Wiki

¡Esta es una revisión vieja del documento!

---

sudo nmap -Pn -sS -p 22,80,443,8080,3306 -sCV -vv -T4 mopvpe.gov.af -oN nmap_mopvpe.gov.af.txt
Starting Nmap 7.80 ( https://nmap.org ) at 2025-06-16 02:24 CEST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 02:24
Completed Parallel DNS resolution of 1 host. at 02:24, 9.69s elapsed
Initiating SYN Stealth Scan at 02:24
Scanning mopvpe.gov.af (103.132.98.226) [5 ports]
Discovered open port 80/tcp on 103.132.98.226
Discovered open port 22/tcp on 103.132.98.226
Discovered open port 443/tcp on 103.132.98.226
Completed SYN Stealth Scan at 02:24, 2.21s elapsed (5 total ports)
Initiating Service scan at 02:24
Scanning 3 services on mopvpe.gov.af (103.132.98.226)
Completed Service scan at 02:24, 13.16s elapsed (3 services on 1 host)
NSE: Script scanning 103.132.98.226.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 11.18s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 1.59s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
Nmap scan report for mopvpe.gov.af (103.132.98.226)
Host is up, received user-set (0.18s latency).
Scanned at 2025-06-16 02:24:25 CEST for 29s
 
PORT     STATE    SERVICE    REASON         VERSION
22/tcp   open     ssh        syn-ack ttl 47 OpenSSH 8.0 (protocol 2.0)
| ssh-hostkey: 
|   3072 81:25:bd:ae:9a:01:a3:f1:19:bb:60:ac:36:0e:1b:a5 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkw1U5ivfJGEQYygiSENy2TzmP+2PFV5L9C6dB99Fqv+yG7QOQn4BKKIf32l0UIiby+5kkoLp2ik8P3qM/w7cVeL5N43qE6jhqcPWeQY5uS2XVBEfVqugTyadv3JPc0sueOyZy5FiNnf+wgOn0wIxXcu8Uw61ib5tblabLGHk6aGzERCqjMvcwXuowqqib8ab8EN2m1kAhGmDhWT1W5bt8r+Gn3hImOCM/dXvvIcTCDEtdD1VULJXX5jDO/mIDqQAJ3teE9c94P4kQcDAJuIH8FO8ScSEjfihM/by2zE+6ydBYcT00qyOQu6ERRQIbiavZ+pprZ0OKHLMeBycSLnT1XJ96weGeMSN9rk6G3E/4xByirf7jVrEIv7apCmfNKSz7uCHmJXsuiRtSGGzGgA5Fmxyo7icbmCt6h4O2Dq45sU4j6u2njaVAaNyonke6MFUaZAGXFJZcOd06h3nDMmeBwK6IDCUqXj4NawmuLY1BF+7PrlGdswf4U+1o7wo/XLs=
|   256 e4:43:4a:ab:06:f8:dc:36:a8:17:7c:1d:74:5d:eb:b2 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPMpmfsz/Y0Jfk86O4lUMkoWGZGzrs8UPgB9mdqXk+EYd9iNr4+wc419rb88NiC5Fm1ywrSqLElqqIdP4bRSl10=
|   256 6f:ac:81:c0:41:77:d8:15:56:12:d5:0e:01:a1:34:c2 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAiKruMfvxXPkGTkl/cTnaJfVchhQ6aSteIrvRENIOQE
80/tcp   open     http       syn-ack ttl 47 Apache httpd 2.4.62 ((Unix) OpenSSL/1.1.1k)
|_http-generator: Drupal 8 (https://www.drupal.org)
| http-methods: 
|_  Supported Methods: GET POST HEAD OPTIONS
| http-robots.txt: 22 disallowed entries 
| /core/ /profiles/ /README.txt /web.config /admin/ 
| /comment/reply/ /filter/tips /node/add/ /search/ /user/register/ 
| /user/password/ /user/login/ /user/logout/ /index.php/admin/ 
| /index.php/comment/reply/ /index.php/filter/tips /index.php/node/add/ 
| /index.php/search/ /index.php/user/password/ /index.php/user/register/ 
|_/index.php/user/login/ /index.php/user/logout/
|_http-server-header: Apache/2.4.62 (Unix) OpenSSL/1.1.1k
|_http-title: \xDA\xA9\xD9\x88\xD8\xB1 | \xD9\x88\xD8\xB2\xD8\xA7\xD8\xB1\xD8\xAA \xD8\xA7\xD9\x85\xD8\xB1 \xD8\xA8\xD8\xA7\xD8\xA7\xD9\x84\xD9\x85\xD8\xB9\xD8\xB1\xD9\x88\xD9\x81\xD8\x8C \xD9\x86\xD9\x87\xDB\x8C \xD8\xB9\xD9\x86 \xD8\xA7...
443/tcp  open     ssl/ssl    syn-ack ttl 47 Apache httpd (SSL-only mode)
|_http-generator: Drupal 8 (https://www.drupal.org)
| http-methods: 
|_  Supported Methods: GET POST HEAD OPTIONS
| http-robots.txt: 22 disallowed entries 
| /core/ /profiles/ /README.txt /web.config /admin/ 
| /comment/reply/ /filter/tips /node/add/ /search/ /user/register/ 
| /user/password/ /user/login/ /user/logout/ /index.php/admin/ 
| /index.php/comment/reply/ /index.php/filter/tips /index.php/node/add/ 
| /index.php/search/ /index.php/user/password/ /index.php/user/register/ 
|_/index.php/user/login/ /index.php/user/logout/
|_http-server-header: Apache/2.4.62 (Unix) OpenSSL/1.1.1k
|_http-title: \xDA\xA9\xD9\x88\xD8\xB1 | \xD9\x88\xD8\xB2\xD8\xA7\xD8\xB1\xD8\xAA \xD8\xA7\xD9\x85\xD8\xB1 \xD8\xA8\xD8\xA7\xD8\xA7\xD9\x84\xD9\x85\xD8\xB9\xD8\xB1\xD9\x88\xD9\x81\xD8\x8C \xD9\x86\xD9\x87\xDB\x8C \xD8\xB9\xD9\x86 \xD8\xA7...
| ssl-cert: Subject: commonName=www.mopvpe.gov.af
| Subject Alternative Name: DNS:mail.mopvpe.gov.af, DNS:mopvpe.gov.af, DNS:www.mopvpe.gov.af
| Issuer: commonName=E6/organizationName=Let's Encrypt/countryName=US
| Public Key type: ec
| Public Key bits: 256
| Signature Algorithm: ecdsa-with-SHA384
| Not valid before: 2025-05-26T03:15:07
| Not valid after:  2025-08-24T03:15:06
| MD5:   78e6 9059 5d5b ef49 9d35 db6b 3362 2968
| SHA-1: cf13 aabb f65f a0da 7808 a785 ee61 69da e87a 28e6
| -----BEGIN CERTIFICATE-----
| MIIDszCCAzmgAwIBAgISBh2HkEJ743j8a9J+MQPu8jMWMAoGCCqGSM49BAMDMDIx
| CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
| NjAeFw0yNTA1MjYwMzE1MDdaFw0yNTA4MjQwMzE1MDZaMBwxGjAYBgNVBAMTEXd3
| dy5tb3B2cGUuZ292LmFmMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEryswa8xz
| ZLo2yVi8MBOZyvtfrqzJklrQ4Vq2cpvP54jmu5jznp9Q2gPwOOP3xTm9WQ2jVipo
| ++I0agjqgK44TKOCAkMwggI/MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
| BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgJMCkhTi
| hyHuvWP6Cp/weWjwxUkwHwYDVR0jBBgwFoAUkydGmAOpUWiOmNbEQkjbI79YlNIw
| MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5v
| cmcvMD8GA1UdEQQ4MDaCEm1haWwubW9wdnBlLmdvdi5hZoINbW9wdnBlLmdvdi5h
| ZoIRd3d3Lm1vcHZwZS5nb3YuYWYwEwYDVR0gBAwwCjAIBgZngQwBAgEwLQYDVR0f
| BCYwJDAioCCgHoYcaHR0cDovL2U2LmMubGVuY3Iub3JnLzIzLmNybDCCAQUGCisG
| AQQB1nkCBAIEgfYEgfMA8QB3AKRCxQZJYGFUjw/U6pz7ei0mRU2HqX8v30VZ9idP
| OoRUAAABlwrLzXUAAAQDAEgwRgIhAJOxuqbuipdEbTO94+AfLHqVYOF0KYAwIJW1
| eP6JnWK6AiEAyttEJDGjE15ekdRLrChmXPr/vIruWRplq6yOL1DgsJ4AdgDM+w9q
| hXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAAAZcKy82LAAAEAwBHMEUCIQDl
| QCgxaSb5vURsfCBQq8wfeLgfcJfPVA5k0MzfAgWYbAIgcaz2qe4NAaicumQxdGIQ
| uwCKVmJBYFT4CQp0iRlYQe8wCgYIKoZIzj0EAwMDaAAwZQIwE3OMGxGrtWdUDoBr
| u23fif/Ycy5WGMVpxcWwBFu12BxmJfGSm5MFfICPv89mXhrvAjEAh5vozaV/sDGJ
| 9R5D41PZDur8s0kMIa1fAgXqYPFmJXPtcnzfLsC9kGzCcoSuKBr0
|_-----END CERTIFICATE-----
3306/tcp filtered mysql      no-response
8080/tcp filtered http-proxy no-response
 
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 02:24
Completed NSE at 02:24, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 44.23 seconds
           Raw packets sent: 7 (308B) | Rcvd: 3 (132B)

af@dictadura:$ nmap --script=vuln mopvpe.gov.af
Starting Nmap 7.80 ( https://nmap.org ) at 2025-02-09 20:56 CET
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for mopvpe.gov.af (103.132.98.224)
Host is up (0.25s latency).
Not shown: 989 filtered ports
PORT     STATE  SERVICE
22/tcp   closed ssh
25/tcp   open   smtp
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| ssl-dh-params: 
|   VULNERABLE:
|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use anonymous
|       Diffie-Hellman key exchange only provide protection against passive
|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
|       which could completely compromise the confidentiality and integrity
|       of any data exchanged over the resulting session.
|     Check results:
|       ANONYMOUS DH GROUP 1
|             Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: Unknown/Custom-generated
|             Modulus Length: 2048
|             Generator Length: 8
|             Public Key Length: 2048
|     References:
|_      https://www.ietf.org/rfc/rfc2246.txt
|_sslv2-drown: 
80/tcp   open   http
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
110/tcp  open   pop3
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_ssl-ccs-injection: ERROR: Script execution failed (use -d to debug)
|_ssl-dh-params: ERROR: Script execution failed (use -d to debug)
|_ssl-heartbleed: ERROR: Script execution failed (use -d to debug)
|_ssl-poodle: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: ERROR: Script execution failed (use -d to debug)
143/tcp  open   imap
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_ssl-ccs-injection: ERROR: Script execution failed (use -d to debug)
|_ssl-dh-params: ERROR: Script execution failed (use -d to debug)
|_ssl-heartbleed: ERROR: Script execution failed (use -d to debug)
|_ssl-poodle: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
443/tcp  open   https
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=mopvpe.gov.af
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: https://mopvpe.gov.af:443/
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/faq
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
|     Form id: shorten-current
|     Form action: /index.php/dr/%d8%b3%d9%81%d8%b1-%d9%87%db%8c%d8%a6%d8%aa-%d8%a8%d8%ae%d8%b4-%d9%86%d8%b8%d8%a7%d9%85%db%8c-%d9%88%d8%b2%d8%a7%d8%b1%d8%aa-%d8%a7%d9%85%d8%b1%d8%a8%d8%a7%d9%84%d9%85%d8%b9%d8%b1%d9%88%d9%81-%d8%a8%d9%87-%d9%88%d9%84%d8%a7%db%8c%d8%aa-%d8%af%d8%a7%db%8c%da%a9%d9%86%d8%af%db%8c
|     
|     Path: https://mopvpe.gov.af:443/dr/news
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/%d8%a7%d9%88%d9%82%d8%a7%d8%aa-%da%a9%d8%a7%d8%b1%db%8c
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/tenders
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/%d8%b3%d8%ae%d9%86%d8%b1%d8%a7%d9%86%db%8c-%d9%87%d8%a7
|     Form id: edit-keys
|     Form action: /dr/search
|     
|     Path: https://mopvpe.gov.af:443/dr/node/176
|     Form id: edit-keys
|_    Form action: /dr/search
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-sql-injection: ERROR: Script execution failed (use -d to debug)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-trace: TRACE is enabled
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
465/tcp  open   smtps
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
587/tcp  open   submission
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| ssl-dh-params: 
|   VULNERABLE:
|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use anonymous
|       Diffie-Hellman key exchange only provide protection against passive
|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
|       which could completely compromise the confidentiality and integrity
|       of any data exchanged over the resulting session.
|     Check results:
|       ANONYMOUS DH GROUP 1
|             Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: Unknown/Custom-generated
|             Modulus Length: 2048
|             Generator Length: 8
|             Public Key Length: 2048
|     References:
|_      https://www.ietf.org/rfc/rfc2246.txt
|_sslv2-drown: 
993/tcp  open   imaps
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
995/tcp  open   pop3s
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_sslv2-drown: 
2030/tcp open   device2
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
 
Nmap done: 1 IP address (1 host up) scanned in 457.71 seconds

HTTP TRACE está habilitado: Posible vulnerabilidad Impacto: Puede ser usado en ataques de Cross-Site Tracing (XST) para robar cookies o tokens de autenticación.

Posibles vulnerabilidades CSRF detectadas (muy vulnerable)

Impacto: Formularios en /dr/search podrían ser explotables mediante Cross-Site Request Forgery (CSRF).

SSL/TLS configuraciones débiles

SSLv2 DROWN Attack: Algunos puertos parecen ser vulnerables a DROWN (CVE-2016-0800).

configuraciones inseguras en TLS y HTTP