Wiki

Herramientas de usuario

Herramientas del sitio

Traza: nmap-vuln
rusia:gaceta:nmap-vuln

nmap_vuln_pcomunes_ru_rg.txt.gz

sudo nmap -Pn -p 20-23,69,139,137,445,53,443,80,8080,8443 -sV --script vuln rg.ru -oN nmap_vuln_pcomunes_ru_rg.txt

Servicios abiertos

gzip nmap_vuln_pcomunes_ru_rg.txt
gunzip -c nmap_vuln_pcomunes_ru_rg.txt.gz | grep -Ex '^[0-9]+\/.*open.*' | sed -E 's/ {2,}/ /g' | sort | uniq
137/tcp open netbios-ns?
139/tcp open netbios-ssn?
20/tcp open ftp-data?
21/tcp open ftp?
22/tcp open ssh?
23/tcp open telnet?
443/tcp open ssl/https QRATOR
445/tcp open microsoft-ds?
53/tcp open domain?
69/tcp open tftp?
8080/tcp open http-proxy?
80/tcp open http QRATOR
8443/tcp open https-alt?

Vemos que el tráfico HTTPS está siendo protegido o administrado por Qrator, como un intermediario seguro (similar a Cloudflare). 

sudo nmap -sU -p 69 rg.ru -oN tftp.txt
[sudo] contraseña para toor:            
Starting Nmap 7.80 ( https://nmap.org ) at 2025-04-14 03:30 CEST
Nmap scan report for rg.ru (185.65.148.114)
Host is up (0.12s latency).
 
PORT   STATE         SERVICE
69/udp open|filtered tftp
 
Nmap done: 1 IP address (1 host up) scanned in 1.78 seconds

Comprobamos si realmente está abierto tftp

tftp 185.65.148.114
tftp> ?
Commands may be abbreviated.  Commands are:
 
connect 	connect to remote tftp
mode    	set file transfer mode
put     	send file
get     	receive file
quit    	exit tftp
verbose 	toggle verbose mode
trace   	toggle packet tracing
status  	show current status
binary  	set mode to octet
ascii   	set mode to netascii
rexmt   	set per-packet retransmission timeout
timeout 	set total retransmission timeout
?       	print help information
tftp> status
Connected to 185.65.148.114.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp>

Vulnerabilidades encontradas

gunzip -c nmap_vuln_pcomunes_ru_rg.txt.gz | sed -nE '/VULNERABLE:/{n;p;n;p;n;p}' | sort | uniq
|     IDs:  CVE:CVE-2007-6750
|     State: LIKELY VULNERABLE
|   Slowloris DOS attack
rusia/gaceta/nmap-vuln.txt · Última modificación: 2025/04/14 03:52 por anonimo

Herramientas de la página

Excepto donde se indique lo contrario, el contenido de este wiki esta bajo la siguiente licencia: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki