Herramientas de usuario
eritrea:nmap
¡Esta es una revisión vieja del documento!
El gobierno de ésta nación tiene a su población oprimida, se deduce de cajón, al igual que en Corea del Norte viendo el rango de ips asignadas a todo el país, por ello haré un escaner a toda su red a ver si encuentro vulnerabilidades y es posible atacar a su gobierno, no puedo ir presencialmente y meter un palizón a sus opresores, así que, aunque sea poco pondré mi grano de arena. Hay quien dice que porqué lo hago si no me ha hecho nada, ésto no es más que una frase hecha, no tiene ningún sentido dar tiempo a un matón por el simple hecho de que el azar no te haya puesto enfrente de él
Hacemos el escaner a todas las ips asignadas al país, que son 4096 (que sale de 2^(32-20))
sudo nmap -A -Pn -v 196.200.96.0/20 -oN eritrea
Volvemos un poco más legible el fichero
cat eritrea | sed -n '/.*scan report for.*/,/^$/p' > nmap_er.txt
Servicios abiertos
cat nmap_er.txt | grep -Ex '^[0-9]+\/.*open.*' | sed -E 's/ {2,}/ /g' | sort | uniq 110/tcp open pop3 Dovecot pop3d 1111/tcp open lmsocialserver? 1111/tcp open ssl/lmsocialserver? 1114/tcp open ssl/mini-sql? 111/tcp open rpcbind 2-4 (RPC #100000) 143/tcp open imap Dovecot imapd 1723/tcp open pptp? 21/tcp open ftp Pure-FTPd 21/tcp open ftp vsftpd 2.0.8 or later 21/tcp open ftp vsftpd (before 2.0.8) or WU-FTPD 21/tcp open tcpwrapped 2222/tcp open ssh OpenSSH 7.4 (protocol 2.0) 2222/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) 2222/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.11 (Ubuntu Linux; protocol 2.0) 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.11 (Ubuntu Linux; protocol 2.0) 22/tcp open ssh (protocol 2.0) 22/tcp open tcpwrapped 23/tcp open telnet Huawei switch telnetd 25/tcp open smtp? 3306/tcp open mysql MySQL (unauthorized) 3389/tcp open ms-wbt-server? 3389/tcp open ms-wbt-server xrdp 443/tcp open https? 443/tcp open ssl/http Apache httpd 443/tcp open ssl/http Apache httpd 2.4.52 ((Ubuntu)) 443/tcp open ssl/http SonicWALL firewall http config 465/tcp open ssl/smtp Exim smtpd 4.98.1 5050/tcp open mmcc? 53/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7) 53/tcp open domain ISC BIND 9.18.18-1+ubuntu22.04.1+isc+1 (Ubuntu Linux) 53/tcp open domain ISC BIND 9.18.21-1+ubuntu22.04.1+deb.sury.org+1 (Ubuntu Linux) 587/tcp open smtp Exim smtpd 4.98.1 6789/tcp open ms-wbt-server Microsoft Terminal Services 80/tcp open http 80/tcp open http? 80/tcp open http Apache httpd 80/tcp open http Fortinet security device httpd 80/tcp open http HTTP Server 1.0 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 80/tcp open ssl/http? 8443/tcp open ssl/https-alt HTTP Server 1.0 9090/tcp open zeus-admin? 993/tcp open imaps? 995/tcp open pop3s?
Servicios cerrados
cat nmap_er.txt | grep -Ex '^[0-9]+\/.*closed.*' | sed -E 's/ {2,}/ /g' | sort | uniq 1078/tcp closed avocent-proxy 113/tcp closed ident 16001/tcp closed fmsascon 179/tcp closed bgp 20000/tcp closed dnp 3000/tcp closed ppp 3003/tcp closed cgms 3030/tcp closed arepa-cas 3367/tcp closed satvid-datalnk 4126/tcp closed ddrepl 443/tcp closed https 49/tcp closed tacacs 5718/tcp closed dpm 6789/tcp closed ibm-db2-admin
Hosts up con todos los puertos filtrados
cat nmap_er.txt | grep -Ex '.*are filtered.*' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > hosts_up_er_ports_filtered.txt
Hosts que no tienen todos los puertos filtrados (restamos las diferencias entre un fichero y otro)
grep -v -F -f hosts_up_er_ports_filtered.txt ips_up_er.txt | sed 'N;N;N;N;s/\n/ /g' 196.200.96.0 196.200.96.1 196.200.96.2 196.200.96.3 196.200.96.4 196.200.96.4 196.200.96.6 31.4.242.184 196.200.96.7 2.6.18.8 2.6.18.8 2.6.20.6 196.200.96.8 2.6.18.8 2.6.18.8 2.6.20.6 196.200.96.9 196.200.96.10 196.200.96.11 196.200.96.12 196.200.96.13 196.200.96.16 196.200.96.17 196.200.96.18 196.200.96.19 196.200.96.20 196.200.96.21 196.200.96.22 196.200.96.23 196.200.96.24 196.200.96.25 2.6.18.8 2.6.18.8 2.6.20.6 196.200.96.26 196.200.96.27 196.200.96.28 196.200.96.29 196.200.96.30 196.200.96.31 196.200.96.32 196.200.96.33 196.200.96.34 196.200.96.36 196.200.96.37 196.200.96.38 196.200.96.38 192.168.90.1 192.168.90.2 192.168.91.1 192.168.90.1 192.168.90.2 192.168.91.1 196.200.96.39 196.200.96.40 196.200.96.41 196.200.96.41 196.200.96.42 196.200.96.42 196.200.96.43 196.200.96.45 196.200.96.46 6.1.2.0 192.168.168.168 192.168.168.168 196.200.96.136 196.200.96.137
grep -v -F -f hosts_up_er_ports_filtered.txt ips_up_er.txt > hosts_up_er_no_all_ports_filtered.txt
Escaneo de vulnerabilidades (lo hacemos a la lista de hosts que no tienen todos los puertos filtrados)
nmap -Pn -n --script "vuln" -iL hosts_up_er_no_all_ports_filtered.txt -oN nmap_vuln_er_hosts_no_all_ports_filtered.txt
Hosts con vulnerabilidades
cat nmap_vuln_er_hosts_no_all_ports_filtered.txt | sed -n '/.*scan report for.*/,/^$/p' | sed -n '/./{H;d}; x; /VULNERABLE/!d; p' Nmap scan report for 196.200.96.6 Host is up (0.53s latency). Not shown: 983 closed ports PORT STATE SERVICE 21/tcp open ftp |_clamav-exec: ERROR: Script execution failed (use -d to debug) | ssl-dh-params: | VULNERABLE: | Anonymous Diffie-Hellman Key Exchange MitM Vulnerability | State: VULNERABLE | Transport Layer Security (TLS) services that use anonymous | Diffie-Hellman key exchange only provide protection against passive | eavesdropping, and are vulnerable to active man-in-the-middle attacks | which could completely compromise the confidentiality and integrity | of any data exchanged over the resulting session. | Check results: | ANONYMOUS DH GROUP 1 | Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 | Modulus Type: Non-safe prime | Modulus Source: RFC5114/2048-bit DSA group with 256-bit prime order subgroup | Modulus Length: 2048 | Generator Length: 2048 | Public Key Length: 2048 | References: |_ https://www.ietf.org/rfc/rfc2246.txt |_sslv2-drown: 22/tcp open ssh |_clamav-exec: ERROR: Script execution failed (use -d to debug) 25/tcp open smtp |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: 53/tcp filtered domain 80/tcp open http |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) 110/tcp open pop3 |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_ssl-poodle: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: ERROR: Script execution failed (use -d to debug) 111/tcp open rpcbind |_clamav-exec: ERROR: Script execution failed (use -d to debug) 139/tcp filtered netbios-ssn 143/tcp open imap |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_ssl-dh-params: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: 259/tcp filtered esro-gen 443/tcp open https |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-passwd: ERROR: Script execution failed (use -d to debug) |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_sslv2-drown: 465/tcp open smtps |_clamav-exec: ERROR: Script execution failed (use -d to debug) | smtp-vuln-cve2010-4344: |_ The SMTP server is not Exim: NOT VULNERABLE |_sslv2-drown: 587/tcp open submission |_clamav-exec: ERROR: Script execution failed (use -d to debug) | smtp-vuln-cve2010-4344: |_ The SMTP server is not Exim: NOT VULNERABLE |_sslv2-drown: 646/tcp filtered ldp 993/tcp open imaps |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: 995/tcp open pop3s |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: 3306/tcp open mysql |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_mysql-vuln-cve2012-2122: ERROR: Script execution failed (use -d to debug) Nmap scan report for 196.200.96.11 Host is up (0.33s latency). Not shown: 995 filtered ports PORT STATE SERVICE 21/tcp open ftp |_clamav-exec: ERROR: Script execution failed (use -d to debug) | ssl-dh-params: | VULNERABLE: | Anonymous Diffie-Hellman Key Exchange MitM Vulnerability | State: VULNERABLE | Transport Layer Security (TLS) services that use anonymous | Diffie-Hellman key exchange only provide protection against passive | eavesdropping, and are vulnerable to active man-in-the-middle attacks | which could completely compromise the confidentiality and integrity | of any data exchanged over the resulting session. | Check results: | ANONYMOUS DH GROUP 1 | Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 | Modulus Type: Non-safe prime | Modulus Source: RFC5114/2048-bit DSA group with 256-bit prime order subgroup | Modulus Length: 2048 | Generator Length: 2048 | Public Key Length: 2048 | References: |_ https://www.ietf.org/rfc/rfc2246.txt |_sslv2-drown: 25/tcp open smtp |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: 49/tcp closed tacacs 80/tcp open http |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) 443/tcp open https |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: Nmap scan report for 196.200.96.18 Host is up (0.33s latency). Not shown: 994 filtered ports PORT STATE SERVICE 21/tcp open ftp |_clamav-exec: ERROR: Script execution failed (use -d to debug) | ssl-dh-params: | VULNERABLE: | Anonymous Diffie-Hellman Key Exchange MitM Vulnerability | State: VULNERABLE | Transport Layer Security (TLS) services that use anonymous | Diffie-Hellman key exchange only provide protection against passive | eavesdropping, and are vulnerable to active man-in-the-middle attacks | which could completely compromise the confidentiality and integrity | of any data exchanged over the resulting session. | Check results: | ANONYMOUS DH GROUP 1 | Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 | Modulus Type: Non-safe prime | Modulus Source: RFC5114/2048-bit DSA group with 256-bit prime order subgroup | Modulus Length: 2048 | Generator Length: 2048 | Public Key Length: 2048 | References: |_ https://www.ietf.org/rfc/rfc2246.txt |_sslv2-drown: 25/tcp open smtp |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: 49/tcp closed tacacs 80/tcp open http |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) 179/tcp closed bgp 443/tcp open https |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: Nmap scan report for 196.200.96.29 Host is up (0.33s latency). Not shown: 995 filtered ports PORT STATE SERVICE 49/tcp closed tacacs 80/tcp open http |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_http-vuln-wnr1000-creds: ERROR: Script execution failed (use -d to debug) 179/tcp closed bgp 443/tcp open https |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_sslv2-drown: 6789/tcp closed ibm-db2-admin Nmap scan report for 196.200.96.38 Host is up (0.34s latency). Not shown: 994 filtered ports PORT STATE SERVICE 80/tcp open http |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) 443/tcp open https |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug) |_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug) |_http-passwd: ERROR: Script execution failed (use -d to debug) |_http-passwd: ERROR: Script execution failed (use -d to debug) | http-phpmyadmin-dir-traversal: | VULNERABLE: | phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion | State: UNKNOWN (unable to test) | IDs: CVE:CVE-2005-3299 | PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | | Disclosure date: 2005-10-nil | Extra information: | ../../../../../etc/passwd : | <!doctype html> | <html lang="en"> | <head> | <meta http-equiv="Content-type" content="text/html; charset=utf-8"/> | <title>Tesla Energy Powerpack</title> | <meta name="description" content=""> | <meta name="author" content=""> | <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> | <base href="/"> | <link rel="shortcut icon" href="favicon.ico"></head> | <body> | <div id="root" /> | <script type="text/javascript" src="app.js"></script></body> | </html> | | References: | http://www.exploit-db.com/exploits/1244/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299 | http-phpmyadmin-dir-traversal: | VULNERABLE: | phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion | State: UNKNOWN (unable to test) | IDs: CVE:CVE-2005-3299 | PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | | Disclosure date: 2005-10-nil | Extra information: | ../../../../../etc/passwd : | <!doctype html> | <html lang="en"> | <head> | <meta http-equiv="Content-type" content="text/html; charset=utf-8"/> | <title>Tesla Energy Powerpack</title> | <meta name="description" content=""> | <meta name="author" content=""> | <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> | <base href="/"> | <link rel="shortcut icon" href="favicon.ico"></head> | <body> | <div id="root" /> | <script type="text/javascript" src="app.js"></script></body> | </html> | | References: | http://www.exploit-db.com/exploits/1244/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299 | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. | http-vuln-cve2010-0738: |_ /jmx-console/: Authentication was not required |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug) | ssl-cert-intaddr: | X509v3 Subject Alternative Name: | 192.168.90.1 | 192.168.90.2 |_ 192.168.91.1 | ssl-cert-intaddr: | X509v3 Subject Alternative Name: | 192.168.90.1 | 192.168.90.2 |_ 192.168.91.1 |_sslv2-drown: |_sslv2-drown: 1111/tcp open lmsocialserver |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) | ssl-cert-intaddr: | X509v3 Subject Alternative Name: | 192.168.90.1 | 192.168.90.2 |_ 192.168.91.1 | ssl-cert-intaddr: | X509v3 Subject Alternative Name: | 192.168.90.1 | 192.168.90.2 |_ 192.168.91.1 |_sslv2-drown: |_sslv2-drown: 1114/tcp open mini-sql |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) | ssl-cert-intaddr: | X509v3 Subject Alternative Name: | 192.168.90.1 | 192.168.90.2 |_ 192.168.91.1 | ssl-cert-intaddr: | X509v3 Subject Alternative Name: | 192.168.90.1 | 192.168.90.2 |_ 192.168.91.1 |_sslv2-drown: |_sslv2-drown: 3389/tcp open ms-wbt-server |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_ssl-ccs-injection: No reply from server (TIMEOUT) |_ssl-ccs-injection: No reply from server (TIMEOUT) |_sslv2-drown: |_sslv2-drown: 20000/tcp closed dnp Nmap scan report for 196.200.96.41 Host is up (0.56s latency). Not shown: 992 closed ports PORT STATE SERVICE 21/tcp open ftp |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_ftp-libopie: ERROR: Script execution failed (use -d to debug) |_sslv2-drown: |_sslv2-drown: 22/tcp open ssh |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) 23/tcp open telnet |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) 25/tcp filtered smtp 80/tcp open http |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) 139/tcp filtered netbios-ssn 646/tcp filtered ldp 8443/tcp open https-alt |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_clamav-exec: ERROR: Script execution failed (use -d to debug) |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug) | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 | http-vuln-cve2011-3368: | VULNERABLE: | Apache mod_proxy Reverse Proxy Security Bypass | State: VULNERABLE | IDs: CVE:CVE-2011-3368 BID:49957 | An exposure was reported affecting the use of Apache HTTP Server in | reverse proxy mode. The exposure could inadvertently expose internal | servers to remote users who send carefully crafted requests. | Disclosure date: 2011-10-05 | References: | https://www.securityfocus.com/bid/49957 |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 | http-vuln-cve2011-3368: | VULNERABLE: | Apache mod_proxy Reverse Proxy Security Bypass | State: VULNERABLE | IDs: CVE:CVE-2011-3368 BID:49957 | An exposure was reported affecting the use of Apache HTTP Server in | reverse proxy mode. The exposure could inadvertently expose internal | servers to remote users who send carefully crafted requests. | Disclosure date: 2011-10-05 | References: | https://www.securityfocus.com/bid/49957 |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) |_ssl-ccs-injection: No reply from server (TIMEOUT) |_sslv2-drown: |_sslv2-drown:
eritrea/nmap.1742782315.txt.gz · Última modificación: 2025/03/24 03:11 por anonimo
Herramientas de la página
Excepto donde se indique lo contrario, el contenido de este wiki esta bajo la siguiente licencia: CC Attribution 4.0 International
