Created
January 12, 2015 01:51
-
-
Save nstarke/d94e71adfac22f5a28fa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<report content_type='text/xml' extension='xml' format_id='a994b278-1f62-11e1-96ac-406186ea4fc5' id='7fa042b4-55ee-4ece-a647-7f2288e24b5c' type='scan'><owner><name/></owner><name>2015-01-12T01:24:46Z</name><comment/><creation_time>2015-01-12T01:24:46Z</creation_time><modification_time>2015-01-12T01:32:42Z</modification_time><writable>0</writable><in_use>0</in_use><report id='7fa042b4-55ee-4ece-a647-7f2288e24b5c'><report_format/><sort><field>type<order>descending</order></field></sort><filters id='0'><term>sort-reverse=ROWID result_hosts_only=1 min_cvss_base= levels=hmlgd autofp=0 notes=0 overrides=0 first=1 rows=-1 delta_states=cgns</term>hmlgd<phrase/><autofp>0</autofp><notes>0</notes><overrides>0</overrides><apply_overrides>0</apply_overrides><result_hosts_only>1</result_hosts_only><min_cvss_base/><filter>High</filter><filter>Medium</filter><filter>Low</filter><filter>Log</filter><filter>Debug</filter></filters><severity_class id='d4c74cda-89e1-11e3-9c29-406186ea4fc5'><name>nist</name><full_name>NVD Vulnerability Severity Ratings</full_name><severity_range><name>None</name><min>0.0</min><max>0.0</max></severity_range><severity_range><name>Low</name><min>0.1</min><max>3.9</max></severity_range><severity_range><name>Medium</name><min>4.0</min><max>6.9</max></severity_range><severity_range><name>High</name><min>7.0</min><max>10.0</max></severity_range></severity_class><user_tags><count>0</count></user_tags><scan_run_status>Done</scan_run_status><hosts><count>1</count></hosts><closed_cves><count>0</count></closed_cves><vulns><count>25</count></vulns><os><count>1</count></os><apps><count>0</count></apps><ssl_certs><count>0</count></ssl_certs><task id='b68f64af-655a-4e07-b00d-e277655a6e4a'><name>Metasploitable</name><comment>Metasploitable scan</comment><target id='ee962e6d-657a-4929-97e0-15f1d44d5888'><trash>0</trash></target><progress>-1</progress></task><scan><task><slave id=''><name/><host/><port>0</port></slave><preferences><preference><name>Network Source Interface</name><scanner_name>source_iface</scanner_name><value/></preference></preferences></task></scan><timestamp>2015-01-12T01:24:27Z</timestamp><scan_start>2015-01-12T01:24:46Z</scan_start><ports max='-1' start='1'><count>15</count><port><host>192.168.0.10</host>general/tcp<severity>10.0</severity><threat>High</threat></port><port><host>192.168.0.10</host>9/tcp<severity>10.0</severity><threat>High</threat></port><port><host>192.168.0.10</host>161/tcp<severity>7.5</severity><threat>High</threat></port><port><host>192.168.0.10</host>19/udp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>17/udp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>17/tcp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>135/tcp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>general/icmp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>general/CPE-T<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>7/udp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>7/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>445/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>19/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>161/udp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>139/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>137/udp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>13/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>123/udp<severity>0.0</severity><threat>Log</threat></port></ports><results max='-1' start='1'><result id='2a06735f-3a18-4247-b844-1eddfece5cdd'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.103674'><name>OS End Of Life Detection</name><family>General</family><cvss_base>10.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:C/I:C/A:C|summary=OS End Of Life Detection | |
The Operating System on the remote host has reached the end of life and should | |
not be used anymore</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 11 $</scan_nvt_version><threat>High</threat><severity>10.0</severity><description>The Operating System (cpe:/o:microsoft:windows_2000) on the remote host has reached the end of life at 13 Jul 2010 | |
and should not be used anymore. | |
See http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=Windows+2000&Filter=FilterNO for more information. | |
</description></result><result id='cc19015d-4e05-4d44-bff5-1ca5d569c725'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>9/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11367'><name>Discard port open</name><family>Useless services</family><cvss_base>10.0</cvss_base><cve>CVE-1999-0636</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:C/I:C/A:C|solution=- Under Unix systems, comment out the 'discard' line in /etc/inetd.conf | |
and restart the inetd process | |
- Under Windows systems, set the following registry key to 0 : | |
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpDiscard | |
Then launch cmd.exe and type : | |
net stop simptcp | |
net start simptcp | |
To restart the service.|summary=The remote host is running a 'discard' service. This service | |
typically sets up a listening socket and will ignore all the | |
data which it receives. | |
This service is unused these days, so it is advised that you | |
disable it.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>High</threat><severity>10.0</severity><description/></result><result id='7dc6d647-2643-445c-a8b9-d9d4ed2924f9'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.802295'><name>Linux Kernel IGMP Remote Denial of Service Vulnerability</name><family>Denial of Service</family><cvss_base>7.8</cvss_base><cve>CVE-2012-0207</cve><bid>51343</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:C|impact=Successful exploitation may allow remote attackers to cause a kernel crash, | |
denying service to legitimate users. | |
Impact Level: System|affected=Linux Kernels above or equal to 2.6.36|insight=The flaw is due to an error in IGMP protocol implementation, which | |
can be exploited to cause a kernel crash via specially crafted IGMP queries.|solution=Upgrade to Linux Kernel version 3.0.17, 3.1.9 or 3.2.1 | |
For updates refer to http://www.kernel.org|summary=This host is running Linux and prone to remote denial of service | |
vulnerability.</tags><cert><cert_ref id='DFN-CERT-2012-2075' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-1697' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-1272' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-0426' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-0360' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-0241' type='DFN-CERT'/></cert><xref>URL:http://secunia.com/advisories/47472, URL:http://www.exploit-db.com/exploits/18378, URL:http://www.securitytracker.com/id/1026526, URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876, URL:http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html, URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27</xref></nvt><scan_nvt_version>$Revision: 12 $</scan_nvt_version><threat>High</threat><severity>7.8</severity><description/></result><result id='c536f2d0-34a3-46c5-b12d-46f3b9c0b132'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>161/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10264'><name>Report default community names of the SNMP Agent</name><family>SNMP</family><cvss_base>7.5</cvss_base><cve>CVE-1999-0516</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P|impact=If an attacker is able to guess a PUBLIC community string, they would be able to | |
read SNMP data (depending on which MIBs are installed) from the remote device. | |
This information might include system time, IP addresses, interfaces, processes | |
running, etc. | |
If an attacker is able to guess a PRIVATE community string (WRITE or 'writeall' | |
access), they will have the ability to change information on the remote machine. | |
This could be a huge security hole, enabling remote attackers to wreak complete | |
havoc such as routing network traffic, initiating processes, etc. In essence, | |
'writeall' access will give the remote attacker full administrative rights over | |
the remote machine. | |
Note that this test only gathers information and does not attempt to write to | |
the remote device. Thus it is not possible to determine automatically whether | |
the reported community is public or private. | |
Also note that information made available through a guessable community string | |
might or might not contain sensitive data. Please review the information | |
available through the reported community string to determine the impact of this | |
disclosure.|solution=Determine if the detected community string is a private community string. | |
Determine whether a public community string exposes sensitive information. | |
Disable the SNMP service if you don't use it or change the default community string.|summary=Simple Network Management Protocol (SNMP) is a protocol | |
which can be used by administrators to remotely manage a computer or network | |
device. There are typically 2 modes of remote SNMP monitoring. These modes | |
are roughly 'READ' and 'WRITE' (or PUBLIC and PRIVATE).</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 640 $</scan_nvt_version><threat>High</threat><severity>7.5</severity><description>SNMP Agent responded as expected with community name: | |
public | |
</description></result><result id='427f8b15-ad5e-45c9-a2a3-e4b2e6e0e7ab'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>17/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10198'><name>Quote of the day</name><family>Useless services</family><cvss_base>5.0</cvss_base><cve>CVE-1999-0103</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|summary=The quote service (qotd) is running on this host. | |
Description : | |
A server listens for TCP connections on TCP port 17. Once a connection | |
is established a short message is sent out the connection (and any | |
data received is thrown away). The service closes the connection | |
after sending the quote. | |
Another quote of the day service is defined as a datagram based | |
application on UDP. A server listens for UDP datagrams on UDP port 17. | |
When a datagram is received, an answering datagram is sent containing | |
a quote (the data in the received datagram is ignored). | |
An easy attack is 'pingpong' which IP spoofs a packet between two machines | |
running qotd. This will cause them to spew characters at each other, | |
slowing the machines down and saturating the network.|solution=- Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf | |
and restart the inetd process | |
- Under Windows systems, set the following registry keys to 0 : | |
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd | |
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd | |
Then launch cmd.exe and type : | |
net stop simptcp | |
net start simptcp | |
To restart the service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='5a5bd87c-178c-422b-81f3-eee845403510'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>17/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10198'><name>Quote of the day</name><family>Useless services</family><cvss_base>5.0</cvss_base><cve>CVE-1999-0103</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|summary=The quote service (qotd) is running on this host. | |
Description : | |
A server listens for TCP connections on TCP port 17. Once a connection | |
is established a short message is sent out the connection (and any | |
data received is thrown away). The service closes the connection | |
after sending the quote. | |
Another quote of the day service is defined as a datagram based | |
application on UDP. A server listens for UDP datagrams on UDP port 17. | |
When a datagram is received, an answering datagram is sent containing | |
a quote (the data in the received datagram is ignored). | |
An easy attack is 'pingpong' which IP spoofs a packet between two machines | |
running qotd. This will cause them to spew characters at each other, | |
slowing the machines down and saturating the network.|solution=- Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf | |
and restart the inetd process | |
- Under Windows systems, set the following registry keys to 0 : | |
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd | |
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd | |
Then launch cmd.exe and type : | |
net stop simptcp | |
net start simptcp | |
To restart the service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='84d244b3-0437-4146-bcc6-7c318b7c4597'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>19/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10043'><name>Chargen</name><family>Useless services</family><cvss_base>5.0</cvss_base><cve>CVE-1999-0103</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|summary=The remote host is running a 'chargen' service. | |
Description : | |
When contacted, chargen responds with some random characters (something | |
like all the characters in the alphabet in a row). When contacted via UDP, it | |
will respond with a single UDP packet. When contacted via TCP, it will | |
continue spewing characters until the client closes the connection. | |
The purpose of this service was to mostly to test the TCP/IP protocol | |
by itself, to make sure that all the packets were arriving at their | |
destination unaltered. It is unused these days, so it is suggested | |
you disable it, as an attacker may use it to set up an attack against | |
this host, or against a third party host using this host as a relay. | |
An easy attack is 'ping-pong' in which an attacker spoofs a packet between | |
two machines running chargen. This will cause them to spew characters at | |
each other, slowing the machines down and saturating the network.|solution=- Under Unix systems, comment out the 'chargen' line in /etc/inetd.conf | |
and restart the inetd process | |
- Under Windows systems, set the following registry keys to 0 : | |
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpChargen | |
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpChargen | |
Then launch cmd.exe and type : | |
net stop simptcp | |
net start simptcp | |
To restart the service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='44a18747-3279-4aca-889d-56c104a7c7a7'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>135/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10736'><name>DCE Services Enumeration</name><family>Windows</family><cvss_base>5.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|solution=filter incoming traffic to this port.|summary=Distributed Computing Environment (DCE) services running on the remote host | |
can be enumerated by connecting on port 135 and doing the appropriate queries. | |
An attacker may use this fact to gain more knowledge | |
about the remote host.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='0eb4b9e5-bdf1-416f-ba75-ec8fb497bda4'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>135/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10736'><name>DCE Services Enumeration</name><family>Windows</family><cvss_base>5.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|solution=filter incoming traffic to this port.|summary=Distributed Computing Environment (DCE) services running on the remote host | |
can be enumerated by connecting on port 135 and doing the appropriate queries. | |
An attacker may use this fact to gain more knowledge | |
about the remote host.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description>Distributed Computing Environment (DCE) services running on the remote host | |
can be enumerated by connecting on port 135 and doing the appropriate queries. | |
An attacker may use this fact to gain more knowledge | |
about the remote host. | |
Here is the list of DCE services running on this host: | |
Port: 1025/tcp | |
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 | |
Endpoint: ncacn_ip_tcp:192.168.0.10[1025] | |
Named pipe : atsvc | |
Win32 service or process : mstask.exe | |
Description : Scheduler service | |
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 | |
Endpoint: ncacn_ip_tcp:192.168.0.10[1025] | |
UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1 | |
Endpoint: ncacn_ip_tcp:192.168.0.10[1025] | |
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 | |
Endpoint: ncacn_ip_tcp:192.168.0.10[1025] | |
Annotation: Messenger Service | |
Named pipe : ntsvcs | |
Win32 service or process : messenger | |
Description : Messenger service | |
Port: 1028/udp | |
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 | |
Endpoint: ncadg_ip_udp:192.168.0.10[1028] | |
Annotation: Messenger Service | |
Named pipe : ntsvcs | |
Win32 service or process : messenger | |
Description : Messenger service | |
Solution : filter incoming traffic to this port(s). | |
</description></result><result id='7149159d-f3fa-4216-99e1-57ae56aeb864'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>135/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11159'><name>MS RPC Services null pointer reference DoS</name><family>Denial of Service</family><cvss_base>5.0</cvss_base><cve>CVE-2002-1561</cve><bid>6005</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|solution=Block access to TCP port 135.|summary=MS Windows RPC service (RPCSS) crashes trying to dereference a | |
null pointer when it receives a certain malformed request. | |
All MS RPC-based services (i.e. a large part of MS Windows 2000+) | |
running on the target machine are rendered inoperable.</tags><cert/><xref>IAVA:2003-t-0008</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='e05573c9-6f53-40ff-a7fe-36c12cf303b0'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11834'><name>Source routed packets</name><family>Firewalls</family><cvss_base>3.3</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:L/AC:M/Au:N/C:N/I:P/A:P|solution=drop source routed packets on this host or on other ingress | |
routers or firewalls.|summary=The remote host accepts loose source routed IP packets. | |
The feature was designed for testing purpose. | |
An attacker may use it to circumvent poorly designed IP filtering | |
and exploit another flaw. However, it is not dangerous by itself.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Low</threat><severity>3.3</severity><description> | |
The remote host accepts loose source routed IP packets. | |
The feature was designed for testing purpose. | |
An attacker may use it to circumvent poorly designed IP filtering | |
and exploit another flaw. However, it is not dangerous by itself. | |
Worse, the remote host reverses the route when it answers to loose | |
source routed TCP packets. This makes attacks easier. | |
Solution: drop source routed packets on this host or on other ingress | |
routers or firewalls. | |
</description></result><result id='34496ceb-2007-4e19-bace-6422411d1243'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/CPE-T</port><nvt oid='1.3.6.1.4.1.25623.1.0.810002'><name>CPE Inventory</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This routine uses information collected by other routines about | |
CPE identities (http://cpe.mitre.org/) of operating systems, services and | |
applications detected during the scan.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 314 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>192.168.0.10|cpe:/o:microsoft:windows_2000 | |
</description></result><result id='97908303-8a95-412e-9f8f-1825319bc95b'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/icmp</port><nvt oid='1.3.6.1.4.1.25623.1.0.103190'><name>ICMP Timestamp Detection</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>CVE-1999-0524</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:L/AC:L/Au:N/C:N/I:N/A:N|summary=The remote host responded to an ICMP timestamp request. The Timestamp Reply is | |
an ICMP message which replies to a Timestamp message. It consists of the | |
originating timestamp sent by the sender of the Timestamp as well as a receive | |
timestamp and a transmit timestamp. This information could theoretically be used | |
to exploit weak time-based random number generators in other services.</tags><cert><cert_ref id='DFN-CERT-2014-0658' type='DFN-CERT'/></cert><xref>URL:http://www.ietf.org/rfc/rfc0792.txt</xref></nvt><scan_nvt_version>$Revision: 13 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='a13b97b5-15f4-4556-a8f1-9c03e8f8ddaf'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/icmp</port><nvt oid='1.3.6.1.4.1.25623.1.0.12264'><name>Record route</name><family>General</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin sends packets with the 'Record Route' option. | |
It is a complement to traceroute.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Here is the route recorded between 192.168.0.13 and 192.168.0.10 : | |
192.168.0.10. | |
</description></result><result id='8c8fbf47-bed7-404f-9ca9-3df6ac91c9a6'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.80103'><name>3com switch2hub</name><family>Denial of Service</family><cvss_base>7.8</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:C|solution=Lock Mac addresses on each port of the remote switch or | |
buy newer switch.|summary=The remote host is subject to the | |
switch to hub flood attack. | |
Description : | |
The remote host on the local network seems to be connected | |
through a switch which can be turned into a hub when flooded | |
by different mac addresses. | |
The theory is to send a lot of packets (> 1000000) to the | |
port of the switch we are connected to, with random mac | |
addresses. This turns the switch into learning mode, where | |
traffic goes everywhere. | |
An attacker may use this flaw in the remote switch | |
to sniff data going to this host | |
Reference : | |
http://www.securitybugware.org/Other/2041.html</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 15 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Fake IP address not specified. Skipping this check. | |
</description></result><result id='940c254c-4ee1-460b-89df-145a5571199c'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.102002'><name>OS fingerprinting</name><family>Product detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script performs ICMP based OS fingerprinting (as described by | |
Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine | |
remote operating system version.</tags><cert/><xref>URL:http://www.phrack.org/issues.html?issue=57&amp;id=7#article</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>ICMP based OS fingerprint results: (91% confidence) | |
Microsoft Windows | |
</description></result><result id='529d4836-c074-4ba0-b38c-48c44f56078f'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.103429'><name>SNMP OS Identification</name><family>Product detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script performs SNMP based OS detection.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 656 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Detected OS: Windows 2000 | |
CPE: cpe:/o:microsoft:windows_2000 | |
Concluded from SNMP SysDesc: Hardware: x86 Family 6 Model 6 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free) | |
</description></result><result id='711722b0-d080-44d1-944a-45c16cc5d323'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10919'><name>Check open ports</name><family>General</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin checks if the port scanners did not kill a service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 382 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description> | |
OpenVAS cannot reach any of the previously open ports of the remote | |
host at the end of its scan. | |
This might be an availability problem related which might be | |
due to the following reasons : | |
- The remote host is now down, either because a user turned it | |
off during the scan or a selected denial of service was effective against | |
this host | |
- A network outage has been experienced during the scan, and the remote | |
network cannot be reached from the OpenVAS server any more | |
- This OpenVAS server has been blacklisted by the system administrator | |
or by automatic intrusion detection/prevention systems which have detected the | |
vulnerability assessment. | |
In any case, the audit of the remote host might be incomplete and may need to | |
be done again | |
</description></result><result id='087d7850-a9a5-4bac-8b35-0208b738f682'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.51662'><name>Traceroute</name><family>General</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Block unwanted packets from escaping your network.|summary=A traceroute from the scanning server to the target system was | |
conducted. This traceroute is provided primarily for informational | |
value only. In the vast majority of cases, it does not represent a | |
vulnerability. However, if the displayed traceroute contains any | |
private addresses that should not have been publicly visible, then you | |
have an issue you need to correct.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 14 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Here is the route from 192.168.0.13 to 192.168.0.10: | |
192.168.0.13 | |
192.168.0.10 | |
</description></result><result id='06c398b7-a13c-4c81-abdb-4cfd778a9a8b'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>7/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.100075'><name>Check for echo Service</name><family>Useless services</family><cvss_base>0.0</cvss_base><cve>CVE-1999-0635</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Disable echo Service.|summary=Echo Service is running at this Host. | |
The echo service is an Internet protocol defined in RFC 862. It was | |
originally proposed for testing and measurement of round-trip times in IP | |
networks. While still available on most UNIX-like operating systems, testing | |
and measurement is now performed with the Internet Control Message Protocol | |
(ICMP), using the applications ping and traceroute.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='06f31b07-adee-4cbc-884a-73dd30850d3a'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>7/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.100075'><name>Check for echo Service</name><family>Useless services</family><cvss_base>0.0</cvss_base><cve>CVE-1999-0635</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Disable echo Service.|summary=Echo Service is running at this Host. | |
The echo service is an Internet protocol defined in RFC 862. It was | |
originally proposed for testing and measurement of round-trip times in IP | |
networks. While still available on most UNIX-like operating systems, testing | |
and measurement is now performed with the Internet Control Message Protocol | |
(ICMP), using the applications ping and traceroute.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='025c5a67-bead-4592-97e5-613f5c923c47'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>7/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10330'><name>Services</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin attempts to guess which | |
service is running on the remote ports. For instance, | |
it searches for a web server which could listen on | |
another port than 80 and set the results in the plugins | |
knowledge base.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 69 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>An echo server is running on this port | |
</description></result><result id='35c6580b-9154-405c-8277-583677d8471d'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>13/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11153'><name>Identify unknown services with 'HELP'</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin performs service detection. | |
Description : | |
This plugin is a complement of find_service.nasl. It sends a HELP | |
request to the remaining unknown services and tries to identify | |
them.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 487 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Daytime is running on this port | |
</description></result><result id='ec226717-b805-4096-b2cd-815ef01c0e66'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>17/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11153'><name>Identify unknown services with 'HELP'</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin performs service detection. | |
Description : | |
This plugin is a complement of find_service.nasl. It sends a HELP | |
request to the remaining unknown services and tries to identify | |
them.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 487 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>qotd (Quote of the Day) seems to be running on this port | |
</description></result><result id='92584679-3dbe-4e95-b8dd-fffc06cd0476'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>19/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10330'><name>Services</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin attempts to guess which | |
service is running on the remote ports. For instance, | |
it searches for a web server which could listen on | |
another port than 80 and set the results in the plugins | |
knowledge base.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 69 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Chargen is running on this port | |
</description></result><result id='5dd39a30-8d2b-41f6-bb0c-93382d7c3ecc'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>123/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10884'><name>NTP read variables</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=A NTP (Network Time Protocol) server is listening on this port.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 487 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='9fd23890-99f7-409f-bd34-10fb808a7c31'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>137/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10150'><name>Using NetBIOS to retrieve information from a Windows host</name><family>Windows</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Block those ports from outside communication|summary=The NetBIOS port is open (UDP:137). A remote attacker may use this to gain | |
access to sensitive information such as computer name, workgroup/domain | |
name, currently logged on user name, etc.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>The following 7 NetBIOS names have been gathered : | |
VICTIM-3IM53RDD = This is the computer name registered for workstation services by a WINS client. | |
MSHOME = Workgroup / Domain name | |
VICTIM-3IM53RDD = Computer name | |
VICTIM-3IM53RDD = This is the current logged in user registered for this workstation. | |
MSHOME = Workgroup / Domain name (part of the Browser elections) | |
MSHOME | |
__MSBROWSE__ | |
The remote host has the following MAC address on its adapter : | |
08:00:27:a3:22:67 | |
If you do not want to allow everyone to find the NetBios name | |
of your computer, you should filter incoming traffic to this port. | |
</description></result><result id='8e093f68-2c3b-4dbd-98fd-94ae608ebada'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>139/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11011'><name>SMB on port 445</name><family>Windows</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script detects wether port 445 and 139 are open and | |
if thet are running SMB servers.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>An SMB server is running on this port | |
</description></result><result id='958dc57e-8ba6-4d78-b09b-28ea8cb7245d'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>161/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10265'><name>An SNMP Agent is running</name><family>SNMP</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=Either (or both) of the ports UDP:161 and UDP:162 are open. This usually | |
indicates an SNMP agent is present. Having such an agent open to outside | |
access may be used to compromise sensitive information, and can be used to | |
cause a Denial of Service attack. Certain SNMP agents may be | |
vulnerable to root compromise attacks. | |
More Information: | |
http://www.securiteam.com/exploits/Patrol_s_SNMP_Agent_3_2_can_lead_to_root_compromise.html</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 507 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>A SNMP server is running on this host | |
The following versions are supported | |
SNMP version1 | |
SNMP version2c | |
</description></result><result id='d02ba438-f241-45b7-b9d9-12936b103a96'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>445/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.102011'><name>SMB NativeLanMan</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=It is possible to extract OS, domain and SMB server information | |
from the Session Setup AndX Response packet which is generated | |
during NTLM authentication.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description> | |
Summary: | |
It is possible to extract OS, domain and SMB server information | |
from the Session Setup AndX Response packet which is generated | |
during NTLM authentication.Detected SMB workgroup: MSHOME | |
Detected SMB server: Windows 2000 LAN Manager | |
Detected OS: Windows 5.1 | |
</description></result><result id='86faff88-d0cb-49c4-9d3b-00dc6ab7963c'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>445/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11011'><name>SMB on port 445</name><family>Windows</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script detects wether port 445 and 139 are open and | |
if thet are running SMB servers.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>A CIFS server is running on this port | |
</description></result></results><result_count>31<full>31</full><filtered>31</filtered><debug><full>0</full><filtered>0</filtered></debug><hole><full>4</full><filtered>4</filtered></hole><info><full>1</full><filtered>1</filtered></info><log><full>20</full><filtered>20</filtered></log><warning><full>6</full><filtered>6</filtered></warning><false_positive><full>0</full><filtered>0</filtered></false_positive></result_count><severity><full>10.0</full><filtered>10.0</filtered></severity><host><ip>192.168.0.10</ip><start>2015-01-12T01:24:52Z</start><end>2015-01-12T01:32:41Z</end><detail><name>OS</name><value>Windows 5.1</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102011</name><description>Extracts info about the OS through NTLM authentication packets</description></source><extra/></detail><detail><name>OS</name><value>cpe:/o:microsoft:windows</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102011</name><description>Extracts info about the OS through NTLM authentication packets</description></source><extra/></detail><detail><name>MAC</name><value>08:00:27:A3:22:67</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103585</name><description>Nmap MAC Scan</description></source><extra/></detail><detail><name>traceroute</name><value>192.168.0.13,192.168.0.10</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.51662</name><description>Traceroute</description></source><extra/></detail><detail><name>ports</name><value>13,1025,7,17,445,5000,9,19,135,139</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.900239</name><description>Check Open TCP Ports</description></source><extra/></detail><detail><name>tcp_ports</name><value>13,1025,7,17,445,5000,9,19,135,139</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.900239</name><description>Check Open TCP Ports</description></source><extra/></detail><detail><name>OS</name><value>Microsoft Windows</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102002</name><description>Detects remote operating system version</description></source><extra/></detail><detail><name>OS</name><value>cpe:/o:microsoft:windows</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102002</name><description>Detects remote operating system version</description></source><extra/></detail><detail><name>OS</name><value>cpe:/o:microsoft:windows_2000</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103429</name><description>SNMP OS Identification</description></source><extra/></detail><detail><name>OS</name><value>Windows 2000</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103429</name><description>SNMP OS Identification</description></source><extra/></detail><detail><name>MAC</name><value>08:00:27:a3:22:67</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.10150</name><description>Using NetBIOS to retrieve information from a Windows host</description></source><extra/></detail><detail><name>hostname</name><value>VICTIM-3IM53RDD</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103996</name><description>Gather hardware related information</description></source><extra/></detail><detail><name>best_os_cpe</name><value>cpe:/o:microsoft:windows_2000</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103429</name><description>SNMP OS Identification</description></source><extra/></detail><detail><name>best_os_txt</name><value>Windows 5.1</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102011</name><description>Extracts info about the OS through NTLM authentication packets</description></source><extra/></detail></host><host_start><host>192.168.0.10</host>2015-01-12T01:24:52Z</host_start><host_end><host>192.168.0.10</host>2015-01-12T01:32:41Z</host_end><scan_end>2015-01-12T01:32:42Z</scan_end><errors><count>0</count></errors></report></report> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment