Russian Site - 80.66.87.49

1. # Nmap 7.70 scan initiated Fri Apr 5 03:04:14 2019 as: nmap -T4 -A -v -Pn -PS --script vuln -sV --traceroute -oN /root/Desktop/Russian.txt 80.66.87.49
2. Nmap scan report for money-batmobileauto.ru (80.66.87.49)
3. Host is up (0.24s latency).
4. Not shown: 982 closed ports
5. PORT STATE SERVICE VERSION
6. 21/tcp filtered ftp
7. 22/tcp filtered ssh
8. 25/tcp open smtp Exim smtpd 4.91
9. | smtp-vuln-cve2010-4344:
10. | Exim version: 4.91
11. | Exim heap overflow vulnerability (CVE-2010-4344):
12. | Exim (CVE-2010-4344): NOT VULNERABLE
13. | Exim privileges escalation vulnerability (CVE-2010-4345):
14. | Exim (CVE-2010-4345): NOT VULNERABLE
15. |_ To confirm and exploit the vulnerabilities, run with --script-args='smtp-vuln-cve2010-4344.exploit'
16. | ssl-poodle:
17. | VULNERABLE:
18. | SSL POODLE information leak
19. | State: LIKELY VULNERABLE
20. | IDs: OSVDB:113251 CVE:CVE-2014-3566
21. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
22. | products, uses nondeterministic CBC padding, which makes it easier
23. | for man-in-the-middle attackers to obtain cleartext data via a
24. | padding-oracle attack, aka the "POODLE" issue.
25. | Disclosure date: 2014-10-14
26. | Check results:
27. | TLS_RSA_WITH_AES_128_CBC_SHA
28. | TLS_FALLBACK_SCSV properly implemented
29. | References:
30. | https://www.imperialviolet.org/2014/10/14/poodle.html
31. | http://osvdb.org/113251
32. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
33. |_ https://www.openssl.org/~bodo/ssl-poodle.pdf
34. |_sslv2-drown:
35. 53/tcp open domain (unknown banner: get lost)
36. | fingerprint-strings:
37. | DNSVersionBindReqTCP:
38. | version
39. | bind
40. |_ lost
41. 80/tcp open http nginx
42. |_http-csrf: Couldn't find any CSRF vulnerabilities.
43. |_http-dombased-xss: Couldn't find any DOM based XSS.
44. | http-enum:
45. | /webmail/: Mail folder (401 Unauthorized)
46. |_ /icons/: Potentially interesting folder w/ directory listing
47. |_http-passwd: ERROR: Script execution failed (use -d to debug)
48. |_http-server-header: nginx
49. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
50. 110/tcp open pop3 Dovecot pop3d
51. | ssl-dh-params:
52. | VULNERABLE:
53. | Diffie-Hellman Key Exchange Insufficient Group Strength
54. | State: VULNERABLE
55. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
56. | of insufficient strength, especially those using one of a few commonly
57. | shared groups, may be susceptible to passive eavesdropping attacks.
58. | Check results:
59. | WEAK DH GROUP 1
60. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
61. | Modulus Type: Safe prime
62. | Modulus Source: Unknown/Custom-generated
63. | Modulus Length: 1024
64. | Generator Length: 8
65. | Public Key Length: 1024
66. | References:
67. |_ https://weakdh.org
68. |_sslv2-drown:
69. 143/tcp open imap Dovecot imapd
70. | ssl-dh-params:
71. | VULNERABLE:
72. | Diffie-Hellman Key Exchange Insufficient Group Strength
73. | State: VULNERABLE
74. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
75. | of insufficient strength, especially those using one of a few commonly
76. | shared groups, may be susceptible to passive eavesdropping attacks.
77. | Check results:
78. | WEAK DH GROUP 1
79. | Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA
80. | Modulus Type: Safe prime
81. | Modulus Source: Unknown/Custom-generated
82. | Modulus Length: 1024
83. | Generator Length: 8
84. | Public Key Length: 1024
85. | References:
86. |_ https://weakdh.org
87. |_sslv2-drown:
88. 443/tcp open ssl/http nginx
89. |_http-csrf: Couldn't find any CSRF vulnerabilities.
90. |_http-dombased-xss: Couldn't find any DOM based XSS.
91. |_http-server-header: nginx
92. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
93. |_sslv2-drown:
94. 465/tcp open ssl/smtp Exim smtpd 4.91
95. |_sslv2-drown:
96. 587/tcp filtered submission
97. 993/tcp open ssl/imaps?
98. | ssl-dh-params:
99. | VULNERABLE:
100. | Diffie-Hellman Key Exchange Insufficient Group Strength
101. | State: VULNERABLE
102. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
103. | of insufficient strength, especially those using one of a few commonly
104. | shared groups, may be susceptible to passive eavesdropping attacks.
105. | Check results:
106. | WEAK DH GROUP 1
107. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
108. | Modulus Type: Safe prime
109. | Modulus Source: Unknown/Custom-generated
110. | Modulus Length: 1024
111. | Generator Length: 8
112. | Public Key Length: 1024
113. | References:
114. |_ https://weakdh.org
115. |_sslv2-drown:
116. 995/tcp open ssl/pop3s?
117. | ssl-dh-params:
118. | VULNERABLE:
119. | Diffie-Hellman Key Exchange Insufficient Group Strength
120. | State: VULNERABLE
121. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
122. | of insufficient strength, especially those using one of a few commonly
123. | shared groups, may be susceptible to passive eavesdropping attacks.
124. | Check results:
125. | WEAK DH GROUP 1
126. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
127. | Modulus Type: Safe prime
128. | Modulus Source: Unknown/Custom-generated
129. | Modulus Length: 1024
130. | Generator Length: 8
131. | Public Key Length: 1024
132. | References:
133. |_ https://weakdh.org
134. |_sslv2-drown:
135. 1010/tcp open ssl/surf?
136. | ssl-dh-params:
137. | VULNERABLE:
138. | Diffie-Hellman Key Exchange Insufficient Group Strength
139. | State: VULNERABLE
140. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
141. | of insufficient strength, especially those using one of a few commonly
142. | shared groups, may be susceptible to passive eavesdropping attacks.
143. | Check results:
144. | WEAK DH GROUP 1
145. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
146. | Modulus Type: Safe prime
147. | Modulus Source: Unknown/Custom-generated
148. | Modulus Length: 1024
149. | Generator Length: 8
150. | Public Key Length: 1024
151. | References:
152. |_ https://weakdh.org
153. |_sslv2-drown:
154. 3030/tcp open smtp cbdev cmail smtpd
155. | smtp-vuln-cve2010-4344:
156. |_ The SMTP server is not Exim: NOT VULNERABLE
157. |_sslv2-drown:
158. 3306/tcp open mysql MySQL 5.5.62
159. 8080/tcp open http Apache httpd
160. |_http-csrf: Couldn't find any CSRF vulnerabilities.
161. |_http-dombased-xss: Couldn't find any DOM based XSS.
162. | http-enum:
163. | /webmail/: Mail folder (401 Unauthorized)
164. |_ /icons/: Potentially interesting folder w/ directory listing
165. |_http-passwd: ERROR: Script execution failed (use -d to debug)
166. |_http-server-header: Apache
167. | http-slowloris-check:
168. | VULNERABLE:
169. | Slowloris DOS attack
170. | State: LIKELY VULNERABLE
171. | IDs: CVE:CVE-2007-6750
172. | Slowloris tries to keep many connections to the target web server open and hold
173. | them open as long as possible. It accomplishes this by opening connections to
174. | the target web server and sending a partial request. By doing so, it starves
175. | the http server's resources causing Denial Of Service.
176. |
177. | Disclosure date: 2009-09-17
178. | References:
179. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
180. |_ http://ha.ckers.org/slowloris/
181. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
182. 8083/tcp open http nginx
183. |_http-csrf: Couldn't find any CSRF vulnerabilities.
184. |_http-dombased-xss: Couldn't find any DOM based XSS.
185. |_http-passwd: ERROR: Script execution failed (use -d to debug)
186. |_http-server-header: nginx
187. | http-slowloris-check:
188. | VULNERABLE:
189. | Slowloris DOS attack
190. | State: LIKELY VULNERABLE
191. | IDs: CVE:CVE-2007-6750
192. | Slowloris tries to keep many connections to the target web server open and hold
193. | them open as long as possible. It accomplishes this by opening connections to
194. | the target web server and sending a partial request. By doing so, it starves
195. | the http server's resources causing Denial Of Service.
196. |
197. | Disclosure date: 2009-09-17
198. | References:
199. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
200. |_ http://ha.ckers.org/slowloris/
201. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
202. 8443/tcp open ssl/https-alt?
203. |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
204. |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
205. | ssl-dh-params:
206. | VULNERABLE:
207. | Diffie-Hellman Key Exchange Insufficient Group Strength
208. | State: VULNERABLE
209. | Transport Layer Security (TLS) services that use Diffie-Hellman groups
210. | of insufficient strength, especially those using one of a few commonly
211. | shared groups, may be susceptible to passive eavesdropping attacks.
212. | Check results:
213. | WEAK DH GROUP 1
214. | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
215. | Modulus Type: Safe prime
216. | Modulus Source: mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus
217. | Modulus Length: 1024
218. | Generator Length: 8
219. | Public Key Length: 1024
220. | References:
221. |_ https://weakdh.org
222. | ssl-poodle:
223. | VULNERABLE:
224. | SSL POODLE information leak
225. | State: LIKELY VULNERABLE
226. | IDs: OSVDB:113251 CVE:CVE-2014-3566
227. | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
228. | products, uses nondeterministic CBC padding, which makes it easier
229. | for man-in-the-middle attackers to obtain cleartext data via a
230. | padding-oracle attack, aka the "POODLE" issue.
231. | Disclosure date: 2014-10-14
232. | Check results:
233. | TLS_RSA_WITH_AES_128_CBC_SHA
234. | TLS_FALLBACK_SCSV properly implemented
235. | References:
236. | https://www.imperialviolet.org/2014/10/14/poodle.html
237. | http://osvdb.org/113251
238. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
239. |_ https://www.openssl.org/~bodo/ssl-poodle.pdf
240. |_sslv2-drown:
241. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
242. SF-Port53-TCP:V=7.70%I=7%D=4/5%Time=5CA6FE0E%P=x86_64-pc-linux-gnu%r(DNSVe
243. SF:rsionBindReqTCP,43,"\0A\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x0
244. SF:4bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\t\x08get\x20lost\xc0\
245. SF:x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
246. Aggressive OS guesses: Linux 2.6.32 (87%), Linux 2.6.32 or 3.10 (87%), Linux 2.6.39 (87%), Linux 3.10 - 3.12 (87%), Linux 3.4 (87%), Linux 3.5 (87%), Linux 4.2 (87%), Linux 4.4 (87%), Synology DiskStation Manager 5.1 (87%), WatchGuard Fireware 11.8 (87%)
247. No exact OS matches for host (test conditions non-ideal).
248. Uptime guess: 4.899 days (since Sun Mar 31 05:52:26 2019)
249. Network Distance: 15 hops
250. TCP Sequence Prediction: Difficulty=259 (Good luck!)
251. IP ID Sequence Generation: All zeros
252.  
253. TRACEROUTE (using port 256/tcp)
254. HOP RTT ADDRESS
255. 1 2.77 ms chAdmin (192.168.0.1)
256. 2 12.02 ms 142.254.153.173
257. 3 11.82 ms agg62.clmboh5502h.midwest.rr.com (69.23.24.177)
258. 4 18.23 ms agg24.clmcohib01r.midwest.rr.com (65.29.1.52)
259. 5 24.31 ms be27.clevohek01r.midwest.rr.com (65.29.1.38)
260. 6 40.05 ms bu-ether17.vinnva0510w-bcr00.tbone.rr.com (66.109.6.70)
261. 7 28.79 ms 0.ae1.pr0.dca20.tbone.rr.com (66.109.6.167)
262. 8 617.81 ms ge-7-1-6.pr0.chi10.tbone.rr.com (66.109.9.74)
263. 9 ...
264. 10 121.76 ms 62.67.36.230
265. 11 200.13 ms ae4.nvsk-ar1.sib.ip.rostelecom.ru (213.228.109.53)
266. 12 215.71 ms 213.228.72.50
267. 13 208.36 ms atlas2.mega-com.ru (194.8.84.18)
268. 14 ...
269. 15 241.86 ms money-batmobileauto.ru (80.66.87.49)
270.  
271. Read data files from: /usr/bin/../share/nmap
272. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
273. # Nmap done at Fri Apr 5 03:26:20 2019 -- 1 IP address (1 host up) scanned in 1326.13 seconds