Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Nmap 7.70 scan initiated Fri Apr 5 03:04:14 2019 as: nmap -T4 -A -v -Pn -PS --script vuln -sV --traceroute -oN /root/Desktop/Russian.txt 80.66.87.49
- Nmap scan report for money-batmobileauto.ru (80.66.87.49)
- Host is up (0.24s latency).
- Not shown: 982 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 25/tcp open smtp Exim smtpd 4.91
- | smtp-vuln-cve2010-4344:
- | Exim version: 4.91
- | Exim heap overflow vulnerability (CVE-2010-4344):
- | Exim (CVE-2010-4344): NOT VULNERABLE
- | Exim privileges escalation vulnerability (CVE-2010-4345):
- | Exim (CVE-2010-4345): NOT VULNERABLE
- |_ To confirm and exploit the vulnerabilities, run with --script-args='smtp-vuln-cve2010-4344.exploit'
- | ssl-poodle:
- | VULNERABLE:
- | SSL POODLE information leak
- | State: LIKELY VULNERABLE
- | IDs: OSVDB:113251 CVE:CVE-2014-3566
- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
- | products, uses nondeterministic CBC padding, which makes it easier
- | for man-in-the-middle attackers to obtain cleartext data via a
- | padding-oracle attack, aka the "POODLE" issue.
- | Disclosure date: 2014-10-14
- | Check results:
- | TLS_RSA_WITH_AES_128_CBC_SHA
- | TLS_FALLBACK_SCSV properly implemented
- | References:
- | https://www.imperialviolet.org/2014/10/14/poodle.html
- | http://osvdb.org/113251
- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
- |_ https://www.openssl.org/~bodo/ssl-poodle.pdf
- |_sslv2-drown:
- 53/tcp open domain (unknown banner: get lost)
- | fingerprint-strings:
- | DNSVersionBindReqTCP:
- | version
- | bind
- |_ lost
- 80/tcp open http nginx
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- | http-enum:
- | /webmail/: Mail folder (401 Unauthorized)
- |_ /icons/: Potentially interesting folder w/ directory listing
- |_http-passwd: ERROR: Script execution failed (use -d to debug)
- |_http-server-header: nginx
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- 110/tcp open pop3 Dovecot pop3d
- | ssl-dh-params:
- | VULNERABLE:
- | Diffie-Hellman Key Exchange Insufficient Group Strength
- | State: VULNERABLE
- | Transport Layer Security (TLS) services that use Diffie-Hellman groups
- | of insufficient strength, especially those using one of a few commonly
- | shared groups, may be susceptible to passive eavesdropping attacks.
- | Check results:
- | WEAK DH GROUP 1
- | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- | Modulus Type: Safe prime
- | Modulus Source: Unknown/Custom-generated
- | Modulus Length: 1024
- | Generator Length: 8
- | Public Key Length: 1024
- | References:
- |_ https://weakdh.org
- |_sslv2-drown:
- 143/tcp open imap Dovecot imapd
- | ssl-dh-params:
- | VULNERABLE:
- | Diffie-Hellman Key Exchange Insufficient Group Strength
- | State: VULNERABLE
- | Transport Layer Security (TLS) services that use Diffie-Hellman groups
- | of insufficient strength, especially those using one of a few commonly
- | shared groups, may be susceptible to passive eavesdropping attacks.
- | Check results:
- | WEAK DH GROUP 1
- | Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA
- | Modulus Type: Safe prime
- | Modulus Source: Unknown/Custom-generated
- | Modulus Length: 1024
- | Generator Length: 8
- | Public Key Length: 1024
- | References:
- |_ https://weakdh.org
- |_sslv2-drown:
- 443/tcp open ssl/http nginx
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-server-header: nginx
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- |_sslv2-drown:
- 465/tcp open ssl/smtp Exim smtpd 4.91
- |_sslv2-drown:
- 587/tcp filtered submission
- 993/tcp open ssl/imaps?
- | ssl-dh-params:
- | VULNERABLE:
- | Diffie-Hellman Key Exchange Insufficient Group Strength
- | State: VULNERABLE
- | Transport Layer Security (TLS) services that use Diffie-Hellman groups
- | of insufficient strength, especially those using one of a few commonly
- | shared groups, may be susceptible to passive eavesdropping attacks.
- | Check results:
- | WEAK DH GROUP 1
- | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- | Modulus Type: Safe prime
- | Modulus Source: Unknown/Custom-generated
- | Modulus Length: 1024
- | Generator Length: 8
- | Public Key Length: 1024
- | References:
- |_ https://weakdh.org
- |_sslv2-drown:
- 995/tcp open ssl/pop3s?
- | ssl-dh-params:
- | VULNERABLE:
- | Diffie-Hellman Key Exchange Insufficient Group Strength
- | State: VULNERABLE
- | Transport Layer Security (TLS) services that use Diffie-Hellman groups
- | of insufficient strength, especially those using one of a few commonly
- | shared groups, may be susceptible to passive eavesdropping attacks.
- | Check results:
- | WEAK DH GROUP 1
- | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- | Modulus Type: Safe prime
- | Modulus Source: Unknown/Custom-generated
- | Modulus Length: 1024
- | Generator Length: 8
- | Public Key Length: 1024
- | References:
- |_ https://weakdh.org
- |_sslv2-drown:
- 1010/tcp open ssl/surf?
- | ssl-dh-params:
- | VULNERABLE:
- | Diffie-Hellman Key Exchange Insufficient Group Strength
- | State: VULNERABLE
- | Transport Layer Security (TLS) services that use Diffie-Hellman groups
- | of insufficient strength, especially those using one of a few commonly
- | shared groups, may be susceptible to passive eavesdropping attacks.
- | Check results:
- | WEAK DH GROUP 1
- | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- | Modulus Type: Safe prime
- | Modulus Source: Unknown/Custom-generated
- | Modulus Length: 1024
- | Generator Length: 8
- | Public Key Length: 1024
- | References:
- |_ https://weakdh.org
- |_sslv2-drown:
- 3030/tcp open smtp cbdev cmail smtpd
- | smtp-vuln-cve2010-4344:
- |_ The SMTP server is not Exim: NOT VULNERABLE
- |_sslv2-drown:
- 3306/tcp open mysql MySQL 5.5.62
- 8080/tcp open http Apache httpd
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- | http-enum:
- | /webmail/: Mail folder (401 Unauthorized)
- |_ /icons/: Potentially interesting folder w/ directory listing
- |_http-passwd: ERROR: Script execution failed (use -d to debug)
- |_http-server-header: Apache
- | http-slowloris-check:
- | VULNERABLE:
- | Slowloris DOS attack
- | State: LIKELY VULNERABLE
- | IDs: CVE:CVE-2007-6750
- | Slowloris tries to keep many connections to the target web server open and hold
- | them open as long as possible. It accomplishes this by opening connections to
- | the target web server and sending a partial request. By doing so, it starves
- | the http server's resources causing Denial Of Service.
- |
- | Disclosure date: 2009-09-17
- | References:
- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
- |_ http://ha.ckers.org/slowloris/
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- 8083/tcp open http nginx
- |_http-csrf: Couldn't find any CSRF vulnerabilities.
- |_http-dombased-xss: Couldn't find any DOM based XSS.
- |_http-passwd: ERROR: Script execution failed (use -d to debug)
- |_http-server-header: nginx
- | http-slowloris-check:
- | VULNERABLE:
- | Slowloris DOS attack
- | State: LIKELY VULNERABLE
- | IDs: CVE:CVE-2007-6750
- | Slowloris tries to keep many connections to the target web server open and hold
- | them open as long as possible. It accomplishes this by opening connections to
- | the target web server and sending a partial request. By doing so, it starves
- | the http server's resources causing Denial Of Service.
- |
- | Disclosure date: 2009-09-17
- | References:
- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
- |_ http://ha.ckers.org/slowloris/
- |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
- 8443/tcp open ssl/https-alt?
- |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
- |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
- | ssl-dh-params:
- | VULNERABLE:
- | Diffie-Hellman Key Exchange Insufficient Group Strength
- | State: VULNERABLE
- | Transport Layer Security (TLS) services that use Diffie-Hellman groups
- | of insufficient strength, especially those using one of a few commonly
- | shared groups, may be susceptible to passive eavesdropping attacks.
- | Check results:
- | WEAK DH GROUP 1
- | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- | Modulus Type: Safe prime
- | Modulus Source: mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus
- | Modulus Length: 1024
- | Generator Length: 8
- | Public Key Length: 1024
- | References:
- |_ https://weakdh.org
- | ssl-poodle:
- | VULNERABLE:
- | SSL POODLE information leak
- | State: LIKELY VULNERABLE
- | IDs: OSVDB:113251 CVE:CVE-2014-3566
- | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
- | products, uses nondeterministic CBC padding, which makes it easier
- | for man-in-the-middle attackers to obtain cleartext data via a
- | padding-oracle attack, aka the "POODLE" issue.
- | Disclosure date: 2014-10-14
- | Check results:
- | TLS_RSA_WITH_AES_128_CBC_SHA
- | TLS_FALLBACK_SCSV properly implemented
- | References:
- | https://www.imperialviolet.org/2014/10/14/poodle.html
- | http://osvdb.org/113251
- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
- |_ https://www.openssl.org/~bodo/ssl-poodle.pdf
- |_sslv2-drown:
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
- SF-Port53-TCP:V=7.70%I=7%D=4/5%Time=5CA6FE0E%P=x86_64-pc-linux-gnu%r(DNSVe
- SF:rsionBindReqTCP,43,"\0A\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x0
- SF:4bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\t\x08get\x20lost\xc0\
- SF:x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
- Aggressive OS guesses: Linux 2.6.32 (87%), Linux 2.6.32 or 3.10 (87%), Linux 2.6.39 (87%), Linux 3.10 - 3.12 (87%), Linux 3.4 (87%), Linux 3.5 (87%), Linux 4.2 (87%), Linux 4.4 (87%), Synology DiskStation Manager 5.1 (87%), WatchGuard Fireware 11.8 (87%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 4.899 days (since Sun Mar 31 05:52:26 2019)
- Network Distance: 15 hops
- TCP Sequence Prediction: Difficulty=259 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 256/tcp)
- HOP RTT ADDRESS
- 1 2.77 ms chAdmin (192.168.0.1)
- 2 12.02 ms 142.254.153.173
- 3 11.82 ms agg62.clmboh5502h.midwest.rr.com (69.23.24.177)
- 4 18.23 ms agg24.clmcohib01r.midwest.rr.com (65.29.1.52)
- 5 24.31 ms be27.clevohek01r.midwest.rr.com (65.29.1.38)
- 6 40.05 ms bu-ether17.vinnva0510w-bcr00.tbone.rr.com (66.109.6.70)
- 7 28.79 ms 0.ae1.pr0.dca20.tbone.rr.com (66.109.6.167)
- 8 617.81 ms ge-7-1-6.pr0.chi10.tbone.rr.com (66.109.9.74)
- 9 ...
- 10 121.76 ms 62.67.36.230
- 11 200.13 ms ae4.nvsk-ar1.sib.ip.rostelecom.ru (213.228.109.53)
- 12 215.71 ms 213.228.72.50
- 13 208.36 ms atlas2.mega-com.ru (194.8.84.18)
- 14 ...
- 15 241.86 ms money-batmobileauto.ru (80.66.87.49)
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- # Nmap done at Fri Apr 5 03:26:20 2019 -- 1 IP address (1 host up) scanned in 1326.13 seconds
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement