afganistan:nmap-mopvpe

af@dictadura:$ nmap --script=vuln mopvpe.gov.af
Starting Nmap 7.80 ( https://nmap.org ) at 2025-02-09 20:56 CET
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for mopvpe.gov.af (103.132.98.224)
Host is up (0.25s latency).
Not shown: 989 filtered ports
PORT     STATE  SERVICE
22/tcp   closed ssh
25/tcp   open   smtp
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| ssl-dh-params: 
|   VULNERABLE:
|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use anonymous
|       Diffie-Hellman key exchange only provide protection against passive
|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
|       which could completely compromise the confidentiality and integrity
|       of any data exchanged over the resulting session.
|     Check results:
|       ANONYMOUS DH GROUP 1
|             Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: Unknown/Custom-generated
|             Modulus Length: 2048
|             Generator Length: 8
|             Public Key Length: 2048
|     References:
|_      https://www.ietf.org/rfc/rfc2246.txt
|_sslv2-drown: 
80/tcp   open   http
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
110/tcp  open   pop3
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_ssl-ccs-injection: ERROR: Script execution failed (use -d to debug)
|_ssl-dh-params: ERROR: Script execution failed (use -d to debug)
|_ssl-heartbleed: ERROR: Script execution failed (use -d to debug)
|_ssl-poodle: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: ERROR: Script execution failed (use -d to debug)
143/tcp  open   imap
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_ssl-ccs-injection: ERROR: Script execution failed (use -d to debug)
|_ssl-dh-params: ERROR: Script execution failed (use -d to debug)
|_ssl-heartbleed: ERROR: Script execution failed (use -d to debug)
|_ssl-poodle: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
443/tcp  open   https
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=mopvpe.gov.af
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: https://mopvpe.gov.af:443/
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/faq
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
|     Form id: shorten-current
|     Form action: /index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
|     
|     Path: https://mopvpe.gov.af:443/dr/news
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/%d8%a7%d9%88%d9%82%d8%a7%d8%aa-%da%a9%d8%a7%d8%b1%db%8c
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/tenders
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/%d8%b3%d8%ae%d9%86%d8%b1%d8%a7%d9%86%db%8c-%d9%87%d8%a7
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/node/176
|     Form id: edit-keys
|_    Form action: /dr/search
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-sql-injection: ERROR: Script execution failed (use -d to debug)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-trace: TRACE is enabled
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
465/tcp  open   smtps
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
587/tcp  open   submission
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| ssl-dh-params: 
|   VULNERABLE:
|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use anonymous
|       Diffie-Hellman key exchange only provide protection against passive
|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
|       which could completely compromise the confidentiality and integrity
|       of any data exchanged over the resulting session.
|     Check results:
|       ANONYMOUS DH GROUP 1
|             Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: Unknown/Custom-generated
|             Modulus Length: 2048
|             Generator Length: 8
|             Public Key Length: 2048
|     References:
|_      https://www.ietf.org/rfc/rfc2246.txt
|_sslv2-drown: 
993/tcp  open   imaps
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
995/tcp  open   pop3s
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
2030/tcp open   device2
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
 
Nmap done: 1 IP address (1 host up) scanned in 457.71 seconds

HTTP TRACE está habilitado: Posible vulnerabilidad Impacto: Puede ser usado en ataques de Cross-Site Tracing (XST) para robar cookies o tokens de autenticación.

Posibles vulnerabilidades CSRF detectadas (muy vulnerable)

Impacto: Formularios en /dr/search podrían ser explotables mediante Cross-Site Request Forgery (CSRF).

SSL/TLS configuraciones débiles

SSLv2 DROWN Attack: Algunos puertos parecen ser vulnerables a DROWN (CVE-2016-0800).

configuraciones inseguras en TLS y HTTP

Puerto	Estado	Servicio	Observaciones
22/tcp	Cerrado	SSH	No disponible
25/tcp	Abierto	SMTP	Posible servidor de correo
80/tcp	Abierto	HTTP	Página web accesible
110/tcp	Abierto	POP3	Servidor de correo POP3
143/tcp	Abierto	IMAP	Servidor de correo IMAP
443/tcp	Abierto	HTTPS	Tiene problemas de seguridad en TLS
465/tcp	Abierto	SMTPS	SMTP seguro, pero con posibles vulnerabilidades
587/tcp	Abierto	Submission	SMTP para envío de correos autenticados
993/tcp	Abierto	IMAPS	IMAP seguro, pero con posibles vulnerabilidades
995/tcp	Abierto	POP3S	POP3 seguro, pero con posibles vulnerabilidades