I on the complete wrong track here?
Much thanks!
-dan