I Summary=========This document reports on the results of an automatic sec

1. I Summary
2. =========
3.  
4. This document reports on the results of an automatic security scan.
5. The report first summarises the results found.
6. Then, for each host, the report describes every issue found.
7. Please consider the advice given in each description, in order to rectify
8. the issue.
9.  
10. All dates are displayed using the timezone "Coordinated Universal Time",
11. which is abbreviated "UTC".
12.  
13. Vendor security updates are not trusted.
14.  
15. Overrides are on. When a result has an override, this report uses the
16. threat of the override.
17.  
18. Notes are included in the report.Information on overrides is included in the report.
19.  
20. This report might not show details of all issues that were found.
21. It only lists hosts that produced issues.
22. Issues with the threat level "Log" are not shown.
23. Issues with the threat level "Debug" are not shown.
24. Issues with the threat level "False Positive" are not shown.
25. Only results with a minimum QoD of 70 are shown.
26.  
27. This report contains all 4 results selected by the
28. filtering described above. Before filtering there were 121 results.
29.  
30. Scan started: Fri Oct 20 21:27:56 2017 UTC
31. Scan ended: Fri Oct 20 21:56:16 2017 UTC
32. Task: HTB-Europa
33.  
34. Host Summary
35. ************
36.  
37. Host High Medium Low Log False Positive
38. 10.10.10.18 0 1 2 0 0
39. 10.10.10.56 0 0 1 0 0
40. Total: 2 0 1 3 0 0
41.  
42.  
43. II Results per Host
44. ===================
45.  
46. Host 10.10.10.18
47. ****************
48.  
49. Scanning of this host started at: Fri Oct 20 21:28:03 2017 UTC
50. Number of results: 3
51.  
52. Port Summary for Host 10.10.10.18
53. ---------------------------------
54.  
55. Service (Port) Threat Level
56. 22/tcp Medium
57. general/tcp Low
58. general/tcp Low
59.  
60. Security Issues for Host 10.10.10.18
61. ------------------------------------
62.  
63. Issue
64. -----
65. NVT: SSH Weak Encryption Algorithms Supported
66. OID: 1.3.6.1.4.1.25623.1.0.105611
67. Threat: Medium (CVSS: 4.3)
68. Port: 22/tcp
69.  
70. Summary:
71. The remote SSH server is configured to allow weak encryption algorithms.
72.  
73. Vulnerability Detection Result:
74. The following weak client-to-server encryption algorithms are supported by the r!
75. emote service:
76. 3des-cbc
77. aes128-cbc
78. aes192-cbc
79. aes256-cbc
80. arcfour
81. arcfour128
82. arcfour256
83. blowfish-cbc
84. cast128-cbc
85. rijndael-cbc@lysator.liu.se
86. The following weak server-to-client encryption algorithms are supported by the r!
87. emote service:
88. 3des-cbc
89. aes128-cbc
90. aes192-cbc
91. aes256-cbc
92. arcfour
93. arcfour128
94. arcfour256
95. blowfish-cbc
96. cast128-cbc
97. rijndael-cbc@lysator.liu.se
98.  
99. Solution:
100. Solution type: Mitigation
101. Disable the weak encryption algorithms.
102.  
103. Vulnerability Insight:
104. The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
105. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]!
106. . Arcfour (and RC4) has problems
107. with weak keys, and should not be used anymore.
108. The `none` algorithm specifies that no encryption is to be done.
109. Note that this method provides no confidentiality protection, and it
110. is NOT RECOMMENDED to use it.
111. A vulnerability exists in SSH messages that employ CBC mode that may allow an !
112. attacker to recover plaintext from a block of ciphertext.
113.  
114. Vulnerability Detection Method:
115. Check if remote ssh service supports Arcfour, none or CBC ciphers.
116. Details:
117. SSH Weak Encryption Algorithms Supported
118. (OID: 1.3.6.1.4.1.25623.1.0.105611)
119. Version used: $Revision: 4490 $
120.  
121. References:
122. Other:
123. https://tools.ietf.org/html/rfc4253#section-6.3
124. https://www.kb.cert.org/vuls/id/958563
125.  
126.  
127. Issue
128. -----
129. NVT: SSH Weak MAC Algorithms Supported
130. OID: 1.3.6.1.4.1.25623.1.0.105610
131. Threat: Low (CVSS: 2.6)
132. Port: 22/tcp
133.  
134. Summary:
135. The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorith!
136. ms.
137.  
138. Vulnerability Detection Result:
139. The following weak client-to-server MAC algorithms are supported by the remote s!
140. ervice:
141. hmac-md5
142. hmac-md5-96
143. hmac-md5-96-etm@openssh.com
144. hmac-md5-etm@openssh.com
145. hmac-sha1-96
146. hmac-sha1-96-etm@openssh.com
147. The following weak server-to-client MAC algorithms are supported by the remote s!
148. ervice:
149. hmac-md5
150. hmac-md5-96
151. hmac-md5-96-etm@openssh.com
152. hmac-md5-etm@openssh.com
153. hmac-sha1-96
154. hmac-sha1-96-etm@openssh.com
155.  
156. Solution:
157. Solution type: Mitigation
158. Disable the weak MAC algorithms.
159.  
160. Vulnerability Detection Method:
161. Details:
162. SSH Weak MAC Algorithms Supported
163. (OID: 1.3.6.1.4.1.25623.1.0.105610)
164. Version used: $Revision: 4490 $
165.  
166.  
167. Issue
168. -----
169. NVT: TCP timestamps
170. OID: 1.3.6.1.4.1.25623.1.0.80091
171. Threat: Low (CVSS: 2.6)
172. Port: general/tcp
173.  
174. Summary:
175. The remote host implements TCP timestamps and therefore allows to compute
176. the uptime.
177.  
178. Vulnerability Detection Result:
179. It was detected that the host implements RFC1323.
180. The following timestamps were retrieved with a delay of 1 seconds in-between:
181. Packet 1: 233450904
182. Packet 2: 233451186
183.  
184. Impact:
185. A side effect of this feature is that the uptime of the remote
186. host can sometimes be computed.
187.  
188. Solution:
189. Solution type: Mitigation
190. To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
191. /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
192. To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
193. mps=disabled'
194. Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
195. ly disabled.
196. The default behavior of the TCP/IP stack on this Systems is to not use the
197. Timestamp options when initiating TCP connections, but use them if the TCP pee!
198. r
199. that is initiating communication includes them in their synchronize (SYN) segm!
200. ent.
201. See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
202.  
203. Affected Software/OS:
204. TCP/IPv4 implementations that implement RFC1323.
205.  
206. Vulnerability Insight:
207. The remote host implements TCP timestamps, as defined by RFC1323.
208.  
209. Vulnerability Detection Method:
210. Special IP packets are forged and sent with a little delay in between to the
211. target IP. The responses are searched for a timestamps. If found, the timestam!
212. ps are reported.
213. Details:
214. TCP timestamps
215. (OID: 1.3.6.1.4.1.25623.1.0.80091)
216. Version used: $Revision: 7277 $
217.  
218. References:
219. Other:
220. http://www.ietf.org/rfc/rfc1323.txt
221.  
222.  
223. Host 10.10.10.56
224. ****************
225.  
226. Scanning of this host started at: Fri Oct 20 21:28:03 2017 UTC
227. Number of results: 1
228.  
229. Port Summary for Host 10.10.10.56
230. ---------------------------------
231.  
232. Service (Port) Threat Level
233. 22/tcp Medium
234. general/tcp Low
235. general/tcp Low
236.  
237. Security Issues for Host 10.10.10.56
238. ------------------------------------
239.  
240. Issue
241. -----
242. NVT: TCP timestamps
243. OID: 1.3.6.1.4.1.25623.1.0.80091
244. Threat: Low (CVSS: 2.6)
245. Port: general/tcp
246.  
247. Summary:
248. The remote host implements TCP timestamps and therefore allows to compute
249. the uptime.
250.  
251. Vulnerability Detection Result:
252. It was detected that the host implements RFC1323.
253. The following timestamps were retrieved with a delay of 1 seconds in-between:
254. Packet 1: 64746346
255. Packet 2: 64746645
256.  
257. Impact:
258. A side effect of this feature is that the uptime of the remote
259. host can sometimes be computed.
260.  
261. Solution:
262. Solution type: Mitigation
263. To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
264. /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
265. To disable TCP timestamps on Windows execute 'netsh int tcp set global timesta!
266. mps=disabled'
267. Starting with Windows Server 2008 and Vista, the timestamp can not be complete!
268. ly disabled.
269. The default behavior of the TCP/IP stack on this Systems is to not use the
270. Timestamp options when initiating TCP connections, but use them if the TCP pee!
271. r
272. that is initiating communication includes them in their synchronize (SYN) segm!
273. ent.
274. See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
275.  
276. Affected Software/OS:
277. TCP/IPv4 implementations that implement RFC1323.
278.  
279. Vulnerability Insight:
280. The remote host implements TCP timestamps, as defined by RFC1323.
281.  
282. Vulnerability Detection Method:
283. Special IP packets are forged and sent with a little delay in between to the
284. target IP. The responses are searched for a timestamps. If found, the timestam!
285. ps are reported.
286. Details:
287. TCP timestamps
288. (OID: 1.3.6.1.4.1.25623.1.0.80091)
289. Version used: $Revision: 7277 $
290.  
291. References:
292. Other:
293. http://www.ietf.org/rfc/rfc1323.txt