API tools faq
paste
NSAFROG

www.rhinohornauction.com auit report. #NFA

NSAFROG
Aug 11th, 2017
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.66 KB | None | 0 0
raw download clone embed print report
  1. Auditing for: www.rhinohornauction.com.
  2. #####################################################
  3. @NFAGov
  4. #NFA
  5.  
  6. | Target Information:
  7. Server/OS: HP P2000 G3 NAS Device.
  8. Server(WEB) IP: 129.232.249.181
  9. CMS Type: SemiColonWeb
  10. Server Type: Apache
  11. MX Info:
  12. origin = ns1.host-h.net
  13. mail addr = postmaster.your-server.co.za
  14. serial = 2017060702
  15. refresh = 86400
  16. retry = 1800
  17. expire = 3600000
  18. minimum = 86400
  19. ---------------------------------------
  20. ===============OPEN Ports==============
  21. [ PORT ] | [TYPE]
  22. ---------------------------------------
  23. 143 | SSL/HTTPS
  24. 995 | Transport Layer Security(TLS)
  25. 21 | FTP
  26. 80 | HTTP/WEB
  27. 587 | SMTP
  28. 110 | POP3
  29. 993 | IMAP
  30. 25 | SMTP
  31. 443 | HTTPS
  32. 22 | SSH
  33. 465 | SMTP
  34. ===============================================
  35. -----------VULNERABILITIES---------------------
  36. ===============================================
  37. http-csrf:
  38. Path: http://www.rhinohornauction.com:80/
  39. Form id: template-contactform
  40. Form action: include/sendemail.php
  41. ============================================
  42. -----------NETWORK VULNERABILITIES----------
  43. ============================================
  44. 110/tcp open pop3
  45. | ssl-poodle:
  46. | VULNERABLE:
  47. | SSL POODLE information leak
  48. | State: LIKELY VULNERABLE
  49. | IDs: OSVDB:113251 CVE:CVE-2014-3566
  50. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
  51. | products, uses nondeterministic CBC padding, which makes it easier
  52. | for man-in-the-middle attackers to obtain cleartext data via a
  53. | padding-oracle attack, aka the "POODLE" issue.
  54. | Disclosure date: 2014-10-14
  55. | Check results:
  56. | TLS_RSA_WITH_AES_128_CBC_SHA
  57. | TLS_FALLBACK_SCSV properly implemented
  58. | References:
  59. | https://www.imperialviolet.org/2014/10/14/poodle.html
  60. | https://www.openssl.org/~bodo/ssl-poodle.pdf
  61. | http://osvdb.org/113251
  62. |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
  63. 143/tcp open imap
  64. | ssl-poodle:
  65. | VULNERABLE:
  66. | SSL POODLE information leak
  67. | State: LIKELY VULNERABLE
  68. | IDs: OSVDB:113251 CVE:CVE-2014-3566
  69. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
  70. | products, uses nondeterministic CBC padding, which makes it easier
  71. | for man-in-the-middle attackers to obtain cleartext data via a
  72. | padding-oracle attack, aka the "POODLE" issue.
  73. | Disclosure date: 2014-10-14
  74. | Check results:
  75. | TLS_RSA_WITH_AES_128_CBC_SHA
  76. | TLS_FALLBACK_SCSV properly implemented
  77. | References:
  78. | https://www.imperialviolet.org/2014/10/14/poodle.html
  79. | https://www.openssl.org/~bodo/ssl-poodle.pdf
  80. | http://osvdb.org/113251
  81. |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
  82. 993/tcp open imaps
  83. | ssl-poodle:
  84. | VULNERABLE:
  85. | SSL POODLE information leak
  86. | State: LIKELY VULNERABLE
  87. | IDs: OSVDB:113251 CVE:CVE-2014-3566
  88. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
  89. | products, uses nondeterministic CBC padding, which makes it easier
  90. | for man-in-the-middle attackers to obtain cleartext data via a
  91. | padding-oracle attack, aka the "POODLE" issue.
  92. | Disclosure date: 2014-10-14
  93. | Check results:
  94. | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  95. | TLS_FALLBACK_SCSV properly implemented
  96. | References:
  97. | https://www.imperialviolet.org/2014/10/14/poodle.html
  98. | https://www.openssl.org/~bodo/ssl-poodle.pdf
  99. | http://osvdb.org/113251
  100. |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
  101. 995/tcp open pop3s
  102. | ssl-poodle:
  103. | VULNERABLE:
  104. | SSL POODLE information leak
  105. | State: LIKELY VULNERABLE
  106. | IDs: OSVDB:113251 CVE:CVE-2014-3566
  107. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
  108. | products, uses nondeterministic CBC padding, which makes it easier
  109. | for man-in-the-middle attackers to obtain cleartext data via a
  110. | padding-oracle attack, aka the "POODLE" issue.
  111. | Disclosure date: 2014-10-14
  112. | Check results:
  113. | TLS_RSA_WITH_AES_128_CBC_SHA
  114. | TLS_FALLBACK_SCSV properly implemented
  115. | References:
  116. | https://www.imperialviolet.org/2014/10/14/poodle.html
  117. | https://www.openssl.org/~bodo/ssl-poodle.pdf
  118. | http://osvdb.org/113251
  119. |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
  120. ===================================================================
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!