Advertisement
GlobalHell2K17

Russian Site - 80.66.87.49

Apr 5th, 2019
471
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.07 KB | None | 0 0
  1. # Nmap 7.70 scan initiated Fri Apr 5 03:04:14 2019 as: nmap -T4 -A -v -Pn -PS --script vuln -sV --traceroute -oN /root/Desktop/Russian.txt 80.66.87.49
  2. Nmap scan report for money-batmobileauto.ru (80.66.87.49)
  3. Host is up (0.24s latency).
  4. Not shown: 982 closed ports
  5. PORT STATE SERVICE VERSION
  6. 21/tcp filtered ftp
  7. 22/tcp filtered ssh
  8. 25/tcp open smtp Exim smtpd 4.91
  9. | smtp-vuln-cve2010-4344:
  10. | Exim version: 4.91
  11. | Exim heap overflow vulnerability (CVE-2010-4344):
  12. | Exim (CVE-2010-4344): NOT VULNERABLE
  13. | Exim privileges escalation vulnerability (CVE-2010-4345):
  14. | Exim (CVE-2010-4345): NOT VULNERABLE
  15. |_ To confirm and exploit the vulnerabilities, run with --script-args='smtp-vuln-cve2010-4344.exploit'
  16. | ssl-poodle:
  17. | VULNERABLE:
  18. | SSL POODLE information leak
  19. | State: LIKELY VULNERABLE
  20. | IDs: OSVDB:113251 CVE:CVE-2014-3566
  21. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
  22. | products, uses nondeterministic CBC padding, which makes it easier
  23. | for man-in-the-middle attackers to obtain cleartext data via a
  24. | padding-oracle attack, aka the "POODLE" issue.
  25. | Disclosure date: 2014-10-14
  26. | Check results:
  27. | TLS_RSA_WITH_AES_128_CBC_SHA
  28. | TLS_FALLBACK_SCSV properly implemented
  29. | References:
  30. | https://www.imperialviolet.org/2014/10/14/poodle.html
  31. | http://osvdb.org/113251
  32. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
  33. |_ https://www.openssl.org/~bodo/ssl-poodle.pdf
  34. |_sslv2-drown:
  35. 53/tcp open domain (unknown banner: get lost)
  36. | fingerprint-strings:
  37. | DNSVersionBindReqTCP:
  38. | version
  39. | bind
  40. |_ lost
  41. 80/tcp open http nginx
  42. |_http-csrf: Couldn't find any CSRF vulnerabilities.
  43. |_http-dombased-xss: Couldn't find any DOM based XSS.
  44. | http-enum:
  45. | /webmail/: Mail folder (401 Unauthorized)
  46. |_ /icons/: Potentially interesting folder w/ directory listing
  47. |_http-passwd: ERROR: Script execution failed (use -d to debug)
  48. |_http-server-header: nginx
  49. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  50. 110/tcp open pop3 Dovecot pop3d
  51. | ssl-dh-params:
  52. | VULNERABLE:
  53. | Diffie-Hellman Key Exchange Insufficient Group Strength
  54. | State: VULNERABLE
  55. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
  56. | of insufficient strength, especially those using one of a few commonly
  57. | shared groups, may be susceptible to passive eavesdropping attacks.
  58. | Check results:
  59. | WEAK DH GROUP 1
  60. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  61. | Modulus Type: Safe prime
  62. | Modulus Source: Unknown/Custom-generated
  63. | Modulus Length: 1024
  64. | Generator Length: 8
  65. | Public Key Length: 1024
  66. | References:
  67. |_ https://weakdh.org
  68. |_sslv2-drown:
  69. 143/tcp open imap Dovecot imapd
  70. | ssl-dh-params:
  71. | VULNERABLE:
  72. | Diffie-Hellman Key Exchange Insufficient Group Strength
  73. | State: VULNERABLE
  74. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
  75. | of insufficient strength, especially those using one of a few commonly
  76. | shared groups, may be susceptible to passive eavesdropping attacks.
  77. | Check results:
  78. | WEAK DH GROUP 1
  79. | Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA
  80. | Modulus Type: Safe prime
  81. | Modulus Source: Unknown/Custom-generated
  82. | Modulus Length: 1024
  83. | Generator Length: 8
  84. | Public Key Length: 1024
  85. | References:
  86. |_ https://weakdh.org
  87. |_sslv2-drown:
  88. 443/tcp open ssl/http nginx
  89. |_http-csrf: Couldn't find any CSRF vulnerabilities.
  90. |_http-dombased-xss: Couldn't find any DOM based XSS.
  91. |_http-server-header: nginx
  92. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  93. |_sslv2-drown:
  94. 465/tcp open ssl/smtp Exim smtpd 4.91
  95. |_sslv2-drown:
  96. 587/tcp filtered submission
  97. 993/tcp open ssl/imaps?
  98. | ssl-dh-params:
  99. | VULNERABLE:
  100. | Diffie-Hellman Key Exchange Insufficient Group Strength
  101. | State: VULNERABLE
  102. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
  103. | of insufficient strength, especially those using one of a few commonly
  104. | shared groups, may be susceptible to passive eavesdropping attacks.
  105. | Check results:
  106. | WEAK DH GROUP 1
  107. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  108. | Modulus Type: Safe prime
  109. | Modulus Source: Unknown/Custom-generated
  110. | Modulus Length: 1024
  111. | Generator Length: 8
  112. | Public Key Length: 1024
  113. | References:
  114. |_ https://weakdh.org
  115. |_sslv2-drown:
  116. 995/tcp open ssl/pop3s?
  117. | ssl-dh-params:
  118. | VULNERABLE:
  119. | Diffie-Hellman Key Exchange Insufficient Group Strength
  120. | State: VULNERABLE
  121. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
  122. | of insufficient strength, especially those using one of a few commonly
  123. | shared groups, may be susceptible to passive eavesdropping attacks.
  124. | Check results:
  125. | WEAK DH GROUP 1
  126. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  127. | Modulus Type: Safe prime
  128. | Modulus Source: Unknown/Custom-generated
  129. | Modulus Length: 1024
  130. | Generator Length: 8
  131. | Public Key Length: 1024
  132. | References:
  133. |_ https://weakdh.org
  134. |_sslv2-drown:
  135. 1010/tcp open ssl/surf?
  136. | ssl-dh-params:
  137. | VULNERABLE:
  138. | Diffie-Hellman Key Exchange Insufficient Group Strength
  139. | State: VULNERABLE
  140. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
  141. | of insufficient strength, especially those using one of a few commonly
  142. | shared groups, may be susceptible to passive eavesdropping attacks.
  143. | Check results:
  144. | WEAK DH GROUP 1
  145. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  146. | Modulus Type: Safe prime
  147. | Modulus Source: Unknown/Custom-generated
  148. | Modulus Length: 1024
  149. | Generator Length: 8
  150. | Public Key Length: 1024
  151. | References:
  152. |_ https://weakdh.org
  153. |_sslv2-drown:
  154. 3030/tcp open smtp cbdev cmail smtpd
  155. | smtp-vuln-cve2010-4344:
  156. |_ The SMTP server is not Exim: NOT VULNERABLE
  157. |_sslv2-drown:
  158. 3306/tcp open mysql MySQL 5.5.62
  159. 8080/tcp open http Apache httpd
  160. |_http-csrf: Couldn't find any CSRF vulnerabilities.
  161. |_http-dombased-xss: Couldn't find any DOM based XSS.
  162. | http-enum:
  163. | /webmail/: Mail folder (401 Unauthorized)
  164. |_ /icons/: Potentially interesting folder w/ directory listing
  165. |_http-passwd: ERROR: Script execution failed (use -d to debug)
  166. |_http-server-header: Apache
  167. | http-slowloris-check:
  168. | VULNERABLE:
  169. | Slowloris DOS attack
  170. | State: LIKELY VULNERABLE
  171. | IDs: CVE:CVE-2007-6750
  172. | Slowloris tries to keep many connections to the target web server open and hold
  173. | them open as long as possible. It accomplishes this by opening connections to
  174. | the target web server and sending a partial request. By doing so, it starves
  175. | the http server's resources causing Denial Of Service.
  176. |
  177. | Disclosure date: 2009-09-17
  178. | References:
  179. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
  180. |_ http://ha.ckers.org/slowloris/
  181. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  182. 8083/tcp open http nginx
  183. |_http-csrf: Couldn't find any CSRF vulnerabilities.
  184. |_http-dombased-xss: Couldn't find any DOM based XSS.
  185. |_http-passwd: ERROR: Script execution failed (use -d to debug)
  186. |_http-server-header: nginx
  187. | http-slowloris-check:
  188. | VULNERABLE:
  189. | Slowloris DOS attack
  190. | State: LIKELY VULNERABLE
  191. | IDs: CVE:CVE-2007-6750
  192. | Slowloris tries to keep many connections to the target web server open and hold
  193. | them open as long as possible. It accomplishes this by opening connections to
  194. | the target web server and sending a partial request. By doing so, it starves
  195. | the http server's resources causing Denial Of Service.
  196. |
  197. | Disclosure date: 2009-09-17
  198. | References:
  199. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
  200. |_ http://ha.ckers.org/slowloris/
  201. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  202. 8443/tcp open ssl/https-alt?
  203. |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
  204. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
  205. | ssl-dh-params:
  206. | VULNERABLE:
  207. | Diffie-Hellman Key Exchange Insufficient Group Strength
  208. | State: VULNERABLE
  209. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
  210. | of insufficient strength, especially those using one of a few commonly
  211. | shared groups, may be susceptible to passive eavesdropping attacks.
  212. | Check results:
  213. | WEAK DH GROUP 1
  214. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  215. | Modulus Type: Safe prime
  216. | Modulus Source: mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus
  217. | Modulus Length: 1024
  218. | Generator Length: 8
  219. | Public Key Length: 1024
  220. | References:
  221. |_ https://weakdh.org
  222. | ssl-poodle:
  223. | VULNERABLE:
  224. | SSL POODLE information leak
  225. | State: LIKELY VULNERABLE
  226. | IDs: OSVDB:113251 CVE:CVE-2014-3566
  227. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
  228. | products, uses nondeterministic CBC padding, which makes it easier
  229. | for man-in-the-middle attackers to obtain cleartext data via a
  230. | padding-oracle attack, aka the "POODLE" issue.
  231. | Disclosure date: 2014-10-14
  232. | Check results:
  233. | TLS_RSA_WITH_AES_128_CBC_SHA
  234. | TLS_FALLBACK_SCSV properly implemented
  235. | References:
  236. | https://www.imperialviolet.org/2014/10/14/poodle.html
  237. | http://osvdb.org/113251
  238. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
  239. |_ https://www.openssl.org/~bodo/ssl-poodle.pdf
  240. |_sslv2-drown:
  241. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  242. SF-Port53-TCP:V=7.70%I=7%D=4/5%Time=5CA6FE0E%P=x86_64-pc-linux-gnu%r(DNSVe
  243. SF:rsionBindReqTCP,43,"\0A\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x0
  244. SF:4bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\t\x08get\x20lost\xc0\
  245. SF:x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
  246. Aggressive OS guesses: Linux 2.6.32 (87%), Linux 2.6.32 or 3.10 (87%), Linux 2.6.39 (87%), Linux 3.10 - 3.12 (87%), Linux 3.4 (87%), Linux 3.5 (87%), Linux 4.2 (87%), Linux 4.4 (87%), Synology DiskStation Manager 5.1 (87%), WatchGuard Fireware 11.8 (87%)
  247. No exact OS matches for host (test conditions non-ideal).
  248. Uptime guess: 4.899 days (since Sun Mar 31 05:52:26 2019)
  249. Network Distance: 15 hops
  250. TCP Sequence Prediction: Difficulty=259 (Good luck!)
  251. IP ID Sequence Generation: All zeros
  252.  
  253. TRACEROUTE (using port 256/tcp)
  254. HOP RTT ADDRESS
  255. 1 2.77 ms chAdmin (192.168.0.1)
  256. 2 12.02 ms 142.254.153.173
  257. 3 11.82 ms agg62.clmboh5502h.midwest.rr.com (69.23.24.177)
  258. 4 18.23 ms agg24.clmcohib01r.midwest.rr.com (65.29.1.52)
  259. 5 24.31 ms be27.clevohek01r.midwest.rr.com (65.29.1.38)
  260. 6 40.05 ms bu-ether17.vinnva0510w-bcr00.tbone.rr.com (66.109.6.70)
  261. 7 28.79 ms 0.ae1.pr0.dca20.tbone.rr.com (66.109.6.167)
  262. 8 617.81 ms ge-7-1-6.pr0.chi10.tbone.rr.com (66.109.9.74)
  263. 9 ...
  264. 10 121.76 ms 62.67.36.230
  265. 11 200.13 ms ae4.nvsk-ar1.sib.ip.rostelecom.ru (213.228.109.53)
  266. 12 215.71 ms 213.228.72.50
  267. 13 208.36 ms atlas2.mega-com.ru (194.8.84.18)
  268. 14 ...
  269. 15 241.86 ms money-batmobileauto.ru (80.66.87.49)
  270.  
  271. Read data files from: /usr/bin/../share/nmap
  272. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  273. # Nmap done at Fri Apr 5 03:26:20 2019 -- 1 IP address (1 host up) scanned in 1326.13 seconds
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement