Diferencias

Muestra las diferencias entre dos versiones de la página.

--- eritrea:nmap [2025/03/23 17:33]
anonimo
+++ eritrea:nmap [2025/03/24 03:40] (actual)
anonimo
@@ Línea 1: / Línea 1: @@
-**Servicios abiertos**\\
+**El gobierno de ésta nación tiene a su población oprimida, se deduce de cajón, al igual que en Corea del Norte viendo el rango de ips asignadas a todo el país, por ello haré un escaner a toda su red a ver si encuentro vulnerabilidades y es posible atacar a su gobierno, no dispongo de medios ni de recursos para ir presencialmente y eliminar a sus opresores, así que, aunque sea poco pondré mi grano de arena. Hay quien dice que porqué lo hago si no me ha hecho nada, ésto no es más que una frase hecha, no tiene ningún sentido no hacer absolutamente nada contra un matón por el simple hecho de que el azar no te haya puesto enfrente de él**\\
+**Si buscamos en google mediante gov site:.er encontraremos sólo 2 enlaces, por lo que hacemos el escaner a todas las ips asignadas al país ([[https://www.ipdeny.com/ipblocks/data/aggregated/er-aggregated.zone|ipdeny]]), que son 4096 (que sale de 2^(32-20))**\\
+**El tar.gz para que trastees con el -->** {{ :eritrea:nmap_er_vuln.tar.gz |}}
+<code bash>
+sudo nmap -A -Pn -v 196.200.96.0/20 -oN eritrea
+</code>
+**Volvemos un poco más legible el fichero**\\
+<code bash>
+cat eritrea | sed -n '/.*scan report for.*/,/^$/p' > nmap_er.txt
+</code>
+**Creamos otro fichero con todas las ips**\\
+<code bash>
+cat nmap_er.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > ips_up_er.txt
+</code>
+**Servicios abiertos, detectados en toda la red**\\
 <code bash>
 cat nmap_er.txt | grep -Ex '^[0-9]+\/.*open.*' | sed -E 's/ {2,}/ /g' | sort | uniq
@@ Línea 69: / Línea 86: @@
 <code bash>
 cat nmap_er.txt | grep -Ex '.*are filtered.*' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > hosts_up_er_ports_filtered.txt
+</code>
+**Hosts que no tienen todos los puertos filtrados (restamos las diferencias entre un fichero y otro)**
+<code bash>
+grep -v -F -f hosts_up_er_ports_filtered.txt ips_up_er.txt | sed 'N;N;N;N;s/\n/ /g'
+.200.96.0 196.200.96.1 196.200.96.2 196.200.96.3 196.200.96.4
+.200.96.4 196.200.96.6 31.4.242.184 196.200.96.7 2.6.18.8
+.6.18.8 2.6.20.6 196.200.96.8 2.6.18.8 2.6.18.8
+.6.20.6 196.200.96.9 196.200.96.10 196.200.96.11 196.200.96.12
+.200.96.13 196.200.96.16 196.200.96.17 196.200.96.18 196.200.96.19
+.200.96.20 196.200.96.21 196.200.96.22 196.200.96.23 196.200.96.24
+.200.96.25 2.6.18.8 2.6.18.8 2.6.20.6 196.200.96.26
+.200.96.27 196.200.96.28 196.200.96.29 196.200.96.30 196.200.96.31
+.200.96.32 196.200.96.33 196.200.96.34 196.200.96.36 196.200.96.37
+.200.96.38 196.200.96.38 192.168.90.1 192.168.90.2 192.168.91.1
+.168.90.1 192.168.90.2 192.168.91.1 196.200.96.39 196.200.96.40
+.200.96.41 196.200.96.41 196.200.96.42 196.200.96.42 196.200.96.43
+.200.96.45 196.200.96.46 6.1.2.0 192.168.168.168 192.168.168.168
+.200.96.136
+.200.96.137
+</code>
+<code bash>
+grep -v -F -f hosts_up_er_ports_filtered.txt ips_up_er.txt > hosts_up_er_no_all_ports_filtered.txt
+</code>
+**Escaneo de vulnerabilidades (lo hacemos a la lista de hosts que no tienen todos los puertos filtrados)**\\
+<code bash>
+nmap -Pn -n --script "vuln" -iL hosts_up_er_no_all_ports_filtered.txt -oN nmap_vuln_er_hosts_no_all_ports_filtered.txt
+</code>
+**Hosts con vulnerabilidades**\\
+<code bash>
+cat nmap_vuln_er_hosts_no_all_ports_filtered.txt | sed -n '/.*scan report for.*/,/^$/p' | sed -n '/./{H;d}; x; /VULNERABLE/!d; p'
+Nmap scan report for 196.200.96.6
+Host is up (0.53s latency).
+Not shown: 983 closed ports
+PORT     STATE    SERVICE
+/tcp   open     ftp
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+| ssl-dh-params:
+|   VULNERABLE:
+|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
+|     State: VULNERABLE
+|       Transport Layer Security (TLS) services that use anonymous
+|       Diffie-Hellman key exchange only provide protection against passive
+|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
+|       which could completely compromise the confidentiality and integrity
+|       of any data exchanged over the resulting session.
+|     Check results:
+|       ANONYMOUS DH GROUP 1
+|             Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
+|             Modulus Type: Non-safe prime
+|             Modulus Source: RFC5114/2048-bit DSA group with 256-bit prime order subgroup
+|             Modulus Length: 2048
+|             Generator Length: 2048
+|             Public Key Length: 2048
+|     References:
+|_      https://www.ietf.org/rfc/rfc2246.txt
+|_sslv2-drown:
+/tcp   open     ssh
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+/tcp   open     smtp
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+/tcp   filtered domain
+/tcp   open     http
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+/tcp  open     pop3
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_ssl-poodle: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown: ERROR: Script execution failed (use -d to debug)
+/tcp  open     rpcbind
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+/tcp  filtered netbios-ssn
+/tcp  open     imap
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_ssl-dh-params: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+/tcp  filtered esro-gen
+/tcp  open     https
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-passwd: ERROR: Script execution failed (use -d to debug)
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_sslv2-drown:
+/tcp  open     smtps
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+| smtp-vuln-cve2010-4344:
+|_  The SMTP server is not Exim: NOT VULNERABLE
+|_sslv2-drown:
+/tcp  open     submission
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+| smtp-vuln-cve2010-4344:
+|_  The SMTP server is not Exim: NOT VULNERABLE
+|_sslv2-drown:
+/tcp  filtered ldp
+/tcp  open     imaps
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+/tcp  open     pop3s
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+/tcp open     mysql
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_mysql-vuln-cve2012-2122: ERROR: Script execution failed (use -d to debug)
+Nmap scan report for 196.200.96.11
+Host is up (0.33s latency).
+Not shown: 995 filtered ports
+PORT    STATE  SERVICE
+/tcp  open   ftp
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+| ssl-dh-params:
+|   VULNERABLE:
+|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
+|     State: VULNERABLE
+|       Transport Layer Security (TLS) services that use anonymous
+|       Diffie-Hellman key exchange only provide protection against passive
+|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
+|       which could completely compromise the confidentiality and integrity
+|       of any data exchanged over the resulting session.
+|     Check results:
+|       ANONYMOUS DH GROUP 1
+|             Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
+|             Modulus Type: Non-safe prime
+|             Modulus Source: RFC5114/2048-bit DSA group with 256-bit prime order subgroup
+|             Modulus Length: 2048
+|             Generator Length: 2048
+|             Public Key Length: 2048
+|     References:
+|_      https://www.ietf.org/rfc/rfc2246.txt
+|_sslv2-drown:
+/tcp  open   smtp
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+/tcp  closed tacacs
+/tcp  open   http
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+/tcp open   https
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+Nmap scan report for 196.200.96.18
+Host is up (0.33s latency).
+Not shown: 994 filtered ports
+PORT    STATE  SERVICE
+/tcp  open   ftp
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+| ssl-dh-params:
+|   VULNERABLE:
+|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
+|     State: VULNERABLE
+|       Transport Layer Security (TLS) services that use anonymous
+|       Diffie-Hellman key exchange only provide protection against passive
+|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
+|       which could completely compromise the confidentiality and integrity
+|       of any data exchanged over the resulting session.
+|     Check results:
+|       ANONYMOUS DH GROUP 1
+|             Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
+|             Modulus Type: Non-safe prime
+|             Modulus Source: RFC5114/2048-bit DSA group with 256-bit prime order subgroup
+|             Modulus Length: 2048
+|             Generator Length: 2048
+|             Public Key Length: 2048
+|     References:
+|_      https://www.ietf.org/rfc/rfc2246.txt
+|_sslv2-drown:
+/tcp  open   smtp
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+/tcp  closed tacacs
+/tcp  open   http
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+/tcp closed bgp
+/tcp open   https
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+| http-slowloris-check:
+|   VULNERABLE:
+|   Slowloris DOS attack
+|     State: LIKELY VULNERABLE
+|     IDs:  CVE:CVE-2007-6750
+|       Slowloris tries to keep many connections to the target web server open and hold
+|       them open as long as possible.  It accomplishes this by opening connections to
+|       the target web server and sending a partial request. By doing so, it starves
+|       the http server's resources causing Denial Of Service.
+|
+|     Disclosure date: 2009-09-17
+|     References:
+|       http://ha.ckers.org/slowloris/
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+Nmap scan report for 196.200.96.29
+Host is up (0.33s latency).
+Not shown: 995 filtered ports
+PORT     STATE  SERVICE
+/tcp   closed tacacs
+/tcp   open   http
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_http-vuln-wnr1000-creds: ERROR: Script execution failed (use -d to debug)
+/tcp  closed bgp
+/tcp  open   https
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+| http-slowloris-check:
+|   VULNERABLE:
+|   Slowloris DOS attack
+|     State: LIKELY VULNERABLE
+|     IDs:  CVE:CVE-2007-6750
+|       Slowloris tries to keep many connections to the target web server open and hold
+|       them open as long as possible.  It accomplishes this by opening connections to
+|       the target web server and sending a partial request. By doing so, it starves
+|       the http server's resources causing Denial Of Service.
+|
+|     Disclosure date: 2009-09-17
+|     References:
+|       http://ha.ckers.org/slowloris/
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_sslv2-drown:
+/tcp closed ibm-db2-admin
+Nmap scan report for 196.200.96.38
+Host is up (0.34s latency).
+Not shown: 994 filtered ports
+PORT      STATE  SERVICE
+/tcp    open   http
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+/tcp   open   https
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
+|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
+|_http-passwd: ERROR: Script execution failed (use -d to debug)
+|_http-passwd: ERROR: Script execution failed (use -d to debug)
+| http-phpmyadmin-dir-traversal:
+|   VULNERABLE:
+|   phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
+|     State: UNKNOWN (unable to test)
+|     IDs:  CVE:CVE-2005-3299
+|       PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
+|
+|     Disclosure date: 2005-10-nil
+|     Extra information:
+|       ../../../../../etc/passwd :
+|   <!doctype html>
+|   <html lang="en">
+|       <head>
+|           <meta http-equiv="Content-type" content="text/html; charset=utf-8"/>
+|           <title>Tesla Energy Powerpack</title>
+|           <meta name="description" content="">
+|           <meta name="author" content="">
+|           <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+|           <base href="/">
+|       <link rel="shortcut icon" href="favicon.ico"></head>
+|       <body>
+|           <div id="root" />
+|       <script type="text/javascript" src="app.js"></script></body>
+|   </html>
+|
+|     References:
+|       http://www.exploit-db.com/exploits/1244/
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
+| http-phpmyadmin-dir-traversal:
+|   VULNERABLE:
+|   phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
+|     State: UNKNOWN (unable to test)
+|     IDs:  CVE:CVE-2005-3299
+|       PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
+|
+|     Disclosure date: 2005-10-nil
+|     Extra information:
+|       ../../../../../etc/passwd :
+|   <!doctype html>
+|   <html lang="en">
+|       <head>
+|           <meta http-equiv="Content-type" content="text/html; charset=utf-8"/>
+|           <title>Tesla Energy Powerpack</title>
+|           <meta name="description" content="">
+|           <meta name="author" content="">
+|           <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+|           <base href="/">
+|       <link rel="shortcut icon" href="favicon.ico"></head>
+|       <body>
+|           <div id="root" />
+|       <script type="text/javascript" src="app.js"></script></body>
+|   </html>
+|
+|     References:
+|       http://www.exploit-db.com/exploits/1244/
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
+| http-slowloris-check:
+|   VULNERABLE:
+|   Slowloris DOS attack
+|     State: LIKELY VULNERABLE
+|     IDs:  CVE:CVE-2007-6750
+|       Slowloris tries to keep many connections to the target web server open and hold
+|       them open as long as possible.  It accomplishes this by opening connections to
+|       the target web server and sending a partial request. By doing so, it starves
+|       the http server's resources causing Denial Of Service.
+|
+|     Disclosure date: 2009-09-17
+|     References:
+|       http://ha.ckers.org/slowloris/
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+| http-vuln-cve2010-0738:
+|_  /jmx-console/: Authentication was not required
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
+| ssl-cert-intaddr:
+|   X509v3 Subject Alternative Name:
+|     192.168.90.1
+|     192.168.90.2
+|_    192.168.91.1
+| ssl-cert-intaddr:
+|   X509v3 Subject Alternative Name:
+|     192.168.90.1
+|     192.168.90.2
+|_    192.168.91.1
+|_sslv2-drown:
+|_sslv2-drown:
+/tcp  open   lmsocialserver
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+| ssl-cert-intaddr:
+|   X509v3 Subject Alternative Name:
+|     192.168.90.1
+|     192.168.90.2
+|_    192.168.91.1
+| ssl-cert-intaddr:
+|   X509v3 Subject Alternative Name:
+|     192.168.90.1
+|     192.168.90.2
+|_    192.168.91.1
+|_sslv2-drown:
+|_sslv2-drown:
+/tcp  open   mini-sql
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+| ssl-cert-intaddr:
+|   X509v3 Subject Alternative Name:
+|     192.168.90.1
+|     192.168.90.2
+|_    192.168.91.1
+| ssl-cert-intaddr:
+|   X509v3 Subject Alternative Name:
+|     192.168.90.1
+|     192.168.90.2
+|_    192.168.91.1
+|_sslv2-drown:
+|_sslv2-drown:
+/tcp  open   ms-wbt-server
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_ssl-ccs-injection: No reply from server (TIMEOUT)
+|_ssl-ccs-injection: No reply from server (TIMEOUT)
+|_sslv2-drown:
+|_sslv2-drown:
+/tcp closed dnp
+Nmap scan report for 196.200.96.41
+Host is up (0.56s latency).
+Not shown: 992 closed ports
+PORT     STATE    SERVICE
+/tcp   open     ftp
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_ftp-libopie: ERROR: Script execution failed (use -d to debug)
+|_sslv2-drown:
+|_sslv2-drown:
+/tcp   open     ssh
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+/tcp   open     telnet
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+/tcp   filtered smtp
+/tcp   open     http
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-csrf: Couldn't find any CSRF vulnerabilities.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-dombased-xss: Couldn't find any DOM based XSS.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+/tcp  filtered netbios-ssn
+/tcp  filtered ldp
+/tcp open     https-alt
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_clamav-exec: ERROR: Script execution failed (use -d to debug)
+|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
+| http-slowloris-check:
+|   VULNERABLE:
+|   Slowloris DOS attack
+|     State: LIKELY VULNERABLE
+|     IDs:  CVE:CVE-2007-6750
+|       Slowloris tries to keep many connections to the target web server open and hold
+|       them open as long as possible.  It accomplishes this by opening connections to
+|       the target web server and sending a partial request. By doing so, it starves
+|       the http server's resources causing Denial Of Service.
+|
+|     Disclosure date: 2009-09-17
+|     References:
+|       http://ha.ckers.org/slowloris/
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
+| http-vuln-cve2011-3368:
+|   VULNERABLE:
+|   Apache mod_proxy Reverse Proxy Security Bypass
+|     State: VULNERABLE
+|     IDs:  CVE:CVE-2011-3368  BID:49957
+|       An exposure was reported affecting the use of Apache HTTP Server in
+|       reverse proxy mode. The exposure could inadvertently expose internal
+|       servers to remote users who send carefully crafted requests.
+|     Disclosure date: 2011-10-05
+|     References:
+|       https://www.securityfocus.com/bid/49957
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
+| http-vuln-cve2011-3368:
+|   VULNERABLE:
+|   Apache mod_proxy Reverse Proxy Security Bypass
+|     State: VULNERABLE
+|     IDs:  CVE:CVE-2011-3368  BID:49957
+|       An exposure was reported affecting the use of Apache HTTP Server in
+|       reverse proxy mode. The exposure could inadvertently expose internal
+|       servers to remote users who send carefully crafted requests.
+|     Disclosure date: 2011-10-05
+|     References:
+|       https://www.securityfocus.com/bid/49957
+|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
+|_ssl-ccs-injection: No reply from server (TIMEOUT)
+|_sslv2-drown:
+|_sslv2-drown:
 </code>

Wiki

Herramientas de usuario

Herramientas del sitio

Diferencias

Herramientas de la página