API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 25th, 2019
755
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 118.78 KB | None | 0 0
raw download clone embed print report
  1. Plugin ID,CVE,CVSS,Risk,Host,Protocol,Port,Name,Synopsis,Description,Solution,See Also,Plugin Output
  2. "10028","","","None","10.10.0.4","udp","53","DNS Server BIND version Directive Remote Version Detection","It is possible to obtain the version number of the remote DNS server.","The remote host is running BIND or another DNS server that reports its
  3. version number when it receives a special request for the text
  4. 'version.bind' in the domain 'chaos'.
  5.  
  6. This version is not necessarily accurate and could even be forged, as
  7. some DNS servers send the information based on a configuration file.","It is possible to hide the version number of BIND by using the
  8. 'version' directive in the 'options' section in named.conf.","","
  9. Version : 9.4.2
  10. "
  11. "10092","","","None","10.10.0.4","tcp","21","FTP Server Detection","An FTP server is listening on a remote port.","It is possible to obtain the banner of the remote FTP server by
  12. connecting to a remote port.","n/a","","
  13. The remote FTP banner is :
  14.  
  15. 220 (vsFTPd 2.3.4)
  16. "
  17. "10107","","","None","10.10.0.4","tcp","80","HTTP Server Type and Version","A web server is running on the remote host.","This plugin attempts to determine the type and the version of the
  18. remote web server.","n/a","","The remote web server type is :
  19.  
  20. Apache/2.2.8 (Ubuntu) DAV/2"
  21. "10114","CVE-1999-0524","","None","10.10.0.4","icmp","0","ICMP Timestamp Request Remote Date Disclosure","It is possible to determine the exact time set on the remote host.","The remote host answers to an ICMP timestamp request. This allows an
  22. attacker to know the date that is set on the targeted machine, which
  23. may assist an unauthenticated, remote attacker in defeating time-based
  24. authentication protocols.
  25.  
  26. Timestamps returned from machines running Windows Vista / 7 / 2008 /
  27. 2008 R2 are deliberately incorrect, but usually within 1000 seconds of
  28. the actual system time.","Filter out the ICMP timestamp requests (13), and the outgoing ICMP
  29. timestamp replies (14).","","The remote clock is synchronized with the local clock.
  30. "
  31. "10150","","","None","10.10.0.4","udp","137","Windows NetBIOS / SMB Remote Host Information Disclosure","It was possible to obtain the network name of the remote host.","The remote host is listening on UDP port 137 or TCP port 445, and
  32. replies to NetBIOS nbtscan or SMB requests.
  33.  
  34. Note that this plugin gathers information to be used in other plugins,
  35. but does not itself generate a report.","n/a","","The following 7 NetBIOS names have been gathered :
  36.  
  37. METASPLOITABLE = Computer name
  38. METASPLOITABLE = Messenger Service
  39. METASPLOITABLE = File Server Service
  40. __MSBROWSE__ = Master Browser
  41. WORKGROUP = Workgroup / Domain name
  42. WORKGROUP = Master Browser
  43. WORKGROUP = Browser Service Elections
  44.  
  45. This SMB server seems to be a Samba server - its MAC address is NULL."
  46. "10223","CVE-1999-0632","","None","10.10.0.4","udp","111","RPC portmapper Service Detection","An ONC RPC portmapper is running on the remote host.","The RPC portmapper is running on this port.
  47.  
  48. The portmapper allows someone to get the port number of each RPC
  49. service running on the remote host by sending either multiple lookup
  50. requests or a DUMP request.","n/a","",""
  51. "10263","","","None","10.10.0.4","tcp","25","SMTP Server Detection","An SMTP server is listening on the remote port.","The remote host is running a mail (SMTP) server on this port.
  52.  
  53. Since SMTP servers are the targets of spammers, it is recommended you
  54. disable it if you do not use it.","Disable this service if you do not use it, or filter incoming traffic
  55. to this port.","","
  56. Remote SMTP server banner :
  57.  
  58. 220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
  59. "
  60. "10267","","","None","10.10.0.4","tcp","22","SSH Server Type and Version Information","An SSH server is listening on this port.","It is possible to obtain information about the remote SSH server by
  61. sending an empty authentication request.","n/a","","
  62. SSH version : SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
  63. SSH supported authentication : publickey,password
  64. "
  65. "10287","","","None","10.10.0.4","udp","0","Traceroute Information","It was possible to obtain traceroute information.","Makes a traceroute to the remote host.","n/a","","For your information, here is the traceroute from 10.10.0.16 to 10.10.0.4 :
  66. 10.10.0.16
  67. 10.10.0.4
  68.  
  69. Hop Count: 1
  70. "
  71. "10335","","","None","10.10.0.4","tcp","139","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  72. It shall be reasonably quick even against a firewalled target.
  73.  
  74. Once a TCP connection is open, it grabs any available banner
  75. for the service identification plugins.
  76.  
  77. Note that TCP scanners are more intrusive than
  78. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 139/tcp was found to be open"
  79. "10335","","","None","10.10.0.4","tcp","25","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  80. It shall be reasonably quick even against a firewalled target.
  81.  
  82. Once a TCP connection is open, it grabs any available banner
  83. for the service identification plugins.
  84.  
  85. Note that TCP scanners are more intrusive than
  86. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 25/tcp was found to be open"
  87. "10335","","","None","10.10.0.4","tcp","80","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  88. It shall be reasonably quick even against a firewalled target.
  89.  
  90. Once a TCP connection is open, it grabs any available banner
  91. for the service identification plugins.
  92.  
  93. Note that TCP scanners are more intrusive than
  94. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 80/tcp was found to be open"
  95. "10335","","","None","10.10.0.4","tcp","23","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  96. It shall be reasonably quick even against a firewalled target.
  97.  
  98. Once a TCP connection is open, it grabs any available banner
  99. for the service identification plugins.
  100.  
  101. Note that TCP scanners are more intrusive than
  102. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 23/tcp was found to be open"
  103. "10335","","","None","10.10.0.4","tcp","6000","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  104. It shall be reasonably quick even against a firewalled target.
  105.  
  106. Once a TCP connection is open, it grabs any available banner
  107. for the service identification plugins.
  108.  
  109. Note that TCP scanners are more intrusive than
  110. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 6000/tcp was found to be open"
  111. "10335","","","None","10.10.0.4","tcp","445","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  112. It shall be reasonably quick even against a firewalled target.
  113.  
  114. Once a TCP connection is open, it grabs any available banner
  115. for the service identification plugins.
  116.  
  117. Note that TCP scanners are more intrusive than
  118. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 445/tcp was found to be open"
  119. "10335","","","None","10.10.0.4","tcp","53","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  120. It shall be reasonably quick even against a firewalled target.
  121.  
  122. Once a TCP connection is open, it grabs any available banner
  123. for the service identification plugins.
  124.  
  125. Note that TCP scanners are more intrusive than
  126. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 53/tcp was found to be open"
  127. "10335","","","None","10.10.0.4","tcp","21","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  128. It shall be reasonably quick even against a firewalled target.
  129.  
  130. Once a TCP connection is open, it grabs any available banner
  131. for the service identification plugins.
  132.  
  133. Note that TCP scanners are more intrusive than
  134. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 21/tcp was found to be open"
  135. "10335","","","None","10.10.0.4","tcp","111","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  136. It shall be reasonably quick even against a firewalled target.
  137.  
  138. Once a TCP connection is open, it grabs any available banner
  139. for the service identification plugins.
  140.  
  141. Note that TCP scanners are more intrusive than
  142. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 111/tcp was found to be open"
  143. "10335","","","None","10.10.0.4","tcp","22","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  144. It shall be reasonably quick even against a firewalled target.
  145.  
  146. Once a TCP connection is open, it grabs any available banner
  147. for the service identification plugins.
  148.  
  149. Note that TCP scanners are more intrusive than
  150. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 22/tcp was found to be open"
  151. "10335","","","None","10.10.0.4","tcp","2121","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  152. It shall be reasonably quick even against a firewalled target.
  153.  
  154. Once a TCP connection is open, it grabs any available banner
  155. for the service identification plugins.
  156.  
  157. Note that TCP scanners are more intrusive than
  158. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 2121/tcp was found to be open"
  159. "10335","","","None","10.10.0.4","tcp","8009","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  160. It shall be reasonably quick even against a firewalled target.
  161.  
  162. Once a TCP connection is open, it grabs any available banner
  163. for the service identification plugins.
  164.  
  165. Note that TCP scanners are more intrusive than
  166. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 8009/tcp was found to be open"
  167. "10335","","","None","10.10.0.4","tcp","8787","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  168. It shall be reasonably quick even against a firewalled target.
  169.  
  170. Once a TCP connection is open, it grabs any available banner
  171. for the service identification plugins.
  172.  
  173. Note that TCP scanners are more intrusive than
  174. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 8787/tcp was found to be open"
  175. "10335","","","None","10.10.0.4","tcp","8180","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  176. It shall be reasonably quick even against a firewalled target.
  177.  
  178. Once a TCP connection is open, it grabs any available banner
  179. for the service identification plugins.
  180.  
  181. Note that TCP scanners are more intrusive than
  182. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 8180/tcp was found to be open"
  183. "10335","","","None","10.10.0.4","tcp","512","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  184. It shall be reasonably quick even against a firewalled target.
  185.  
  186. Once a TCP connection is open, it grabs any available banner
  187. for the service identification plugins.
  188.  
  189. Note that TCP scanners are more intrusive than
  190. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 512/tcp was found to be open"
  191. "10335","","","None","10.10.0.4","tcp","1524","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  192. It shall be reasonably quick even against a firewalled target.
  193.  
  194. Once a TCP connection is open, it grabs any available banner
  195. for the service identification plugins.
  196.  
  197. Note that TCP scanners are more intrusive than
  198. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 1524/tcp was found to be open"
  199. "10335","","","None","10.10.0.4","tcp","6667","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  200. It shall be reasonably quick even against a firewalled target.
  201.  
  202. Once a TCP connection is open, it grabs any available banner
  203. for the service identification plugins.
  204.  
  205. Note that TCP scanners are more intrusive than
  206. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 6667/tcp was found to be open"
  207. "10335","","","None","10.10.0.4","tcp","2049","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  208. It shall be reasonably quick even against a firewalled target.
  209.  
  210. Once a TCP connection is open, it grabs any available banner
  211. for the service identification plugins.
  212.  
  213. Note that TCP scanners are more intrusive than
  214. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 2049/tcp was found to be open"
  215. "10335","","","None","10.10.0.4","tcp","513","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  216. It shall be reasonably quick even against a firewalled target.
  217.  
  218. Once a TCP connection is open, it grabs any available banner
  219. for the service identification plugins.
  220.  
  221. Note that TCP scanners are more intrusive than
  222. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 513/tcp was found to be open"
  223. "10335","","","None","10.10.0.4","tcp","3632","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  224. It shall be reasonably quick even against a firewalled target.
  225.  
  226. Once a TCP connection is open, it grabs any available banner
  227. for the service identification plugins.
  228.  
  229. Note that TCP scanners are more intrusive than
  230. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 3632/tcp was found to be open"
  231. "10335","","","None","10.10.0.4","tcp","49908","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  232. It shall be reasonably quick even against a firewalled target.
  233.  
  234. Once a TCP connection is open, it grabs any available banner
  235. for the service identification plugins.
  236.  
  237. Note that TCP scanners are more intrusive than
  238. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 49908/tcp was found to be open"
  239. "10335","","","None","10.10.0.4","tcp","5900","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  240. It shall be reasonably quick even against a firewalled target.
  241.  
  242. Once a TCP connection is open, it grabs any available banner
  243. for the service identification plugins.
  244.  
  245. Note that TCP scanners are more intrusive than
  246. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 5900/tcp was found to be open"
  247. "10335","","","None","10.10.0.4","tcp","36168","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  248. It shall be reasonably quick even against a firewalled target.
  249.  
  250. Once a TCP connection is open, it grabs any available banner
  251. for the service identification plugins.
  252.  
  253. Note that TCP scanners are more intrusive than
  254. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 36168/tcp was found to be open"
  255. "10335","","","None","10.10.0.4","tcp","3306","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  256. It shall be reasonably quick even against a firewalled target.
  257.  
  258. Once a TCP connection is open, it grabs any available banner
  259. for the service identification plugins.
  260.  
  261. Note that TCP scanners are more intrusive than
  262. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 3306/tcp was found to be open"
  263. "10335","","","None","10.10.0.4","tcp","514","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  264. It shall be reasonably quick even against a firewalled target.
  265.  
  266. Once a TCP connection is open, it grabs any available banner
  267. for the service identification plugins.
  268.  
  269. Note that TCP scanners are more intrusive than
  270. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 514/tcp was found to be open"
  271. "10335","","","None","10.10.0.4","tcp","41606","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  272. It shall be reasonably quick even against a firewalled target.
  273.  
  274. Once a TCP connection is open, it grabs any available banner
  275. for the service identification plugins.
  276.  
  277. Note that TCP scanners are more intrusive than
  278. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 41606/tcp was found to be open"
  279. "10335","","","None","10.10.0.4","tcp","48635","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  280. It shall be reasonably quick even against a firewalled target.
  281.  
  282. Once a TCP connection is open, it grabs any available banner
  283. for the service identification plugins.
  284.  
  285. Note that TCP scanners are more intrusive than
  286. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 48635/tcp was found to be open"
  287. "10335","","","None","10.10.0.4","tcp","5432","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  288. It shall be reasonably quick even against a firewalled target.
  289.  
  290. Once a TCP connection is open, it grabs any available banner
  291. for the service identification plugins.
  292.  
  293. Note that TCP scanners are more intrusive than
  294. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 5432/tcp was found to be open"
  295. "10335","","","None","10.10.0.4","tcp","6697","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  296. It shall be reasonably quick even against a firewalled target.
  297.  
  298. Once a TCP connection is open, it grabs any available banner
  299. for the service identification plugins.
  300.  
  301. Note that TCP scanners are more intrusive than
  302. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 6697/tcp was found to be open"
  303. "10335","","","None","10.10.0.4","tcp","1099","Nessus TCP scanner","It is possible to determine which TCP ports are open.","This plugin is a classical TCP port scanner.
  304. It shall be reasonably quick even against a firewalled target.
  305.  
  306. Once a TCP connection is open, it grabs any available banner
  307. for the service identification plugins.
  308.  
  309. Note that TCP scanners are more intrusive than
  310. SYN (half open) scanners.","Protect your target with an IP filter.","","Port 1099/tcp was found to be open"
  311. "10342","","","None","10.10.0.4","tcp","5900","VNC Software Detection","The remote host is running a remote display software (VNC).","The remote host is running VNC (Virtual Network Computing), which uses
  312. the RFB (Remote Framebuffer) protocol to provide remote access to
  313. graphical user interfaces and thus permits a console on the remote
  314. host to be displayed on another.","Make sure use of this software is done in accordance with your
  315. organization's security policy and filter incoming traffic to this
  316. port.","https://en.wikipedia.org/wiki/Vnc","
  317. The highest RFB protocol version supported by the server is :
  318.  
  319. 3.3
  320. "
  321. "10394","","","None","10.10.0.4","tcp","445","Microsoft Windows SMB Log In Possible","It was possible to log into the remote host.","The remote host is running a Microsoft Windows operating system or
  322. Samba, a CIFS/SMB server for Unix. It was possible to log into it
  323. using one of the following accounts :
  324.  
  325. - NULL session
  326. - Guest account
  327. - Supplied credentials","n/a","https://support.microsoft.com/en-us/help/143474/restricting-information-available-to-anonymous-logon-users
  328. https://support.microsoft.com/en-us/help/246261","- NULL sessions are enabled on the remote host.
  329. "
  330. "10397","","","None","10.10.0.4","tcp","445","Microsoft Windows SMB LanMan Pipe Server Listing Disclosure","It is possible to obtain network information.","It was possible to obtain the browse list of the remote Windows system
  331. by sending a request to the LANMAN pipe. The browse list is the list
  332. of the nearest Windows systems of the remote host.","n/a","","
  333. Here is the browse list of the remote host :
  334.  
  335. METASPLOITABLE ( os : 0.0 )
  336. "
  337. "10407","","2.6","Low","10.10.0.4","tcp","6000","X Server Detection","An X11 server is listening on the remote host","The remote host is running an X11 server. X11 is a client-server
  338. protocol that can be used to display graphical applications running on
  339. a given host on a remote client.
  340.  
  341. Since the X11 traffic is not ciphered, it is possible for an attacker
  342. to eavesdrop on the connection.","Restrict access to this port. If the X11 client/server facility is not
  343. used, disable TCP support in X11 entirely (-nolisten tcp).","","
  344. X11 Version : 11.0
  345. "
  346. "10437","CVE-1999-0554","","None","10.10.0.4","tcp","2049","NFS Share Export List","The remote NFS server exports a list of shares.","This plugin retrieves the list of NFS exported shares.","Ensure each share is intended to be exported.","http://www.tldp.org/HOWTO/NFS-HOWTO/security.html","
  347. Here is the export list of 10.10.0.4 :
  348.  
  349. / *
  350. "
  351. "10785","","","None","10.10.0.4","tcp","445","Microsoft Windows SMB NativeLanManager Remote System Information Disclosure","It was possible to obtain information about the remote operating
  352. system.","Nessus was able to obtain the remote operating system name and version
  353. (Windows and/or Samba) by sending an authentication request to port
  354. 139 or 445. Note that this plugin requires SMB1 to be enabled on the
  355. host.","n/a","","The remote Operating System is : Unix
  356. The remote native LAN manager is : Samba 3.0.20-Debian
  357. The remote SMB Domain Name is : METASPLOITABLE
  358. "
  359. "10863","","","None","10.10.0.4","tcp","5432","SSL Certificate Information","This plugin displays the SSL certificate.","This plugin connects to every SSL-related port and attempts to
  360. extract and dump the X.509 certificate.","n/a","","Subject Name:
  361.  
  362. Country: XX
  363. State/Province: There is no such thing outside US
  364. Locality: Everywhere
  365. Organization: OCOSA
  366. Organization Unit: Office for Complication of Otherwise Simple Affairs
  367. Common Name: ubuntu804-base.localdomain
  368. Email Address: root@ubuntu804-base.localdomain
  369.  
  370. Issuer Name:
  371.  
  372. Country: XX
  373. State/Province: There is no such thing outside US
  374. Locality: Everywhere
  375. Organization: OCOSA
  376. Organization Unit: Office for Complication of Otherwise Simple Affairs
  377. Common Name: ubuntu804-base.localdomain
  378. Email Address: root@ubuntu804-base.localdomain
  379.  
  380. Serial Number: 00 FA F9 3A 4C 7F B6 B9 CC
  381.  
  382. Version: 1
  383.  
  384. Signature Algorithm: SHA-1 With RSA Encryption
  385.  
  386. Not Valid Before: Mar 17 14:07:45 2010 GMT
  387. Not Valid After: Apr 16 14:07:45 2010 GMT
  388.  
  389. Public Key Info:
  390.  
  391. Algorithm: RSA Encryption
  392. Key Length: 1024 bits
  393. Public Key: 00 D6 B4 13 36 33 9A 95 71 7B 1B DE 7C 83 75 DA 71 B1 3C A9
  394. 7F FE AD 64 1B 77 E9 4F AE BE CA D4 F8 CB EF AE BB 43 79 24
  395. 73 FF 3C E5 9E 3B 6D FC C8 B1 AC FA 4C 4D 5E 9B 4C 99 54 0B
  396. D7 A8 4A 50 BA A9 DE 1D 1F F4 E4 6B 02 A3 F4 6B 45 CD 4C AF
  397. 8D 89 62 33 8F 65 BB 36 61 9F C4 2C 73 C1 4E 2E A0 A8 14 4E
  398. 98 70 46 61 BB D1 B9 31 DF 8C 99 EE 75 6B 79 3C 40 A0 AE 97
  399. 00 90 9D DC 99 0D 33 A4 B5
  400. Exponent: 01 00 01
  401.  
  402. Signature Length: 128 bytes / 1024 bits
  403. Signature: 00 92 A4 B4 B8 14 55 63 25 51 4A 0B C3 2A 22 CF 3A F8 17 6A
  404. 0C CF 66 AA A7 65 2F 48 6D CD E3 3E 5C 9F 77 6C D4 44 54 1F
  405. 1E 84 4F 8E D4 8D DD AC 2D 88 09 21 A8 DA 56 2C A9 05 3C 49
  406. 68 35 19 75 0C DA 53 23 88 88 19 2D 74 26 C1 22 65 EE 11 68
  407. 83 6A 53 4A 9C 27 CB A0 B4 E9 8D 29 0C B2 3C 18 5C 67 CC 53
  408. A6 1E 30 D0 AA 26 7B 1E AE 40 B9 29 01 6C 2E BC A2 19 94 7C
  409. 15 6E 8D 30 38 F6 CA 2E 75
  410.  
  411. Fingerprints :
  412.  
  413. SHA-256 Fingerprint: E7 A7 FA 0D 63 E4 57 C7 C4 A5 9B 38 B7 08 49 C6 A7 0B DA 6F
  414. 83 0C 7A F1 E3 2D EE 43 6D E8 13 CC
  415. SHA-1 Fingerprint: ED 09 30 88 70 66 03 BF D5 DC 23 73 99 B4 98 DA 2D 4D 31 C6
  416. MD5 Fingerprint: DC D9 AD 90 6C 8F 2F 73 74 AF 38 3B 25 40 88 28
  417.  
  418. "
  419. "10881","","","None","10.10.0.4","tcp","22","SSH Protocol Versions Supported","A SSH server is running on the remote host.","This plugin determines the versions of the SSH protocol supported by
  420. the remote SSH daemon.","n/a","","The remote SSH daemon supports the following versions of the
  421. SSH protocol :
  422.  
  423. - 1.99
  424. - 2.0
  425. "
  426. "11002","","","None","10.10.0.4","udp","53","DNS Server Detection","A DNS server is listening on the remote host.","The remote service is a Domain Name System (DNS) server, which
  427. provides a mapping between hostnames and IP addresses.","Disable this service if it is not needed or restrict access to
  428. internal hosts only if the service is available externally.","https://en.wikipedia.org/wiki/Domain_Name_System",""
  429. "11002","","","None","10.10.0.4","tcp","53","DNS Server Detection","A DNS server is listening on the remote host.","The remote service is a Domain Name System (DNS) server, which
  430. provides a mapping between hostnames and IP addresses.","Disable this service if it is not needed or restrict access to
  431. internal hosts only if the service is available externally.","https://en.wikipedia.org/wiki/Domain_Name_System",""
  432. "11011","","","None","10.10.0.4","tcp","445","Microsoft Windows SMB Service Detection","A file / print sharing service is listening on the remote host.","The remote service understands the CIFS (Common Internet File System)
  433. or Server Message Block (SMB) protocol, used to provide shared access
  434. to files, printers, etc between nodes on a network.","n/a","","
  435. A CIFS server is running on this port.
  436. "
  437. "11011","","","None","10.10.0.4","tcp","139","Microsoft Windows SMB Service Detection","A file / print sharing service is listening on the remote host.","The remote service understands the CIFS (Common Internet File System)
  438. or Server Message Block (SMB) protocol, used to provide shared access
  439. to files, printers, etc between nodes on a network.","n/a","","
  440. An SMB server is running on this port.
  441. "
  442. "11111","","","None","10.10.0.4","tcp","2049","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  443. enumerate the ONC RPC services running on the remote port. Using this
  444. information, it is possible to connect and bind to each service by
  445. sending an RPC request to the remote port.","n/a","","
  446. The following RPC services are available on TCP port 2049 :
  447.  
  448. - program: 100003 (nfs), version: 2
  449. - program: 100003 (nfs), version: 3
  450. - program: 100003 (nfs), version: 4
  451. "
  452. "11111","","","None","10.10.0.4","tcp","41606","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  453. enumerate the ONC RPC services running on the remote port. Using this
  454. information, it is possible to connect and bind to each service by
  455. sending an RPC request to the remote port.","n/a","","
  456. The following RPC services are available on TCP port 41606 :
  457.  
  458. - program: 100024 (status), version: 1
  459. "
  460. "11111","","","None","10.10.0.4","tcp","36168","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  461. enumerate the ONC RPC services running on the remote port. Using this
  462. information, it is possible to connect and bind to each service by
  463. sending an RPC request to the remote port.","n/a","","
  464. The following RPC services are available on TCP port 36168 :
  465.  
  466. - program: 100005 (mountd), version: 1
  467. - program: 100005 (mountd), version: 2
  468. - program: 100005 (mountd), version: 3
  469. "
  470. "11111","","","None","10.10.0.4","tcp","111","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  471. enumerate the ONC RPC services running on the remote port. Using this
  472. information, it is possible to connect and bind to each service by
  473. sending an RPC request to the remote port.","n/a","","
  474. The following RPC services are available on TCP port 111 :
  475.  
  476. - program: 100000 (portmapper), version: 2
  477. "
  478. "11111","","","None","10.10.0.4","tcp","49908","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  479. enumerate the ONC RPC services running on the remote port. Using this
  480. information, it is possible to connect and bind to each service by
  481. sending an RPC request to the remote port.","n/a","","
  482. The following RPC services are available on TCP port 49908 :
  483.  
  484. - program: 100021 (nlockmgr), version: 1
  485. - program: 100021 (nlockmgr), version: 3
  486. - program: 100021 (nlockmgr), version: 4
  487. "
  488. "11111","","","None","10.10.0.4","udp","51446","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  489. enumerate the ONC RPC services running on the remote port. Using this
  490. information, it is possible to connect and bind to each service by
  491. sending an RPC request to the remote port.","n/a","","
  492. The following RPC services are available on UDP port 51446 :
  493.  
  494. - program: 100005 (mountd), version: 1
  495. - program: 100005 (mountd), version: 2
  496. - program: 100005 (mountd), version: 3
  497. "
  498. "11111","","","None","10.10.0.4","udp","2049","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  499. enumerate the ONC RPC services running on the remote port. Using this
  500. information, it is possible to connect and bind to each service by
  501. sending an RPC request to the remote port.","n/a","","
  502. The following RPC services are available on UDP port 2049 :
  503.  
  504. - program: 100003 (nfs), version: 2
  505. - program: 100003 (nfs), version: 3
  506. - program: 100003 (nfs), version: 4
  507. "
  508. "11111","","","None","10.10.0.4","udp","58070","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  509. enumerate the ONC RPC services running on the remote port. Using this
  510. information, it is possible to connect and bind to each service by
  511. sending an RPC request to the remote port.","n/a","","
  512. The following RPC services are available on UDP port 58070 :
  513.  
  514. - program: 100024 (status), version: 1
  515. "
  516. "11111","","","None","10.10.0.4","udp","111","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  517. enumerate the ONC RPC services running on the remote port. Using this
  518. information, it is possible to connect and bind to each service by
  519. sending an RPC request to the remote port.","n/a","","
  520. The following RPC services are available on UDP port 111 :
  521.  
  522. - program: 100000 (portmapper), version: 2
  523. "
  524. "11111","","","None","10.10.0.4","udp","55336","RPC Services Enumeration","An ONC RPC service is running on the remote host.","By sending a DUMP request to the portmapper, it was possible to
  525. enumerate the ONC RPC services running on the remote port. Using this
  526. information, it is possible to connect and bind to each service by
  527. sending an RPC request to the remote port.","n/a","","
  528. The following RPC services are available on UDP port 55336 :
  529.  
  530. - program: 100021 (nlockmgr), version: 1
  531. - program: 100021 (nlockmgr), version: 3
  532. - program: 100021 (nlockmgr), version: 4
  533. "
  534. "11154","","","None","10.10.0.4","tcp","8787","Unknown Service Detection: Banner Retrieval","There is an unknown service running on the remote host.","Nessus was unable to identify a service on the remote host even though
  535. it returned a banner of some type.","n/a","","
  536. If you know what this service is and think the banner could be used to
  537. identify it, please send a description of the service along with the
  538. following output to svc-signatures@nessus.org :
  539.  
  540. Port : 8787
  541. Type : get_http
  542. Banner :
  543. 0x0000: 00 00 00 03 04 08 46 00 00 03 A1 04 08 6F 3A 16 ......F......o:.
  544. 0x0010: 44 52 62 3A 3A 44 52 62 43 6F 6E 6E 45 72 72 6F DRb::DRbConnErro
  545. 0x0020: 72 07 3A 07 62 74 5B 17 22 2F 2F 75 73 72 2F 6C r.:.bt[.""//usr/l
  546. 0x0030: 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F ib/ruby/1.8/drb/
  547. 0x0040: 64 72 62 2E 72 62 3A 35 37 33 3A 69 6E 20 60 6C drb.rb:573:in `l
  548. 0x0050: 6F 61 64 27 22 37 2F 75 73 72 2F 6C 69 62 2F 72 oad'""7/usr/lib/r
  549. 0x0060: 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E uby/1.8/drb/drb.
  550. 0x0070: 72 62 3A 36 31 32 3A 69 6E 20 60 72 65 63 76 5F rb:612:in `recv_
  551. 0x0080: 72 65 71 75 65 73 74 27 22 37 2F 75 73 72 2F 6C request'""7/usr/l
  552. 0x0090: 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F ib/ruby/1.8/drb/
  553. 0x00A0: 64 72 62 2E 72 62 3A 39 31 31 3A 69 6E 20 60 72 drb.rb:911:in `r
  554. 0x00B0: 65 63 76 5F 72 65 71 75 65 73 74 27 22 3C 2F 75 ecv_request'""</u
  555. 0x00C0: 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F sr/lib/ruby/1.8/
  556. 0x00D0: 64 72 62 2F 64 72 62 2E 72 62 3A 31 35 33 30 3A drb/drb.rb:1530:
  557. 0x00E0: 69 6E 20 60 69 6E 69 74 5F 77 69 74 68 5F 63 6C in `init_with_cl
  558. 0x00F0: 69 65 6E 74 27 22 39 2F 75 73 72 2F 6C 69 62 2F ient'""9/usr/lib/
  559. 0x0100: 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 ruby/1.8/drb/drb
  560. 0x0110: 2E 72 62 3A 31 35 34 32 3A 69 6E 20 60 73 65 74 .rb:1542:in `set
  561. 0x0120: 75 70 5F 6D 65 73 73 61 67 65 27 22 33 2F 75 73 up_message'""3/us
  562. 0x0130: 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 r/lib/ruby/1.8/d
  563. 0x0140: 72 62 2F 64 72 62 2E 72 62 3A 31 34 39 34 3A 69 rb/drb.rb:1494:i
  564. 0x0150: 6E 20 60 70 65 72 66 6F 72 6D 27 22 35 2F 75 73 n `perform'""5/us
  565. 0x0160: 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 r/lib/ruby/1.8/d
  566. 0x0170: 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 39 3A 69 rb/drb.rb:1589:i
  567. 0x0180: 6E 20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 30 2F n `main_loop'""0/
  568. 0x0190: 75 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 usr/lib/ruby/1.8
  569. 0x01A0: 2F 64 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 35 /drb/drb.rb:1585
  570. 0x01B0: 3A 69 6E 20 60 6C 6F 6F 70 27 22 35 2F 75 73 72 :in `loop'""5/usr
  571. 0x01C0: 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 /lib/ruby/1.8/dr
  572. 0x01D0: 62 2F 64 72 62 2E 72 62 3A 31 35 38 35 3A 69 6E b/drb.rb:1585:in
  573. 0x01E0: 20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 31 2F 75 `main_loop'""1/u
  574. 0x01F0: 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F sr/lib/ruby/1.8/
  575. 0x0200: 64 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 31 3A drb/drb.rb:1581:
  576. 0x0210: 69 6E 20 60 73 74 61 72 74 27 22 35 2F 75 73 72 in `start'""5/usr
  577. 0x0220: 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 /lib/ruby/1.8/dr
  578. 0x0230: 62 2F 64 72 62 2E 72 62 3A 31 35 38 31 3A 69 6E b/drb.rb:1581:in
  579. 0x0240: 20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 2F 2F 75 `main_loop'""//u
  580. 0x0250: 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F sr/lib/ruby/1.8/
  581. 0x0260: 64 72 62 2F 64 72 62 2E 72 62 3A 31 34 33 30 3A drb/drb.rb:1430:
  582. 0x0270: 69 6E 20 60 72 75 6E 27 22 31 2F 75 73 72 2F 6C in `run'""1/usr/l
  583. 0x0280: 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F ib/ruby/1.8/drb/
  584. 0x0290: 64 72 62 2E 72 62 3A 31 34 32 37 3A 69 6E 20 60 drb.rb:1427:in `
  585. 0x02A0: 73 74 61 72 74 27 22 2F 2F 75 73 72 2F 6C 69 62 start'""//usr/lib
  586. 0x02B0: 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 /ruby/1.8/drb/dr
  587. 0x02C0: 62 2E 72 62 3A 31 34 32 37 3A 69 6E 20 60 72 75 b.rb:1427:in `ru
  588. 0x02D0: 6E 27 22 36 2F 75 73 72 2F 6C 69 62 2F 72 75 62 n'""6/usr/lib/rub
  589. 0x02E0: 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E 72 62 y/1.8/drb/drb.rb
  590. 0x02F0: 3A 31 33 34 37 3A 69 6E 20 60 69 6E 69 74 69 61 :1347:in `initia
  591. 0x0300: 6C 69 7A 65 27 22 2F 2F 75 73 72 2F 6C 69 62 2F lize'""//usr/lib/
  592. 0x0310: 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 ruby/1.8/drb/drb
  593. 0x0320: 2E 72 62 3A 31 36 32 37 3A 69 6E 20 60 6E 65 77 .rb:1627:in `new
  594. 0x0330: 27 22 39 2F 75 73 72 2F 6C 69 62 2F 72 75 62 79 '""9/usr/lib/ruby
  595. 0x0340: 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E 72 62 3A /1.8/drb/drb.rb:
  596. 0x0350: 31 36 32 37 3A 69 6E 20 60 73 74 61 72 74 5F 73 1627:in `start_s
  597. 0x0360: 65 72 76 69 63 65 27 22 25 2F 75 73 72 2F 73 62 ervice'""%/usr/sb
  598. 0x0370: 69 6E 2F 64 72 75 62 79 5F 74 69 6D 65 73 65 72 in/druby_timeser
  599. 0x0380: 76 65 72 2E 72 62 3A 31 32 3A 09 6D 65 73 67 22 ver.rb:12:.mesg""
  600. 0x0390: 20 74 6F 6F 20 6C 61 72 67 65 20 70 61 63 6B 65 too large packe
  601. 0x03A0: 74 20 31 31 39 35 37 32 35 38 35 36 t 1195725856
  602.  
  603. "
  604. "11156","","","None","10.10.0.4","tcp","6667","IRC Daemon Version Detection","The remote host is an IRC server.","This plugin determines the version of the IRC daemon.","n/a","","The IRC server version is : Unreal3.2.8.1. FhiXOoE [*=2309]
  605. "
  606. "11156","","","None","10.10.0.4","tcp","6697","IRC Daemon Version Detection","The remote host is an IRC server.","This plugin determines the version of the IRC daemon.","n/a","","The IRC server version is : Unreal3.2.8.1. FhiXOoE [*=2309]
  607. "
  608. "11213","CVE-2003-1567","5.0","Medium","10.10.0.4","tcp","80","HTTP TRACE / TRACK Methods Allowed","Debugging functions are enabled on the remote web server.","The remote web server supports the TRACE and/or TRACK methods. TRACE
  609. and TRACK are HTTP methods that are used to debug web server
  610. connections.","Disable these methods. Refer to the plugin output for more information.","https://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
  611. http://www.apacheweek.com/issues/03-01-24
  612. https://download.oracle.com/sunalerts/1000718.1.html","
  613. To disable these methods, add the following lines for each virtual
  614. host in your configuration file :
  615.  
  616. RewriteEngine on
  617. RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  618. RewriteRule .* - [F]
  619.  
  620. Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
  621. support disabling the TRACE method natively via the 'TraceEnable'
  622. directive.
  623.  
  624. Nessus sent the following TRACE request :
  625.  
  626. ------------------------------ snip ------------------------------
  627. TRACE /Nessus2061355762.html HTTP/1.1
  628. Connection: Close
  629. Host: 10.10.0.4
  630. Pragma: no-cache
  631. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
  632. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
  633. Accept-Language: en
  634. Accept-Charset: iso-8859-1,*,utf-8
  635.  
  636. ------------------------------ snip ------------------------------
  637.  
  638. and received the following response from the remote server :
  639.  
  640. ------------------------------ snip ------------------------------
  641. HTTP/1.1 200 OK
  642. Date: Fri, 25 Jan 2019 10:47:02 GMT
  643. Server: Apache/2.2.8 (Ubuntu) DAV/2
  644. Keep-Alive: timeout=15, max=100
  645. Connection: Keep-Alive
  646. Transfer-Encoding: chunked
  647. Content-Type: message/http
  648.  
  649.  
  650. TRACE /Nessus2061355762.html HTTP/1.1
  651. Connection: Keep-Alive
  652. Host: 10.10.0.4
  653. Pragma: no-cache
  654. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
  655. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
  656. Accept-Language: en
  657. Accept-Charset: iso-8859-1,*,utf-8
  658.  
  659. ------------------------------ snip ------------------------------
  660. "
  661. "11213","CVE-2004-2320","5.0","Medium","10.10.0.4","tcp","80","HTTP TRACE / TRACK Methods Allowed","Debugging functions are enabled on the remote web server.","The remote web server supports the TRACE and/or TRACK methods. TRACE
  662. and TRACK are HTTP methods that are used to debug web server
  663. connections.","Disable these methods. Refer to the plugin output for more information.","https://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
  664. http://www.apacheweek.com/issues/03-01-24
  665. https://download.oracle.com/sunalerts/1000718.1.html","
  666. To disable these methods, add the following lines for each virtual
  667. host in your configuration file :
  668.  
  669. RewriteEngine on
  670. RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  671. RewriteRule .* - [F]
  672.  
  673. Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
  674. support disabling the TRACE method natively via the 'TraceEnable'
  675. directive.
  676.  
  677. Nessus sent the following TRACE request :
  678.  
  679. ------------------------------ snip ------------------------------
  680. TRACE /Nessus2061355762.html HTTP/1.1
  681. Connection: Close
  682. Host: 10.10.0.4
  683. Pragma: no-cache
  684. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
  685. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
  686. Accept-Language: en
  687. Accept-Charset: iso-8859-1,*,utf-8
  688.  
  689. ------------------------------ snip ------------------------------
  690.  
  691. and received the following response from the remote server :
  692.  
  693. ------------------------------ snip ------------------------------
  694. HTTP/1.1 200 OK
  695. Date: Fri, 25 Jan 2019 10:47:02 GMT
  696. Server: Apache/2.2.8 (Ubuntu) DAV/2
  697. Keep-Alive: timeout=15, max=100
  698. Connection: Keep-Alive
  699. Transfer-Encoding: chunked
  700. Content-Type: message/http
  701.  
  702.  
  703. TRACE /Nessus2061355762.html HTTP/1.1
  704. Connection: Keep-Alive
  705. Host: 10.10.0.4
  706. Pragma: no-cache
  707. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
  708. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
  709. Accept-Language: en
  710. Accept-Charset: iso-8859-1,*,utf-8
  711.  
  712. ------------------------------ snip ------------------------------
  713. "
  714. "11213","CVE-2010-0386","5.0","Medium","10.10.0.4","tcp","80","HTTP TRACE / TRACK Methods Allowed","Debugging functions are enabled on the remote web server.","The remote web server supports the TRACE and/or TRACK methods. TRACE
  715. and TRACK are HTTP methods that are used to debug web server
  716. connections.","Disable these methods. Refer to the plugin output for more information.","https://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
  717. http://www.apacheweek.com/issues/03-01-24
  718. https://download.oracle.com/sunalerts/1000718.1.html","
  719. To disable these methods, add the following lines for each virtual
  720. host in your configuration file :
  721.  
  722. RewriteEngine on
  723. RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  724. RewriteRule .* - [F]
  725.  
  726. Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
  727. support disabling the TRACE method natively via the 'TraceEnable'
  728. directive.
  729.  
  730. Nessus sent the following TRACE request :
  731.  
  732. ------------------------------ snip ------------------------------
  733. TRACE /Nessus2061355762.html HTTP/1.1
  734. Connection: Close
  735. Host: 10.10.0.4
  736. Pragma: no-cache
  737. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
  738. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
  739. Accept-Language: en
  740. Accept-Charset: iso-8859-1,*,utf-8
  741.  
  742. ------------------------------ snip ------------------------------
  743.  
  744. and received the following response from the remote server :
  745.  
  746. ------------------------------ snip ------------------------------
  747. HTTP/1.1 200 OK
  748. Date: Fri, 25 Jan 2019 10:47:02 GMT
  749. Server: Apache/2.2.8 (Ubuntu) DAV/2
  750. Keep-Alive: timeout=15, max=100
  751. Connection: Keep-Alive
  752. Transfer-Encoding: chunked
  753. Content-Type: message/http
  754.  
  755.  
  756. TRACE /Nessus2061355762.html HTTP/1.1
  757. Connection: Keep-Alive
  758. Host: 10.10.0.4
  759. Pragma: no-cache
  760. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
  761. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
  762. Accept-Language: en
  763. Accept-Charset: iso-8859-1,*,utf-8
  764.  
  765. ------------------------------ snip ------------------------------
  766. "
  767. "11219","","","None","10.10.0.4","tcp","23","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  768. quick even against a firewalled target.
  769.  
  770. Note that SYN scans are less intrusive than TCP (full connect) scans
  771. against broken services, but they might cause problems for less robust
  772. firewalls and also leave unclosed connections on the remote target, if
  773. the network is loaded.","Protect your target with an IP filter.","","Port 23/tcp was found to be open"
  774. "11219","","","None","10.10.0.4","tcp","111","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  775. quick even against a firewalled target.
  776.  
  777. Note that SYN scans are less intrusive than TCP (full connect) scans
  778. against broken services, but they might cause problems for less robust
  779. firewalls and also leave unclosed connections on the remote target, if
  780. the network is loaded.","Protect your target with an IP filter.","","Port 111/tcp was found to be open"
  781. "11219","","","None","10.10.0.4","tcp","139","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  782. quick even against a firewalled target.
  783.  
  784. Note that SYN scans are less intrusive than TCP (full connect) scans
  785. against broken services, but they might cause problems for less robust
  786. firewalls and also leave unclosed connections on the remote target, if
  787. the network is loaded.","Protect your target with an IP filter.","","Port 139/tcp was found to be open"
  788. "11219","","","None","10.10.0.4","tcp","6000","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  789. quick even against a firewalled target.
  790.  
  791. Note that SYN scans are less intrusive than TCP (full connect) scans
  792. against broken services, but they might cause problems for less robust
  793. firewalls and also leave unclosed connections on the remote target, if
  794. the network is loaded.","Protect your target with an IP filter.","","Port 6000/tcp was found to be open"
  795. "11219","","","None","10.10.0.4","tcp","80","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  796. quick even against a firewalled target.
  797.  
  798. Note that SYN scans are less intrusive than TCP (full connect) scans
  799. against broken services, but they might cause problems for less robust
  800. firewalls and also leave unclosed connections on the remote target, if
  801. the network is loaded.","Protect your target with an IP filter.","","Port 80/tcp was found to be open"
  802. "11219","","","None","10.10.0.4","tcp","25","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  803. quick even against a firewalled target.
  804.  
  805. Note that SYN scans are less intrusive than TCP (full connect) scans
  806. against broken services, but they might cause problems for less robust
  807. firewalls and also leave unclosed connections on the remote target, if
  808. the network is loaded.","Protect your target with an IP filter.","","Port 25/tcp was found to be open"
  809. "11219","","","None","10.10.0.4","tcp","53","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  810. quick even against a firewalled target.
  811.  
  812. Note that SYN scans are less intrusive than TCP (full connect) scans
  813. against broken services, but they might cause problems for less robust
  814. firewalls and also leave unclosed connections on the remote target, if
  815. the network is loaded.","Protect your target with an IP filter.","","Port 53/tcp was found to be open"
  816. "11219","","","None","10.10.0.4","tcp","21","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  817. quick even against a firewalled target.
  818.  
  819. Note that SYN scans are less intrusive than TCP (full connect) scans
  820. against broken services, but they might cause problems for less robust
  821. firewalls and also leave unclosed connections on the remote target, if
  822. the network is loaded.","Protect your target with an IP filter.","","Port 21/tcp was found to be open"
  823. "11219","","","None","10.10.0.4","tcp","445","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  824. quick even against a firewalled target.
  825.  
  826. Note that SYN scans are less intrusive than TCP (full connect) scans
  827. against broken services, but they might cause problems for less robust
  828. firewalls and also leave unclosed connections on the remote target, if
  829. the network is loaded.","Protect your target with an IP filter.","","Port 445/tcp was found to be open"
  830. "11219","","","None","10.10.0.4","tcp","22","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  831. quick even against a firewalled target.
  832.  
  833. Note that SYN scans are less intrusive than TCP (full connect) scans
  834. against broken services, but they might cause problems for less robust
  835. firewalls and also leave unclosed connections on the remote target, if
  836. the network is loaded.","Protect your target with an IP filter.","","Port 22/tcp was found to be open"
  837. "11219","","","None","10.10.0.4","tcp","36168","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  838. quick even against a firewalled target.
  839.  
  840. Note that SYN scans are less intrusive than TCP (full connect) scans
  841. against broken services, but they might cause problems for less robust
  842. firewalls and also leave unclosed connections on the remote target, if
  843. the network is loaded.","Protect your target with an IP filter.","","Port 36168/tcp was found to be open"
  844. "11219","","","None","10.10.0.4","tcp","6697","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  845. quick even against a firewalled target.
  846.  
  847. Note that SYN scans are less intrusive than TCP (full connect) scans
  848. against broken services, but they might cause problems for less robust
  849. firewalls and also leave unclosed connections on the remote target, if
  850. the network is loaded.","Protect your target with an IP filter.","","Port 6697/tcp was found to be open"
  851. "11219","","","None","10.10.0.4","tcp","512","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  852. quick even against a firewalled target.
  853.  
  854. Note that SYN scans are less intrusive than TCP (full connect) scans
  855. against broken services, but they might cause problems for less robust
  856. firewalls and also leave unclosed connections on the remote target, if
  857. the network is loaded.","Protect your target with an IP filter.","","Port 512/tcp was found to be open"
  858. "11219","","","None","10.10.0.4","tcp","2049","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  859. quick even against a firewalled target.
  860.  
  861. Note that SYN scans are less intrusive than TCP (full connect) scans
  862. against broken services, but they might cause problems for less robust
  863. firewalls and also leave unclosed connections on the remote target, if
  864. the network is loaded.","Protect your target with an IP filter.","","Port 2049/tcp was found to be open"
  865. "11219","","","None","10.10.0.4","tcp","49908","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  866. quick even against a firewalled target.
  867.  
  868. Note that SYN scans are less intrusive than TCP (full connect) scans
  869. against broken services, but they might cause problems for less robust
  870. firewalls and also leave unclosed connections on the remote target, if
  871. the network is loaded.","Protect your target with an IP filter.","","Port 49908/tcp was found to be open"
  872. "11219","","","None","10.10.0.4","tcp","2121","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  873. quick even against a firewalled target.
  874.  
  875. Note that SYN scans are less intrusive than TCP (full connect) scans
  876. against broken services, but they might cause problems for less robust
  877. firewalls and also leave unclosed connections on the remote target, if
  878. the network is loaded.","Protect your target with an IP filter.","","Port 2121/tcp was found to be open"
  879. "11219","","","None","10.10.0.4","tcp","41606","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  880. quick even against a firewalled target.
  881.  
  882. Note that SYN scans are less intrusive than TCP (full connect) scans
  883. against broken services, but they might cause problems for less robust
  884. firewalls and also leave unclosed connections on the remote target, if
  885. the network is loaded.","Protect your target with an IP filter.","","Port 41606/tcp was found to be open"
  886. "11219","","","None","10.10.0.4","tcp","5432","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  887. quick even against a firewalled target.
  888.  
  889. Note that SYN scans are less intrusive than TCP (full connect) scans
  890. against broken services, but they might cause problems for less robust
  891. firewalls and also leave unclosed connections on the remote target, if
  892. the network is loaded.","Protect your target with an IP filter.","","Port 5432/tcp was found to be open"
  893. "11219","","","None","10.10.0.4","tcp","3306","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  894. quick even against a firewalled target.
  895.  
  896. Note that SYN scans are less intrusive than TCP (full connect) scans
  897. against broken services, but they might cause problems for less robust
  898. firewalls and also leave unclosed connections on the remote target, if
  899. the network is loaded.","Protect your target with an IP filter.","","Port 3306/tcp was found to be open"
  900. "11219","","","None","10.10.0.4","tcp","5900","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  901. quick even against a firewalled target.
  902.  
  903. Note that SYN scans are less intrusive than TCP (full connect) scans
  904. against broken services, but they might cause problems for less robust
  905. firewalls and also leave unclosed connections on the remote target, if
  906. the network is loaded.","Protect your target with an IP filter.","","Port 5900/tcp was found to be open"
  907. "11219","","","None","10.10.0.4","tcp","6667","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  908. quick even against a firewalled target.
  909.  
  910. Note that SYN scans are less intrusive than TCP (full connect) scans
  911. against broken services, but they might cause problems for less robust
  912. firewalls and also leave unclosed connections on the remote target, if
  913. the network is loaded.","Protect your target with an IP filter.","","Port 6667/tcp was found to be open"
  914. "11219","","","None","10.10.0.4","tcp","8787","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  915. quick even against a firewalled target.
  916.  
  917. Note that SYN scans are less intrusive than TCP (full connect) scans
  918. against broken services, but they might cause problems for less robust
  919. firewalls and also leave unclosed connections on the remote target, if
  920. the network is loaded.","Protect your target with an IP filter.","","Port 8787/tcp was found to be open"
  921. "11219","","","None","10.10.0.4","tcp","1099","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  922. quick even against a firewalled target.
  923.  
  924. Note that SYN scans are less intrusive than TCP (full connect) scans
  925. against broken services, but they might cause problems for less robust
  926. firewalls and also leave unclosed connections on the remote target, if
  927. the network is loaded.","Protect your target with an IP filter.","","Port 1099/tcp was found to be open"
  928. "11219","","","None","10.10.0.4","tcp","513","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  929. quick even against a firewalled target.
  930.  
  931. Note that SYN scans are less intrusive than TCP (full connect) scans
  932. against broken services, but they might cause problems for less robust
  933. firewalls and also leave unclosed connections on the remote target, if
  934. the network is loaded.","Protect your target with an IP filter.","","Port 513/tcp was found to be open"
  935. "11219","","","None","10.10.0.4","tcp","8180","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  936. quick even against a firewalled target.
  937.  
  938. Note that SYN scans are less intrusive than TCP (full connect) scans
  939. against broken services, but they might cause problems for less robust
  940. firewalls and also leave unclosed connections on the remote target, if
  941. the network is loaded.","Protect your target with an IP filter.","","Port 8180/tcp was found to be open"
  942. "11219","","","None","10.10.0.4","tcp","1524","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  943. quick even against a firewalled target.
  944.  
  945. Note that SYN scans are less intrusive than TCP (full connect) scans
  946. against broken services, but they might cause problems for less robust
  947. firewalls and also leave unclosed connections on the remote target, if
  948. the network is loaded.","Protect your target with an IP filter.","","Port 1524/tcp was found to be open"
  949. "11219","","","None","10.10.0.4","tcp","514","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  950. quick even against a firewalled target.
  951.  
  952. Note that SYN scans are less intrusive than TCP (full connect) scans
  953. against broken services, but they might cause problems for less robust
  954. firewalls and also leave unclosed connections on the remote target, if
  955. the network is loaded.","Protect your target with an IP filter.","","Port 514/tcp was found to be open"
  956. "11219","","","None","10.10.0.4","tcp","48635","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  957. quick even against a firewalled target.
  958.  
  959. Note that SYN scans are less intrusive than TCP (full connect) scans
  960. against broken services, but they might cause problems for less robust
  961. firewalls and also leave unclosed connections on the remote target, if
  962. the network is loaded.","Protect your target with an IP filter.","","Port 48635/tcp was found to be open"
  963. "11219","","","None","10.10.0.4","tcp","8009","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  964. quick even against a firewalled target.
  965.  
  966. Note that SYN scans are less intrusive than TCP (full connect) scans
  967. against broken services, but they might cause problems for less robust
  968. firewalls and also leave unclosed connections on the remote target, if
  969. the network is loaded.","Protect your target with an IP filter.","","Port 8009/tcp was found to be open"
  970. "11219","","","None","10.10.0.4","tcp","3632","Nessus SYN scanner","It is possible to determine which TCP ports are open.","This plugin is a SYN 'half-open' port scanner. It shall be reasonably
  971. quick even against a firewalled target.
  972.  
  973. Note that SYN scans are less intrusive than TCP (full connect) scans
  974. against broken services, but they might cause problems for less robust
  975. firewalls and also leave unclosed connections on the remote target, if
  976. the network is loaded.","Protect your target with an IP filter.","","Port 3632/tcp was found to be open"
  977. "11356","CVE-1999-0170","10.0","Critical","10.10.0.4","udp","2049","NFS Exported Share Information Disclosure","It is possible to access NFS shares on the remote host.","At least one of the NFS shares exported by the remote server could be
  978. mounted by the scanning host. An attacker may be able to leverage
  979. this to read (and possibly write) files on remote host.","Configure NFS on the remote host so that only authorized hosts can
  980. mount its remote shares.","","
  981. The following NFS shares could be mounted :
  982.  
  983. + /
  984. + Contents of / :
  985. - .
  986. - ..
  987. - .CmMRA0A3L1LNbw18
  988. - .PBEwoXZoy7IWHR21
  989. - .tB5G2qZcweUXRnWr
  990. - .vKEG05Dxy2BoAiYS
  991. - bin
  992. - boot
  993. - cdrom
  994. - dev
  995. - etc
  996. - home
  997. - initrd
  998. - initrd.img
  999. - lib
  1000. - lost+found
  1001. - media
  1002. - mnt
  1003. - nohup.out
  1004. - opt
  1005. - proc
  1006. - root
  1007. - sbin
  1008. - srv
  1009. - sys
  1010. - tmp
  1011. - usr
  1012. - var
  1013. - vmlinuz
  1014. "
  1015. "11356","CVE-1999-0211","10.0","Critical","10.10.0.4","udp","2049","NFS Exported Share Information Disclosure","It is possible to access NFS shares on the remote host.","At least one of the NFS shares exported by the remote server could be
  1016. mounted by the scanning host. An attacker may be able to leverage
  1017. this to read (and possibly write) files on remote host.","Configure NFS on the remote host so that only authorized hosts can
  1018. mount its remote shares.","","
  1019. The following NFS shares could be mounted :
  1020.  
  1021. + /
  1022. + Contents of / :
  1023. - .
  1024. - ..
  1025. - .CmMRA0A3L1LNbw18
  1026. - .PBEwoXZoy7IWHR21
  1027. - .tB5G2qZcweUXRnWr
  1028. - .vKEG05Dxy2BoAiYS
  1029. - bin
  1030. - boot
  1031. - cdrom
  1032. - dev
  1033. - etc
  1034. - home
  1035. - initrd
  1036. - initrd.img
  1037. - lib
  1038. - lost+found
  1039. - media
  1040. - mnt
  1041. - nohup.out
  1042. - opt
  1043. - proc
  1044. - root
  1045. - sbin
  1046. - srv
  1047. - sys
  1048. - tmp
  1049. - usr
  1050. - var
  1051. - vmlinuz
  1052. "
  1053. "11356","CVE-1999-0554","10.0","Critical","10.10.0.4","udp","2049","NFS Exported Share Information Disclosure","It is possible to access NFS shares on the remote host.","At least one of the NFS shares exported by the remote server could be
  1054. mounted by the scanning host. An attacker may be able to leverage
  1055. this to read (and possibly write) files on remote host.","Configure NFS on the remote host so that only authorized hosts can
  1056. mount its remote shares.","","
  1057. The following NFS shares could be mounted :
  1058.  
  1059. + /
  1060. + Contents of / :
  1061. - .
  1062. - ..
  1063. - .CmMRA0A3L1LNbw18
  1064. - .PBEwoXZoy7IWHR21
  1065. - .tB5G2qZcweUXRnWr
  1066. - .vKEG05Dxy2BoAiYS
  1067. - bin
  1068. - boot
  1069. - cdrom
  1070. - dev
  1071. - etc
  1072. - home
  1073. - initrd
  1074. - initrd.img
  1075. - lib
  1076. - lost+found
  1077. - media
  1078. - mnt
  1079. - nohup.out
  1080. - opt
  1081. - proc
  1082. - root
  1083. - sbin
  1084. - srv
  1085. - sys
  1086. - tmp
  1087. - usr
  1088. - var
  1089. - vmlinuz
  1090. "
  1091. "11424","","","None","10.10.0.4","tcp","80","WebDAV Detection","The remote server is running with WebDAV enabled.","WebDAV is an industry standard extension to the HTTP specification.
  1092. It adds a capability for authorized users to remotely add and manage
  1093. the content of a web server.
  1094.  
  1095. If you do not use this extension, you should disable it.","http://support.microsoft.com/default.aspx?kbid=241520","",""
  1096. "11819","","","None","10.10.0.4","udp","69","TFTP Daemon Detection","A TFTP server is listening on the remote port.","The remote host is running a TFTP (Trivial File Transfer Protocol)
  1097. daemon. TFTP is often used by routers and diskless hosts to retrieve
  1098. their configuration. It can also be used by worms to propagate.","Disable this service if you do not use it.","",""
  1099. "11936","","","None","10.10.0.4","tcp","0","OS Identification","It is possible to guess the remote operating system.","Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP,
  1100. SNMP, etc.), it is possible to guess the name of the remote operating
  1101. system in use. It is also possible sometimes to guess the version of
  1102. the operating system.","n/a","","
  1103. Remote operating system : Linux Kernel 2.6 on Ubuntu 8.04 (gutsy)
  1104. Confidence level : 95
  1105. Method : HTTP
  1106.  
  1107. Not all fingerprints could give a match. If you think some or all of
  1108. the following could be used to identify the host's operating system,
  1109. please email them to os-signatures@nessus.org. Be sure to include a
  1110. brief description of the host itself, such as the actual operating
  1111. system or product / model names.
  1112.  
  1113. SSH:SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
  1114. SinFP:
  1115. P1:B10113:F0x12:W5840:O0204ffff:M1460:
  1116. P2:B10113:F0x12:W5792:O0204ffff0402080affffffff4445414401030306:M1460:
  1117. P3:B10120:F0x04:W0:O0:M0
  1118. P4:80200_7_p=512
  1119. SMTP:!:220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
  1120. SSLcert:!:i/CN:ubuntu804-base.localdomaini/O:OCOSAi/OU:Office for Complication of Otherwise Simple Affairss/CN:ubuntu804-base.localdomains/O:OCOSAs/OU:Office for Complication of Otherwise Simple Affairs
  1121. ed093088706603bfd5dc237399b498da2d4d31c6
  1122.  
  1123.  
  1124.  
  1125. The remote host is running Linux Kernel 2.6 on Ubuntu 8.04 (gutsy)"
  1126. "15901","","5.0","Medium","10.10.0.4","tcp","5432","SSL Certificate Expiry","The remote server's SSL certificate has already expired.","This plugin checks expiry dates of certificates associated with SSL-
  1127. enabled services on the target and reports whether any have already
  1128. expired.","Purchase or generate a new SSL certificate to replace the existing
  1129. one.","","
  1130. The SSL certificate has already expired :
  1131.  
  1132. Subject : C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu804-base.localdomain, emailAddress=root@ubuntu804-base.localdomain
  1133. Issuer : C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu804-base.localdomain, emailAddress=root@ubuntu804-base.localdomain
  1134. Not valid before : Mar 17 14:07:45 2010 GMT
  1135. Not valid after : Apr 16 14:07:45 2010 GMT
  1136. "
  1137. "18261","","","None","10.10.0.4","tcp","0","Apache Banner Linux Distribution Disclosure","The name of the Linux distribution running on the remote host was
  1138. found in the banner of the web server.","Nessus was able to extract the banner of the Apache web server and
  1139. determine which Linux distribution the remote host is running.","If you do not wish to display this information, edit 'httpd.conf' and
  1140. set the directive 'ServerTokens Prod' and restart Apache.
  1141. n/a","","
  1142. The Linux distribution detected was :
  1143. - Ubuntu 8.04 (gutsy)
  1144. "
  1145. "19288","","","None","10.10.0.4","tcp","5900","VNC Server Security Type Detection","A VNC server is running on the remote host.","This script checks the remote VNC server protocol version and the
  1146. available 'security types'.","n/a","","
  1147. The remote VNC server chose security type #2 (VNC authentication)"
  1148. "19506","","","None","10.10.0.4","tcp","0","Nessus Scan Information","This plugin displays information about the Nessus scan.","This plugin displays, for each tested host, information about the
  1149. scan itself :
  1150.  
  1151. - The version of the plugin set.
  1152. - The type of scanner (Nessus or Nessus Home).
  1153. - The version of the Nessus Engine.
  1154. - The port scanner(s) used.
  1155. - The port range scanned.
  1156. - Whether credentialed or third-party patch management
  1157. checks are possible.
  1158. - The date of the scan.
  1159. - The duration of the scan.
  1160. - The number of hosts scanned in parallel.
  1161. - The number of checks done in parallel.","n/a","","Information about this scan :
  1162.  
  1163. Nessus version : 8.2.0
  1164. Plugin feed version : 201901240342
  1165. Scanner edition used : Nessus
  1166. Scan type : Normal
  1167. Scan policy used : Advanced Scan
  1168. Scanner IP : 10.10.0.16
  1169. Port scanner(s) : nessus_tcp_scanner nessus_syn_scanner
  1170. Port range : T: 0-65535, U:0-1000
  1171. Thorough tests : no
  1172. Experimental tests : no
  1173. Paranoia level : 1
  1174. Report verbosity : 1
  1175. Safe checks : yes
  1176. Optimize the test : yes
  1177. Credentialed checks : no
  1178. Patch management checks : None
  1179. CGI scanning : disabled
  1180. Web application tests : disabled
  1181. Max hosts : 30
  1182. Max checks : 5
  1183. Recv timeout : 5
  1184. Backports : Detected
  1185. Allow post-scan editing: Yes
  1186. Scan Start Date : 2019/1/25 5:44 EST
  1187. Scan duration : 275 sec
  1188. "
  1189. "20007","","7.1","High","10.10.0.4","tcp","5432","SSL Version 2 and 3 Protocol Detection","The remote service encrypts traffic using a protocol with known
  1190. weaknesses.","The remote service accepts connections encrypted using SSL 2.0 and/or
  1191. SSL 3.0. These versions of SSL are affected by several cryptographic
  1192. flaws, including:
  1193.  
  1194. - An insecure padding scheme with CBC ciphers.
  1195.  
  1196. - Insecure session renegotiation and resumption schemes.
  1197.  
  1198. An attacker can exploit these flaws to conduct man-in-the-middle
  1199. attacks or to decrypt communications between the affected service and
  1200. clients.
  1201.  
  1202. Although SSL/TLS has a secure means for choosing the highest supported
  1203. version of the protocol (so that these versions will be used only if
  1204. the client or server support nothing better), many web browsers
  1205. implement this in an unsafe way that allows an attacker to downgrade
  1206. a connection (such as in POODLE). Therefore, it is recommended that
  1207. these protocols be disabled entirely.
  1208.  
  1209. NIST has determined that SSL 3.0 is no longer acceptable for secure
  1210. communications. As of the date of enforcement found in PCI DSS v3.1,
  1211. any version of SSL will not meet the PCI SSC's definition of 'strong
  1212. cryptography'.","Consult the application's documentation to disable SSL 2.0 and 3.0.
  1213. Use TLS 1.1 (with approved cipher suites) or higher instead.","https://www.schneier.com/academic/paperfiles/paper-ssl.pdf
  1214. http://www.nessus.org/u?b06c7e95
  1215. http://www.nessus.org/u?247c4540
  1216. https://www.openssl.org/~bodo/ssl-poodle.pdf
  1217. http://www.nessus.org/u?5d15ba70
  1218. https://www.imperialviolet.org/2014/10/14/poodle.html
  1219. https://tools.ietf.org/html/rfc7507
  1220. https://tools.ietf.org/html/rfc7568","
  1221. - SSLv3 is enabled and the server supports at least one cipher.
  1222. Explanation: TLS 1.0 and SSL 3.0 cipher suites may be used with SSLv3
  1223.  
  1224.  
  1225. Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
  1226.  
  1227. EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1228. DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1229.  
  1230. High Strength Ciphers (>= 112-bit key)
  1231.  
  1232. DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1233. DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1234. AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1235. AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1236. RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
  1237.  
  1238. The fields above are :
  1239.  
  1240. {OpenSSL ciphername}
  1241. Kx={key exchange}
  1242. Au={authentication}
  1243. Enc={symmetric encryption method}
  1244. Mac={message authentication code}
  1245. {export flag}
  1246. "
  1247. "21186","","","None","10.10.0.4","tcp","8009","AJP Connector Detection","There is an AJP connector listening on the remote host.","The remote host is running an AJP (Apache JServ Protocol) connector, a
  1248. service by which a standalone web server such as Apache communicates
  1249. over TCP with a Java servlet container such as Tomcat.","n/a","http://tomcat.apache.org/connectors-doc/
  1250. http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html","
  1251. The connector listing on this port supports the ajp13 protocol.
  1252. "
  1253. "21643","","","None","10.10.0.4","tcp","5432","SSL Cipher Suites Supported","The remote service encrypts communications using SSL.","This plugin detects which SSL ciphers are supported by the remote
  1254. service for encrypting communications.","n/a","https://www.openssl.org/docs/man1.1.0/apps/ciphers.html
  1255. http://www.nessus.org/u?3a040ada","
  1256. Here is the list of SSL ciphers supported by the remote server :
  1257. Each group is reported per SSL Version.
  1258.  
  1259. SSL Version : TLSv1
  1260. Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
  1261.  
  1262. EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1263. DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1264.  
  1265. High Strength Ciphers (>= 112-bit key)
  1266.  
  1267. DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1268. DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1269. AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1270. AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1271. RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
  1272.  
  1273.  
  1274. SSL Version : SSLv3
  1275. Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
  1276.  
  1277. EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1278. DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1279.  
  1280. High Strength Ciphers (>= 112-bit key)
  1281.  
  1282. DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1283. DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1284. AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1285. AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1286. RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
  1287.  
  1288. The fields above are :
  1289.  
  1290. {OpenSSL ciphername}
  1291. Kx={key exchange}
  1292. Au={authentication}
  1293. Enc={symmetric encryption method}
  1294. Mac={message authentication code}
  1295. {export flag}
  1296.  
  1297. Note that this service does not encrypt traffic by default but does
  1298. support upgrading to an encrypted connection using STARTTLS.
  1299. "
  1300. "22227","","","None","10.10.0.4","tcp","1099","RMI Registry Detection","An RMI registry is listening on the remote host.","The remote host is running an RMI registry, which acts as a bootstrap
  1301. naming service for registering and retrieving remote objects with
  1302. simple names in the Java Remote Method Invocation (RMI) system.","n/a","https://docs.oracle.com/javase/1.5.0/docs/guide/rmi/spec/rmiTOC.html
  1303. http://www.nessus.org/u?b6fd7659",""
  1304. "22964","","","None","10.10.0.4","tcp","21","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1305. looking at the error message it sends when it receives an HTTP
  1306. request.","n/a","","An FTP server is running on this port."
  1307. "22964","","","None","10.10.0.4","tcp","22","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1308. looking at the error message it sends when it receives an HTTP
  1309. request.","n/a","","An SSH server is running on this port."
  1310. "22964","","","None","10.10.0.4","tcp","25","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1311. looking at the error message it sends when it receives an HTTP
  1312. request.","n/a","","An SMTP server is running on this port."
  1313. "22964","","","None","10.10.0.4","tcp","80","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1314. looking at the error message it sends when it receives an HTTP
  1315. request.","n/a","","A web server is running on this port."
  1316. "22964","","","None","10.10.0.4","tcp","1524","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1317. looking at the error message it sends when it receives an HTTP
  1318. request.","n/a","","A shell server (Metasploitable) is running on this port."
  1319. "22964","","","None","10.10.0.4","tcp","5900","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1320. looking at the error message it sends when it receives an HTTP
  1321. request.","n/a","","A vnc server is running on this port."
  1322. "22964","","","None","10.10.0.4","tcp","6667","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1323. looking at the error message it sends when it receives an HTTP
  1324. request.","n/a","","An IRC server is running on this port."
  1325. "22964","","","None","10.10.0.4","tcp","6697","Service Detection","The remote service could be identified.","Nessus was able to identify the remote service by its banner or by
  1326. looking at the error message it sends when it receives an HTTP
  1327. request.","n/a","","An IRC server is running on this port."
  1328. "24260","","","None","10.10.0.4","tcp","80","HyperText Transfer Protocol (HTTP) Information","Some information about the remote HTTP configuration can be extracted.","This test gives some information about the remote HTTP protocol - the
  1329. version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
  1330. etc...
  1331.  
  1332. This test is informational only and does not denote any security
  1333. problem.","n/a","","
  1334. Response Code : HTTP/1.1 200 OK
  1335.  
  1336. Protocol version : HTTP/1.1
  1337. SSL : no
  1338. Keep-Alive : yes
  1339. Options allowed : (Not implemented)
  1340. Headers :
  1341.  
  1342. Date: Fri, 25 Jan 2019 10:47:00 GMT
  1343. Server: Apache/2.2.8 (Ubuntu) DAV/2
  1344. X-Powered-By: PHP/5.2.4-2ubuntu5.10
  1345. Content-Length: 891
  1346. Keep-Alive: timeout=15, max=100
  1347. Connection: Keep-Alive
  1348. Content-Type: text/html
  1349.  
  1350. Response Body :
  1351.  
  1352. <html><head><title>Metasploitable2 - Linux</title></head><body>
  1353. <pre>
  1354.  
  1355. _ _ _ _ _ _ ____
  1356. _ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
  1357. | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
  1358. | | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
  1359. |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
  1360. |_|
  1361.  
  1362.  
  1363. Warning: Never expose this VM to an untrusted network!
  1364.  
  1365. Contact: msfdev[at]metasploit.com
  1366.  
  1367. Login with msfadmin/msfadmin to get started
  1368.  
  1369.  
  1370. </pre>
  1371. <ul>
  1372. <li><a href=""/twiki/"">TWiki</a></li>
  1373. <li><a href=""/phpMyAdmin/"">phpMyAdmin</a></li>
  1374. <li><a href=""/mutillidae/"">Mutillidae</a></li>
  1375. <li><a href=""/dvwa/"">DVWA</a></li>
  1376. <li><a href=""/dav/"">WebDAV</a></li>
  1377. </ul>
  1378. </body>
  1379. </html>
  1380.  
  1381. "
  1382. "25220","","","None","10.10.0.4","tcp","0","TCP/IP Timestamps Supported","The remote service implements TCP timestamps.","The remote host implements TCP timestamps, as defined by RFC1323. A
  1383. side effect of this feature is that the uptime of the remote host can
  1384. sometimes be computed.","n/a","http://www.ietf.org/rfc/rfc1323.txt",""
  1385. "25240","","","None","10.10.0.4","tcp","445","Samba Server Detection","An SMB server is running on the remote host.","The remote host is running Samba, a CIFS/SMB server for Linux and
  1386. Unix.","n/a","https://www.samba.org/",""
  1387. "26024","","","None","10.10.0.4","tcp","5432","PostgreSQL Server Detection","A database service is listening on the remote host.","The remote service is a PostgreSQL database server, or a derivative
  1388. such as EnterpriseDB.","Limit incoming traffic to this port if desired.","https://www.postgresql.org/",""
  1389. "32314","CVE-2008-0166","10.0","Critical","10.10.0.4","tcp","22","Debian OpenSSH/OpenSSL Package Random Number Generator Weakness","The remote SSH host keys are weak.","The remote SSH host key has been generated on a Debian
  1390. or Ubuntu system which contains a bug in the random number
  1391. generator of its OpenSSL library.
  1392.  
  1393. The problem is due to a Debian packager removing nearly all
  1394. sources of entropy in the remote version of OpenSSL.
  1395.  
  1396. An attacker can easily obtain the private part of the remote
  1397. key and use this to set up decipher the remote session or
  1398. set up a man in the middle attack.","Consider all cryptographic material generated on the remote host
  1399. to be guessable. In particuliar, all SSH, SSL and OpenVPN key
  1400. material should be re-generated.","http://www.nessus.org/u?107f9bdc
  1401. http://www.nessus.org/u?f14f4224",""
  1402. "32321","CVE-2008-0166","10.0","Critical","10.10.0.4","tcp","5432","Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check)","The remote SSL certificate uses a weak key.","The remote x509 certificate on the remote SSL server has been generated
  1403. on a Debian or Ubuntu system which contains a bug in the random number
  1404. generator of its OpenSSL library.
  1405.  
  1406. The problem is due to a Debian packager removing nearly all sources of
  1407. entropy in the remote version of OpenSSL.
  1408.  
  1409. An attacker can easily obtain the private part of the remote key and use
  1410. this to decipher the remote session or set up a man in the middle
  1411. attack.","Consider all cryptographic material generated on the remote host to be
  1412. guessable. In particuliar, all SSH, SSL and OpenVPN key material should
  1413. be re-generated.","http://www.nessus.org/u?107f9bdc
  1414. http://www.nessus.org/u?f14f4224",""
  1415. "33850","","10.0","Critical","10.10.0.4","tcp","0","Unix Operating System Unsupported Version Detection","The operating system running on the remote host is no longer
  1416. supported.","According to its self-reported version number, the Unix operating
  1417. system running on the remote host is no longer supported.
  1418.  
  1419. Lack of support implies that no new security patches for the product
  1420. will be released by the vendor. As a result, it is likely to contain
  1421. security vulnerabilities.","Upgrade to a version of the Unix operating system that is currently
  1422. supported.","","
  1423. Ubuntu 8.04 support ended on 2011-05-12 (Desktop) / 2013-05-09 (Server).
  1424. Upgrade to Ubuntu 18.10.
  1425.  
  1426. For more information, see : https://wiki.ubuntu.com/Releases
  1427.  
  1428. "
  1429. "35371","","","None","10.10.0.4","udp","53","DNS Server hostname.bind Map Hostname Disclosure","The DNS server discloses the remote host name.","It is possible to learn the remote host name by querying the remote
  1430. DNS server for 'hostname.bind' in the CHAOS domain.","It may be possible to disable this feature. Consult the vendor's
  1431. documentation for more information.","","
  1432. The remote host name is :
  1433.  
  1434. metasploitable
  1435. "
  1436. "35716","","","None","10.10.0.4","tcp","0","Ethernet Card Manufacturer Detection","The manufacturer can be identified from the Ethernet OUI.","Each ethernet MAC address starts with a 24-bit Organizationally
  1437. Unique Identifier (OUI). These OUIs are registered by IEEE.","n/a","https://standards.ieee.org/faqs/regauth.html
  1438. http://www.nessus.org/u?794673b4","
  1439. The following card manufacturers were identified :
  1440.  
  1441. 08:00:27:F6:CF:41 : PCS Systemtechnik GmbH
  1442. "
  1443. "39520","","","None","10.10.0.4","tcp","22","Backported Security Patch Detection (SSH)","Security patches are backported.","Security patches may have been 'backported' to the remote SSH server
  1444. without changing its version number.
  1445.  
  1446. Banner-based checks have been disabled to avoid false positives.
  1447.  
  1448. Note that this test is informational only and does not denote any
  1449. security problem.","n/a","https://access.redhat.com/security/updates/backporting/?sc_cid=3093","
  1450. Give Nessus credentials to perform local checks.
  1451. "
  1452. "39521","","","None","10.10.0.4","tcp","80","Backported Security Patch Detection (WWW)","Security patches are backported.","Security patches may have been 'backported' to the remote HTTP server
  1453. without changing its version number.
  1454.  
  1455. Banner-based checks have been disabled to avoid false positives.
  1456.  
  1457. Note that this test is informational only and does not denote any
  1458. security problem.","n/a","https://access.redhat.com/security/updates/backporting/?sc_cid=3093","
  1459. Give Nessus credentials to perform local checks.
  1460. "
  1461. "42256","","5.0","Medium","10.10.0.4","tcp","2049","NFS Shares World Readable","The remote NFS server exports world-readable shares.","The remote NFS server is exporting one or more shares without
  1462. restricting access (based on hostname, IP, or IP range).","Place the appropriate restrictions on all NFS shares.","http://www.tldp.org/HOWTO/NFS-HOWTO/security.html","
  1463. The following shares have no access restrictions :
  1464.  
  1465. / *
  1466. "
  1467. "42873","","5.0","Medium","10.10.0.4","tcp","5432","SSL Medium Strength Cipher Suites Supported","The remote service supports the use of medium strength SSL ciphers.","The remote host supports the use of SSL ciphers that offer medium
  1468. strength encryption. Nessus regards medium strength as any encryption
  1469. that uses key lengths at least 64 bits and less than 112 bits, or else
  1470. that uses the 3DES encryption suite.
  1471.  
  1472. Note that it is considerably easier to circumvent medium strength
  1473. encryption if the attacker is on the same physical network.","Reconfigure the affected application if possible to avoid use of
  1474. medium strength ciphers.","https://www.openssl.org/blog/blog/2016/08/24/sweet32/","
  1475. Here is the list of medium strength SSL ciphers supported by the remote server :
  1476.  
  1477. Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
  1478.  
  1479. EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1480. DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1481.  
  1482. The fields above are :
  1483.  
  1484. {OpenSSL ciphername}
  1485. Kx={key exchange}
  1486. Au={authentication}
  1487. Enc={symmetric encryption method}
  1488. Mac={message authentication code}
  1489. {export flag}
  1490. "
  1491. "45410","","","None","10.10.0.4","tcp","5432","SSL Certificate 'commonName' Mismatch","The 'commonName' (CN) attribute in the SSL certificate does not match
  1492. the hostname.","The service running on the remote host presents an SSL certificate for
  1493. which the 'commonName' (CN) attribute does not match the hostname on
  1494. which the service listens.","If the machine has several names, make sure that users connect to the
  1495. service through the DNS hostname that matches the common name in the
  1496. certificate.","","
  1497. The host name known by Nessus is :
  1498.  
  1499. metasploitable
  1500.  
  1501. The Common Name in the certificate is :
  1502.  
  1503. ubuntu804-base.localdomain
  1504. "
  1505. "45411","","5.0","Medium","10.10.0.4","tcp","5432","SSL Certificate with Wrong Hostname","The SSL certificate for this service is for a different host.","The 'commonName' (CN) attribute of the SSL certificate presented for
  1506. this service is for a different machine.","Purchase or generate a proper certificate for this service.","","
  1507. The identities known by Nessus are :
  1508.  
  1509. 10.10.0.4
  1510. 10.10.0.4
  1511.  
  1512. The Common Name in the certificate is :
  1513.  
  1514. ubuntu804-base.localdomain
  1515. "
  1516. "45590","","","None","10.10.0.4","tcp","0","Common Platform Enumeration (CPE)","It was possible to enumerate CPE names that matched on the remote
  1517. system.","By using information obtained from a Nessus scan, this plugin reports
  1518. CPE (Common Platform Enumeration) matches for various hardware and
  1519. software products found on a host.
  1520.  
  1521. Note that if an official CPE is not available for the product, this
  1522. plugin computes the best possible CPE based on the information
  1523. available from the scan.","n/a","http://cpe.mitre.org/
  1524. https://nvd.nist.gov/products/cpe","
  1525. The remote operating system matched the following CPE :
  1526.  
  1527. cpe:/o:canonical:ubuntu_linux:8.04
  1528.  
  1529. Following application CPE's matched on the remote system :
  1530.  
  1531. cpe:/a:openbsd:openssh:4.7 -> OpenBSD OpenSSH 4.7
  1532. cpe:/a:samba:samba:3.0.20 -> Samba 3.0.20
  1533. cpe:/a:apache:http_server:2.2.8 -> Apache Software Foundation Apache HTTP Server 2.2.8
  1534. cpe:/a:php:php:5.2.4 -> PHP 5.2.4
  1535. cpe:/a:isc:bind:9.4.
  1536. "
  1537. "48204","","","None","10.10.0.4","tcp","80","Apache HTTP Server Version","It is possible to obtain the version number of the remote Apache HTTP
  1538. server.","The remote host is running the Apache HTTP Server, an open source web
  1539. server. It was possible to read the version number from the banner.","n/a","https://httpd.apache.org/","
  1540. URL : http://10.10.0.4/
  1541. Version : 2.2.99
  1542. backported : 1
  1543. modules : DAV/2
  1544. os : ConvertedUbuntu
  1545. "
  1546. "48243","","","None","10.10.0.4","tcp","80","PHP Version Detection","It was possible to obtain the version number of the remote PHP
  1547. installation.","Nessus was able to determine the version of PHP available on the
  1548. remote web server.","n/a","","
  1549. Nessus was able to identify the following PHP version information :
  1550.  
  1551. Version : 5.2.4-2ubuntu5.10
  1552. Source : X-Powered-By: PHP/5.2.4-2ubuntu5.10
  1553. "
  1554. "50845","","","None","10.10.0.4","tcp","5432","OpenSSL Detection","The remote service appears to use OpenSSL to encrypt traffic.","Based on its response to a TLS request with a specially crafted
  1555. server name extension, it seems that the remote service is using the
  1556. OpenSSL library to encrypt traffic.
  1557.  
  1558. Note that this plugin can only detect OpenSSL implementations that
  1559. have enabled support for TLS extensions (RFC 4366).","n/a","https://www.openssl.org/",""
  1560. "51192","","6.4","Medium","10.10.0.4","tcp","5432","SSL Certificate Cannot Be Trusted","The SSL certificate for this service cannot be trusted.","The server's X.509 certificate cannot be trusted. This situation can
  1561. occur in three different ways, in which the chain of trust can be
  1562. broken, as stated below :
  1563.  
  1564. - First, the top of the certificate chain sent by the
  1565. server might not be descended from a known public
  1566. certificate authority. This can occur either when the
  1567. top of the chain is an unrecognized, self-signed
  1568. certificate, or when intermediate certificates are
  1569. missing that would connect the top of the certificate
  1570. chain to a known public certificate authority.
  1571.  
  1572. - Second, the certificate chain may contain a certificate
  1573. that is not valid at the time of the scan. This can
  1574. occur either when the scan occurs before one of the
  1575. certificate's 'notBefore' dates, or after one of the
  1576. certificate's 'notAfter' dates.
  1577.  
  1578. - Third, the certificate chain may contain a signature
  1579. that either didn't match the certificate's information
  1580. or could not be verified. Bad signatures can be fixed by
  1581. getting the certificate with the bad signature to be
  1582. re-signed by its issuer. Signatures that could not be
  1583. verified are the result of the certificate's issuer
  1584. using a signing algorithm that Nessus either does not
  1585. support or does not recognize.
  1586.  
  1587. If the remote host is a public host in production, any break in the
  1588. chain makes it more difficult for users to verify the authenticity and
  1589. identity of the web server. This could make it easier to carry out
  1590. man-in-the-middle attacks against the remote host.","Purchase or generate a proper certificate for this service.","https://www.itu.int/rec/T-REC-X.509/en
  1591. https://en.wikipedia.org/wiki/X.509","
  1592. The following certificate was part of the certificate chain
  1593. sent by the remote host, but it has expired :
  1594.  
  1595. |-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
  1596. |-Not After : Apr 16 14:07:45 2010 GMT
  1597.  
  1598. The following certificate was at the top of the certificate
  1599. chain sent by the remote host, but it is signed by an unknown
  1600. certificate authority :
  1601.  
  1602. |-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
  1603. |-Issuer : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
  1604. "
  1605. "51988","","10.0","Critical","10.10.0.4","tcp","1524","Bind Shell Backdoor Detection","The remote host may have been compromised.","A shell is listening on the remote port without any authentication
  1606. being required. An attacker may use it by connecting to the remote
  1607. port and sending commands directly.","Verify if the remote host has been compromised, and reinstall the
  1608. system if necessary.","","
  1609. Nessus was able to execute the command ""id"" using the
  1610. following request :
  1611.  
  1612.  
  1613.  
  1614. This produced the following truncated output (limited to 10 lines) :
  1615. ------------------------------ snip ------------------------------
  1616. root@metasploitable:/# uid=0(root) gid=0(root) groups=0(root)
  1617. root@metasploitable:/#
  1618.  
  1619. ------------------------------ snip ------------------------------
  1620. "
  1621. "52703","","","None","10.10.0.4","tcp","21","vsftpd Detection","An FTP server is listening on the remote port.","The remote host is running vsftpd, an FTP server for UNIX-like
  1622. systems written in C.","n/a","http://vsftpd.beasts.org/","
  1623. Source : 220 (vsFTPd 2.3.4)
  1624. Version : 2.3.4
  1625. "
  1626. "53335","","","None","10.10.0.4","tcp","111","RPC portmapper (TCP)","An ONC RPC portmapper is running on the remote host.","The RPC portmapper is running on this port.
  1627.  
  1628. The portmapper allows someone to get the port number of each RPC
  1629. service running on the remote host by sending either multiple lookup
  1630. requests or a DUMP request.","n/a","",""
  1631. "54615","","","None","10.10.0.4","tcp","0","Device Type","It is possible to guess the remote device type.","Based on the remote operating system, it is possible to determine
  1632. what the remote system type is (eg: a printer, router, general-purpose
  1633. computer, etc).","n/a","","Remote device type : general-purpose
  1634. Confidence level : 95
  1635. "
  1636. "56984","","","None","10.10.0.4","tcp","5432","SSL / TLS Versions Supported","The remote service encrypts communications.","This plugin detects which SSL and TLS versions are supported by the
  1637. remote service for encrypting communications.","n/a","","
  1638. This port supports SSLv3/TLSv1.0.
  1639. "
  1640. "57041","","","None","10.10.0.4","tcp","5432","SSL Perfect Forward Secrecy Cipher Suites Supported","The remote service supports the use of SSL Perfect Forward Secrecy
  1641. ciphers, which maintain confidentiality even if the key is stolen.","The remote host supports the use of SSL ciphers that offer Perfect
  1642. Forward Secrecy (PFS) encryption. These cipher suites ensure that
  1643. recorded SSL traffic cannot be broken at a future date if the server's
  1644. private key is compromised.","n/a","https://www.openssl.org/docs/manmaster/man1/ciphers.html
  1645. https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
  1646. https://en.wikipedia.org/wiki/Perfect_forward_secrecy","
  1647. Here is the list of SSL PFS ciphers supported by the remote server :
  1648.  
  1649. Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
  1650.  
  1651. EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1652.  
  1653. High Strength Ciphers (>= 112-bit key)
  1654.  
  1655. DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1656. DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1657.  
  1658. The fields above are :
  1659.  
  1660. {OpenSSL ciphername}
  1661. Kx={key exchange}
  1662. Au={authentication}
  1663. Enc={symmetric encryption method}
  1664. Mac={message authentication code}
  1665. {export flag}
  1666. "
  1667. "57582","","6.4","Medium","10.10.0.4","tcp","5432","SSL Self-Signed Certificate","The SSL certificate chain for this service ends in an unrecognized
  1668. self-signed certificate.","The X.509 certificate chain for this service is not signed by a
  1669. recognized certificate authority. If the remote host is a public host
  1670. in production, this nullifies the use of SSL as anyone could establish
  1671. a man-in-the-middle attack against the remote host.
  1672.  
  1673. Note that this plugin does not check for certificate chains that end
  1674. in a certificate that is not self-signed, but is signed by an
  1675. unrecognized certificate authority.","Purchase or generate a proper certificate for this service.","","
  1676. The following certificate was found at the top of the certificate
  1677. chain sent by the remote host, but is self-signed and was not
  1678. found in the list of known certificate authorities :
  1679.  
  1680. |-Subject : C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=ubuntu804-base.localdomain/E=root@ubuntu804-base.localdomain
  1681. "
  1682. "57608","","5.0","Medium","10.10.0.4","tcp","445","SMB Signing not required","Signing is not required on the remote SMB server.","Signing is not required on the remote SMB server. An unauthenticated,
  1683. remote attacker can exploit this to conduct man-in-the-middle attacks
  1684. against the SMB server.","Enforce message signing in the host's configuration. On Windows, this
  1685. is found in the policy setting 'Microsoft network server: Digitally
  1686. sign communications (always)'. On Samba, the setting is called 'server
  1687. signing'. See the 'see also' links for further details.","https://support.microsoft.com/en-us/help/887429/overview-of-server-message-block-signing
  1688. http://technet.microsoft.com/en-us/library/cc731957.aspx
  1689. http://www.nessus.org/u?74b80723
  1690. https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
  1691. http://www.nessus.org/u?a3cac4ea",""
  1692. "61708","","10.0","Critical","10.10.0.4","tcp","5900","VNC Server 'password' Password","A VNC server running on the remote host is secured with a weak
  1693. password.","The VNC server running on the remote host is secured with a weak
  1694. password. Nessus was able to login using VNC authentication and a
  1695. password of 'password'. A remote, unauthenticated attacker could
  1696. exploit this to take control of the system.","Secure the VNC service with a strong password.","","
  1697. Nessus logged in using a password of ""password"".
  1698. "
  1699. "62563","","","None","10.10.0.4","tcp","5432","SSL Compression Methods Supported","The remote service supports one or more compression methods for SSL
  1700. connections.","This script detects which compression methods are supported by the
  1701. remote service for SSL connections.","n/a","http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml
  1702. https://tools.ietf.org/html/rfc3749
  1703. https://tools.ietf.org/html/rfc3943
  1704. https://tools.ietf.org/html/rfc5246","
  1705. Nessus was able to confirm that the following compression method is
  1706. supported by the target :
  1707.  
  1708. DEFLATE (0x01)
  1709. "
  1710. "65792","","","None","10.10.0.4","tcp","5900","VNC Server Unencrypted Communication Detection","A VNC server with one or more unencrypted 'security-types' is running
  1711. on the remote host.","This script checks the remote VNC server protocol version and the
  1712. available 'security types' to determine if any unencrypted
  1713. 'security-types' are in use or available.","n/a","","
  1714. The remote VNC server supports the following security type
  1715. which does not perform full data communication encryption :
  1716.  
  1717. 2 (VNC authentication)
  1718. "
  1719. "65821","CVE-2013-2566","2.6","Low","10.10.0.4","tcp","5432","SSL RC4 Cipher Suites Supported (Bar Mitzvah)","The remote service supports the use of the RC4 cipher.","The remote host supports the use of RC4 in one or more cipher suites.
  1720. The RC4 cipher is flawed in its generation of a pseudo-random stream
  1721. of bytes so that a wide variety of small biases are introduced into
  1722. the stream, decreasing its randomness.
  1723.  
  1724. If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
  1725. attacker is able to obtain many (i.e., tens of millions) ciphertexts,
  1726. the attacker may be able to derive the plaintext.","Reconfigure the affected application, if possible, to avoid use of RC4
  1727. ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser
  1728. and web server support.","http://www.nessus.org/u?ac7327a0
  1729. http://cr.yp.to/talks/2013.03.12/slides.pdf
  1730. http://www.isg.rhul.ac.uk/tls/
  1731. https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf","
  1732. List of RC4 cipher suites supported by the remote server :
  1733.  
  1734. High Strength Ciphers (>= 112-bit key)
  1735.  
  1736. RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
  1737.  
  1738. The fields above are :
  1739.  
  1740. {OpenSSL ciphername}
  1741. Kx={key exchange}
  1742. Au={authentication}
  1743. Enc={symmetric encryption method}
  1744. Mac={message authentication code}
  1745. {export flag}
  1746. "
  1747. "65821","CVE-2015-2808","2.6","Low","10.10.0.4","tcp","5432","SSL RC4 Cipher Suites Supported (Bar Mitzvah)","The remote service supports the use of the RC4 cipher.","The remote host supports the use of RC4 in one or more cipher suites.
  1748. The RC4 cipher is flawed in its generation of a pseudo-random stream
  1749. of bytes so that a wide variety of small biases are introduced into
  1750. the stream, decreasing its randomness.
  1751.  
  1752. If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
  1753. attacker is able to obtain many (i.e., tens of millions) ciphertexts,
  1754. the attacker may be able to derive the plaintext.","Reconfigure the affected application, if possible, to avoid use of RC4
  1755. ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser
  1756. and web server support.","http://www.nessus.org/u?ac7327a0
  1757. http://cr.yp.to/talks/2013.03.12/slides.pdf
  1758. http://www.isg.rhul.ac.uk/tls/
  1759. https://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf","
  1760. List of RC4 cipher suites supported by the remote server :
  1761.  
  1762. High Strength Ciphers (>= 112-bit key)
  1763.  
  1764. RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
  1765.  
  1766. The fields above are :
  1767.  
  1768. {OpenSSL ciphername}
  1769. Kx={key exchange}
  1770. Au={authentication}
  1771. Enc={symmetric encryption method}
  1772. Mac={message authentication code}
  1773. {export flag}
  1774. "
  1775. "66334","","","None","10.10.0.4","tcp","0","Patch Report","The remote host is missing several patches.","The remote host is missing one or more security patches. This plugin
  1776. lists the newest version of each patch to install to make sure the
  1777. remote host is up-to-date.","Install the patches listed below.","","
  1778.  
  1779. . You need to take the following action :
  1780.  
  1781. [ Samba Badlock Vulnerability (90509) ]
  1782.  
  1783. + Action to take : Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later.
  1784.  
  1785.  
  1786. "
  1787. "70544","","","None","10.10.0.4","tcp","5432","SSL Cipher Block Chaining Cipher Suites Supported","The remote service supports the use of SSL Cipher Block Chaining
  1788. ciphers, which combine previous blocks with subsequent ones.","The remote host supports the use of SSL ciphers that operate in Cipher
  1789. Block Chaining (CBC) mode. These cipher suites offer additional
  1790. security over Electronic Codebook (ECB) mode, but have the potential to
  1791. leak information if used improperly.","n/a","https://www.openssl.org/docs/manmaster/man1/ciphers.html
  1792. http://www.nessus.org/u?cc4a822a
  1793. https://www.openssl.org/~bodo/tls-cbc.txt","
  1794. Here is the list of SSL CBC ciphers supported by the remote server :
  1795.  
  1796. Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
  1797.  
  1798. EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1799. DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
  1800.  
  1801. High Strength Ciphers (>= 112-bit key)
  1802.  
  1803. DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1804. DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1805. AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
  1806. AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
  1807.  
  1808. The fields above are :
  1809.  
  1810. {OpenSSL ciphername}
  1811. Kx={key exchange}
  1812. Au={authentication}
  1813. Enc={symmetric encryption method}
  1814. Mac={message authentication code}
  1815. {export flag}
  1816. "
  1817. "70657","","","None","10.10.0.4","tcp","22","SSH Algorithms and Languages Supported","An SSH server is listening on this port.","This script detects which algorithms and languages are supported by
  1818. the remote service for encrypting communications.","n/a","","
  1819. Nessus negotiated the following encryption algorithm with the server :
  1820.  
  1821. The server supports the following options for kex_algorithms :
  1822.  
  1823. diffie-hellman-group-exchange-sha1
  1824. diffie-hellman-group-exchange-sha256
  1825. diffie-hellman-group1-sha1
  1826. diffie-hellman-group14-sha1
  1827.  
  1828. The server supports the following options for server_host_key_algorithms :
  1829.  
  1830. ssh-dss
  1831. ssh-rsa
  1832.  
  1833. The server supports the following options for encryption_algorithms_client_to_server :
  1834.  
  1835. 3des-cbc
  1836. aes128-cbc
  1837. aes128-ctr
  1838. aes192-cbc
  1839. aes192-ctr
  1840. aes256-cbc
  1841. aes256-ctr
  1842. arcfour
  1843. arcfour128
  1844. arcfour256
  1845. blowfish-cbc
  1846. cast128-cbc
  1847. rijndael-cbc@lysator.liu.se
  1848.  
  1849. The server supports the following options for encryption_algorithms_server_to_client :
  1850.  
  1851. 3des-cbc
  1852. aes128-cbc
  1853. aes128-ctr
  1854. aes192-cbc
  1855. aes192-ctr
  1856. aes256-cbc
  1857. aes256-ctr
  1858. arcfour
  1859. arcfour128
  1860. arcfour256
  1861. blowfish-cbc
  1862. cast128-cbc
  1863. rijndael-cbc@lysator.liu.se
  1864.  
  1865. The server supports the following options for mac_algorithms_client_to_server :
  1866.  
  1867. hmac-md5
  1868. hmac-md5-96
  1869. hmac-ripemd160
  1870. hmac-ripemd160@openssh.com
  1871. hmac-sha1
  1872. hmac-sha1-96
  1873. umac-64@openssh.com
  1874.  
  1875. The server supports the following options for mac_algorithms_server_to_client :
  1876.  
  1877. hmac-md5
  1878. hmac-md5-96
  1879. hmac-ripemd160
  1880. hmac-ripemd160@openssh.com
  1881. hmac-sha1
  1882. hmac-sha1-96
  1883. umac-64@openssh.com
  1884.  
  1885. The server supports the following options for compression_algorithms_client_to_server :
  1886.  
  1887. none
  1888. zlib@openssh.com
  1889.  
  1890. The server supports the following options for compression_algorithms_server_to_client :
  1891.  
  1892. none
  1893. zlib@openssh.com
  1894. "
  1895. "70658","CVE-2008-5161","2.6","Low","10.10.0.4","tcp","22","SSH Server CBC Mode Ciphers Enabled","The SSH server is configured to use Cipher Block Chaining.","The SSH server is configured to support Cipher Block Chaining (CBC)
  1896. encryption. This may allow an attacker to recover the plaintext message
  1897. from the ciphertext.
  1898.  
  1899. Note that this plugin only checks for the options of the SSH server and
  1900. does not check for vulnerable software versions.","Contact the vendor or consult product documentation to disable CBC mode
  1901. cipher encryption, and enable CTR or GCM cipher mode encryption.","","
  1902. The following client-to-server Cipher Block Chaining (CBC) algorithms
  1903. are supported :
  1904.  
  1905. 3des-cbc
  1906. aes128-cbc
  1907. aes192-cbc
  1908. aes256-cbc
  1909. blowfish-cbc
  1910. cast128-cbc
  1911. rijndael-cbc@lysator.liu.se
  1912.  
  1913. The following server-to-client Cipher Block Chaining (CBC) algorithms
  1914. are supported :
  1915.  
  1916. 3des-cbc
  1917. aes128-cbc
  1918. aes192-cbc
  1919. aes256-cbc
  1920. blowfish-cbc
  1921. cast128-cbc
  1922. rijndael-cbc@lysator.liu.se
  1923. "
  1924. "71049","","2.6","Low","10.10.0.4","tcp","22","SSH Weak MAC Algorithms Enabled","The remote SSH server is configured to allow MD5 and 96-bit MAC
  1925. algorithms.","The remote SSH server is configured to allow either MD5 or 96-bit MAC
  1926. algorithms, both of which are considered weak.
  1927.  
  1928. Note that this plugin only checks for the options of the SSH server,
  1929. and it does not check for vulnerable software versions.","Contact the vendor or consult product documentation to disable MD5 and
  1930. 96-bit MAC algorithms.","","
  1931. The following client-to-server Message Authentication Code (MAC) algorithms
  1932. are supported :
  1933.  
  1934. hmac-md5
  1935. hmac-md5-96
  1936. hmac-sha1-96
  1937.  
  1938. The following server-to-client Message Authentication Code (MAC) algorithms
  1939. are supported :
  1940.  
  1941. hmac-md5
  1942. hmac-md5-96
  1943. hmac-sha1-96
  1944. "
  1945. "72779","","","None","10.10.0.4","tcp","53","DNS Server Version Detection","Nessus was able to obtain version information on the remote DNS
  1946. server.","Nessus was able to obtain version information by sending a special TXT
  1947. record query to the remote host.
  1948.  
  1949. Note that this version is not necessarily accurate and could even be
  1950. forged, as some DNS servers send the information based on a
  1951. configuration file.","n/a","","
  1952. DNS server answer for ""version.bind"" (over TCP) :
  1953.  
  1954. 9.4.2
  1955. "
  1956. "78479","CVE-2014-3566","4.3","Medium","10.10.0.4","tcp","5432","SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)","It is possible to obtain sensitive information from the remote host
  1957. with SSL/TLS-enabled services.","The remote host is affected by a man-in-the-middle (MitM) information
  1958. disclosure vulnerability known as POODLE. The vulnerability is due to
  1959. the way SSL 3.0 handles padding bytes when decrypting messages
  1960. encrypted using block ciphers in cipher block chaining (CBC) mode.
  1961. MitM attackers can decrypt a selected byte of a cipher text in as few
  1962. as 256 tries if they are able to force a victim application to
  1963. repeatedly send the same data over newly created SSL 3.0 connections.
  1964.  
  1965. As long as a client and service both support SSLv3, a connection can
  1966. be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the
  1967. client and service.
  1968.  
  1969. The TLS Fallback SCSV mechanism prevents 'version rollback' attacks
  1970. without impacting legacy clients; however, it can only protect
  1971. connections when the client and service support the mechanism. Sites
  1972. that cannot disable SSLv3 immediately should enable this mechanism.
  1973.  
  1974. This is a vulnerability in the SSLv3 specification, not in any
  1975. particular SSL implementation. Disabling SSLv3 is the only way to
  1976. completely mitigate the vulnerability.","Disable SSLv3.
  1977.  
  1978. Services that must support SSLv3 should enable the TLS Fallback SCSV
  1979. mechanism until SSLv3 can be disabled.","https://www.imperialviolet.org/2014/10/14/poodle.html
  1980. https://www.openssl.org/~bodo/ssl-poodle.pdf
  1981. https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00","
  1982. Nessus determined that the remote server supports SSLv3 with at least one CBC
  1983. cipher suite, indicating that this server is vulnerable.
  1984.  
  1985. It appears that TLSv1 or newer is supported on the server. However, the
  1986. Fallback SCSV mechanism is not supported, allowing connections to be ""rolled
  1987. back"" to SSLv3.
  1988. "
  1989. "84574","","","None","10.10.0.4","tcp","80","Backported Security Patch Detection (PHP)","Security patches have been backported.","Security patches may have been 'backported' to the remote PHP install
  1990. without changing its version number.
  1991.  
  1992. Banner-based checks have been disabled to avoid false positives.
  1993.  
  1994. Note that this test is informational only and does not denote any
  1995. security problem.","n/a","https://access.redhat.com/security/updates/backporting/?sc_cid=3093","
  1996. Give Nessus credentials to perform local checks.
  1997. "
  1998. "86420","","","None","10.10.0.4","tcp","0","Ethernet MAC Addresses","This plugin gathers MAC addresses from various sources and
  1999. consolidates them into a list.","This plugin gathers MAC addresses discovered from both remote probing
  2000. of the host (e.g. SNMP and Netbios) and from running local checks
  2001. (e.g. ifconfig). It then consolidates the MAC addresses into a single,
  2002. unique, and uniform list.","n/a","","The following is a consolidated list of detected MAC addresses:
  2003. - 08:00:27:F6:CF:41
  2004. "
  2005. "90317","","4.3","Medium","10.10.0.4","tcp","22","SSH Weak Algorithms Supported","The remote SSH server is configured to allow weak encryption
  2006. algorithms or no algorithm at all.","Nessus has detected that the remote SSH server is configured to use
  2007. the Arcfour stream cipher or no cipher at all. RFC 4253 advises
  2008. against using Arcfour due to an issue with weak keys.","Contact the vendor or consult product documentation to remove the weak
  2009. ciphers.","https://tools.ietf.org/html/rfc4253#section-6.3","
  2010. The following weak server-to-client encryption algorithms are supported :
  2011.  
  2012. arcfour
  2013. arcfour128
  2014. arcfour256
  2015.  
  2016. The following weak client-to-server encryption algorithms are supported :
  2017.  
  2018. arcfour
  2019. arcfour128
  2020. arcfour256
  2021. "
  2022. "90509","CVE-2016-2118","6.8","Medium","10.10.0.4","tcp","445","Samba Badlock Vulnerability","An SMB server running on the remote host is affected by the Badlock
  2023. vulnerability.","The version of Samba, a CIFS/SMB server for Linux and Unix, running on
  2024. the remote host is affected by a flaw, known as Badlock, that exists
  2025. in the Security Account Manager (SAM) and Local Security
  2026. Authority (Domain Policy) (LSAD) protocols due to improper
  2027. authentication level negotiation over Remote Procedure Call (RPC)
  2028. channels. A man-in-the-middle attacker who is able to able to
  2029. intercept the traffic between a client and a server hosting a SAM
  2030. database can exploit this flaw to force a downgrade of the
  2031. authentication level, which allows the execution of arbitrary Samba
  2032. network calls in the context of the intercepted user, such as viewing
  2033. or modifying sensitive security data in the Active Directory (AD)
  2034. database or disabling critical services.","Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later.","http://badlock.org
  2035. https://www.samba.org/samba/security/CVE-2016-2118.html","
  2036. Nessus detected that the Samba Badlock patch has not been applied.
  2037. "
  2038. "96982","","","None","10.10.0.4","tcp","445","Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)","The remote Windows host supports the SMBv1 protocol.","The remote Windows host supports Server Message Block Protocol
  2039. version 1 (SMBv1). Microsoft recommends that users discontinue the use
  2040. of SMBv1 due to the lack of security features that were included in
  2041. later SMB versions. Additionally, the Shadow Brokers group reportedly
  2042. has an exploit that affects SMB; however, it is unknown if the exploit
  2043. affects SMBv1 or another version. In response to this, US-CERT
  2044. recommends that users disable SMBv1 per SMB best practices to mitigate
  2045. these potential issues.","Disable SMBv1 according to the vendor instructions in Microsoft
  2046. KB2696547. Additionally, block SMB directly by blocking TCP port 445
  2047. on all network boundary devices. For SMB over the NetBIOS API, block
  2048. TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary
  2049. devices.","https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
  2050. https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and
  2051. http://www.nessus.org/u?8dcab5e4
  2052. http://www.nessus.org/u?234f8ef8
  2053. http://www.nessus.org/u?4c7e0cf3","
  2054. The remote host supports SMBv1.
  2055. "
  2056. "100871","","","None","10.10.0.4","tcp","445","Microsoft Windows SMB Versions Supported (remote check)","It was possible to obtain information about the version of SMB running
  2057. on the remote host.","Nessus was able to obtain the version of SMB running on the remote
  2058. host by sending an authentication request to port 139 or 445.
  2059.  
  2060. Note that this plugin is a remote check and does not work on agents.","n/a","","
  2061. The remote host supports the following versions of SMB :
  2062. SMBv1
  2063. "
  2064. "104743","","","None","10.10.0.4","tcp","5432","TLS Version 1.0 Protocol Detection","The remote service encrypts traffic using an older version of TLS.","The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a
  2065. number of cryptographic design flaws. Modern implementations of TLS 1.0
  2066. mitigate these problems, but newer versions of TLS like 1.1 and 1.2 are
  2067. designed against these flaws and should be used whenever possible.
  2068.  
  2069. PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
  2070. 2018, except for POS POI terminals (and the SSL/TLS termination
  2071. points to which they connect) that can be verified as not being
  2072. susceptible to any known exploits.","Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.","","TLSv1 is enabled and the server supports at least one cipher."
  2073. "104887","","","None","10.10.0.4","tcp","445","Samba Version","It was possible to obtain the samba version from the remote
  2074. operating system.","Nessus was able to obtain the samba version from the remote
  2075. operating by sending an authentication request to port 139 or 445.
  2076. Note that this plugin requires SMB1 to be enabled on the host.","n/a","","
  2077. The remote Samba Version is : Samba 3.0.20-Debian"
  2078. "106716","","","None","10.10.0.4","tcp","445","Microsoft Windows SMB2 Dialects Supported (remote check)","It was possible to obtain information about the dialects of SMB2 available
  2079. on the remote host.","Nessus was able to obtain the set of SMB2 dialects running on the remote
  2080. host by sending an authentication request to port 139 or 445.","n/a","","
  2081. The remote host does NOT support the following SMB dialects :
  2082. _version_ _introduced in windows version_
  2083. 2.0.2 Windows 2008
  2084. 2.1 Windows 7
  2085. 2.2.2 Windows 8 Beta
  2086. 2.2.4 Windows 8 Beta
  2087. 3.0 Windows 8
  2088. 3.0.2 Windows 8.1
  2089. 3.1 Windows 10
  2090. 3.1.1 Windows 10
  2091. "
  2092. "110723","","","None","10.10.0.4","tcp","0","No Credentials Provided","Nessus was able to find common ports used for local checks,
  2093. however, no credentials were provided in the scan policy.","Nessus was unable to execute credentialed checks because no
  2094. credentials were provided.","n/a","","SSH was detected on port 22 but no credentials were provided.
  2095. SSH local checks were not enabled.
  2096.  
  2097. "
  2098. "117886","","","None","10.10.0.4","tcp","0","Local Checks Not Enabled (info)","Local checks were not enabled.","Nessus did not enable local checks on the remote host. This does not
  2099. necessarily indicate a problem with the scan. Credentials may not have
  2100. been provided, local checks may not be available for the target, the
  2101. target may not have been identified, or another issue may have
  2102. occurred that prevented local checks from being enabled. See plugin
  2103. output for details.
  2104.  
  2105. This plugin reports informational findings related to local checks not
  2106. being enabled. For failure information, see plugin 21745 :
  2107. 'Authentication Failure - Local Checks Not Run'.","n/a","","
  2108. The following issues were reported :
  2109.  
  2110. - Plugin : no_local_checks_credentials.nasl
  2111. Plugin ID : 110723
  2112. Plugin Name : No Credentials Provided
  2113. Message :
  2114. Credentials were not provided for detected SSH service.
  2115. "
  2116. "118224","","","None","10.10.0.4","tcp","5432","PostgreSQL STARTTLS Support","The remote service supports encrypting traffic.","The remote PostgreSQL server supports the use of encryption
  2117. initiated during pre-login to switch from a cleartext to an
  2118. encrypted communications channel.","n/a","https://www.postgresql.org/docs/9.2/protocol-flow.html#AEN96066
  2119. https://www.postgresql.org/docs/9.2/protocol-message-formats.html","
  2120. Here is the PostgreSQL's SSL certificate that Nessus
  2121. was able to collect after sending a pre-login packet :
  2122.  
  2123. ------------------------------ snip ------------------------------
  2124. Subject Name:
  2125.  
  2126. Country: XX
  2127. State/Province: There is no such thing outside US
  2128. Locality: Everywhere
  2129. Organization: OCOSA
  2130. Organization Unit: Office for Complication of Otherwise Simple Affairs
  2131. Common Name: ubuntu804-base.localdomain
  2132. Email Address: root@ubuntu804-base.localdomain
  2133.  
  2134. Issuer Name:
  2135.  
  2136. Country: XX
  2137. State/Province: There is no such thing outside US
  2138. Locality: Everywhere
  2139. Organization: OCOSA
  2140. Organization Unit: Office for Complication of Otherwise Simple Affairs
  2141. Common Name: ubuntu804-base.localdomain
  2142. Email Address: root@ubuntu804-base.localdomain
  2143.  
  2144. Serial Number: 00 FA F9 3A 4C 7F B6 B9 CC
  2145.  
  2146. Version: 1
  2147.  
  2148. Signature Algorithm: SHA-1 With RSA Encryption
  2149.  
  2150. Not Valid Before: Mar 17 14:07:45 2010 GMT
  2151. Not Valid After: Apr 16 14:07:45 2010 GMT
  2152.  
  2153. Public Key Info:
  2154.  
  2155. Algorithm: RSA Encryption
  2156. Key Length: 1024 bits
  2157. Public Key: 00 D6 B4 13 36 33 9A 95 71 7B 1B DE 7C 83 75 DA 71 B1 3C A9
  2158. 7F FE AD 64 1B 77 E9 4F AE BE CA D4 F8 CB EF AE BB 43 79 24
  2159. 73 FF 3C E5 9E 3B 6D FC C8 B1 AC FA 4C 4D 5E 9B 4C 99 54 0B
  2160. D7 A8 4A 50 BA A9 DE 1D 1F F4 E4 6B 02 A3 F4 6B 45 CD 4C AF
  2161. 8D 89 62 33 8F 65 BB 36 61 9F C4 2C 73 C1 4E 2E A0 A8 14 4E
  2162. 98 70 46 61 BB D1 B9 31 DF 8C 99 EE 75 6B 79 3C 40 A0 AE 97
  2163. 00 90 9D DC 99 0D 33 A4 B5
  2164. Exponent: 01 00 01
  2165.  
  2166. Signature Length: 128 bytes / 1024 bits
  2167. Signature: 00 92 A4 B4 B8 14 55 63 25 51 4A 0B C3 2A 22 CF 3A F8 17 6A
  2168. 0C CF 66 AA A7 65 2F 48 6D CD E3 3E 5C 9F 77 6C D4 44 54 1F
  2169. 1E 84 4F 8E D4 8D DD AC 2D 88 09 21 A8 DA 56 2C A9 05 3C 49
  2170. 68 35 19 75 0C DA 53 23 88 88 19 2D 74 26 C1 22 65 EE 11 68
  2171. 83 6A 53 4A 9C 27 CB A0 B4 E9 8D 29 0C B2 3C 18 5C 67 CC 53
  2172. A6 1E 30 D0 AA 26 7B 1E AE 40 B9 29 01 6C 2E BC A2 19 94 7C
  2173. 15 6E 8D 30 38 F6 CA 2E 75
  2174.  
  2175.  
  2176. ------------------------------ snip ------------------------------
  2177. "
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!