Skip to content

Instantly share code, notes, and snippets.

@nstarke
Created January 12, 2015 01:51
Show Gist options
  • Save nstarke/d94e71adfac22f5a28fa to your computer and use it in GitHub Desktop.
Save nstarke/d94e71adfac22f5a28fa to your computer and use it in GitHub Desktop.
<report content_type='text/xml' extension='xml' format_id='a994b278-1f62-11e1-96ac-406186ea4fc5' id='7fa042b4-55ee-4ece-a647-7f2288e24b5c' type='scan'><owner><name/></owner><name>2015-01-12T01:24:46Z</name><comment/><creation_time>2015-01-12T01:24:46Z</creation_time><modification_time>2015-01-12T01:32:42Z</modification_time><writable>0</writable><in_use>0</in_use><report id='7fa042b4-55ee-4ece-a647-7f2288e24b5c'><report_format/><sort><field>type<order>descending</order></field></sort><filters id='0'><term>sort-reverse=ROWID result_hosts_only=1 min_cvss_base= levels=hmlgd autofp=0 notes=0 overrides=0 first=1 rows=-1 delta_states=cgns</term>hmlgd<phrase/><autofp>0</autofp><notes>0</notes><overrides>0</overrides><apply_overrides>0</apply_overrides><result_hosts_only>1</result_hosts_only><min_cvss_base/><filter>High</filter><filter>Medium</filter><filter>Low</filter><filter>Log</filter><filter>Debug</filter></filters><severity_class id='d4c74cda-89e1-11e3-9c29-406186ea4fc5'><name>nist</name><full_name>NVD Vulnerability Severity Ratings</full_name><severity_range><name>None</name><min>0.0</min><max>0.0</max></severity_range><severity_range><name>Low</name><min>0.1</min><max>3.9</max></severity_range><severity_range><name>Medium</name><min>4.0</min><max>6.9</max></severity_range><severity_range><name>High</name><min>7.0</min><max>10.0</max></severity_range></severity_class><user_tags><count>0</count></user_tags><scan_run_status>Done</scan_run_status><hosts><count>1</count></hosts><closed_cves><count>0</count></closed_cves><vulns><count>25</count></vulns><os><count>1</count></os><apps><count>0</count></apps><ssl_certs><count>0</count></ssl_certs><task id='b68f64af-655a-4e07-b00d-e277655a6e4a'><name>Metasploitable</name><comment>Metasploitable scan</comment><target id='ee962e6d-657a-4929-97e0-15f1d44d5888'><trash>0</trash></target><progress>-1</progress></task><scan><task><slave id=''><name/><host/><port>0</port></slave><preferences><preference><name>Network Source Interface</name><scanner_name>source_iface</scanner_name><value/></preference></preferences></task></scan><timestamp>2015-01-12T01:24:27Z</timestamp><scan_start>2015-01-12T01:24:46Z</scan_start><ports max='-1' start='1'><count>15</count><port><host>192.168.0.10</host>general/tcp<severity>10.0</severity><threat>High</threat></port><port><host>192.168.0.10</host>9/tcp<severity>10.0</severity><threat>High</threat></port><port><host>192.168.0.10</host>161/tcp<severity>7.5</severity><threat>High</threat></port><port><host>192.168.0.10</host>19/udp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>17/udp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>17/tcp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>135/tcp<severity>5.0</severity><threat>Medium</threat></port><port><host>192.168.0.10</host>general/icmp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>general/CPE-T<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>7/udp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>7/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>445/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>19/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>161/udp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>139/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>137/udp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>13/tcp<severity>0.0</severity><threat>Log</threat></port><port><host>192.168.0.10</host>123/udp<severity>0.0</severity><threat>Log</threat></port></ports><results max='-1' start='1'><result id='2a06735f-3a18-4247-b844-1eddfece5cdd'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.103674'><name>OS End Of Life Detection</name><family>General</family><cvss_base>10.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:C/I:C/A:C|summary=OS End Of Life Detection
The Operating System on the remote host has reached the end of life and should
not be used anymore</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 11 $</scan_nvt_version><threat>High</threat><severity>10.0</severity><description>The Operating System (cpe:/o:microsoft:windows_2000) on the remote host has reached the end of life at 13 Jul 2010
and should not be used anymore.
See http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&amp;alpha=Windows+2000&amp;Filter=FilterNO for more information.
</description></result><result id='cc19015d-4e05-4d44-bff5-1ca5d569c725'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>9/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11367'><name>Discard port open</name><family>Useless services</family><cvss_base>10.0</cvss_base><cve>CVE-1999-0636</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:C/I:C/A:C|solution=- Under Unix systems, comment out the &apos;discard&apos; line in /etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry key to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpDiscard
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.|summary=The remote host is running a &apos;discard&apos; service. This service
typically sets up a listening socket and will ignore all the
data which it receives.
This service is unused these days, so it is advised that you
disable it.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>High</threat><severity>10.0</severity><description/></result><result id='7dc6d647-2643-445c-a8b9-d9d4ed2924f9'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.802295'><name>Linux Kernel IGMP Remote Denial of Service Vulnerability</name><family>Denial of Service</family><cvss_base>7.8</cvss_base><cve>CVE-2012-0207</cve><bid>51343</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:C|impact=Successful exploitation may allow remote attackers to cause a kernel crash,
denying service to legitimate users.
Impact Level: System|affected=Linux Kernels above or equal to 2.6.36|insight=The flaw is due to an error in IGMP protocol implementation, which
can be exploited to cause a kernel crash via specially crafted IGMP queries.|solution=Upgrade to Linux Kernel version 3.0.17, 3.1.9 or 3.2.1
For updates refer to http://www.kernel.org|summary=This host is running Linux and prone to remote denial of service
vulnerability.</tags><cert><cert_ref id='DFN-CERT-2012-2075' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-1697' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-1272' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-0426' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-0360' type='DFN-CERT'/><cert_ref id='DFN-CERT-2012-0241' type='DFN-CERT'/></cert><xref>URL:http://secunia.com/advisories/47472, URL:http://www.exploit-db.com/exploits/18378, URL:http://www.securitytracker.com/id/1026526, URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876, URL:http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html, URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27</xref></nvt><scan_nvt_version>$Revision: 12 $</scan_nvt_version><threat>High</threat><severity>7.8</severity><description/></result><result id='c536f2d0-34a3-46c5-b12d-46f3b9c0b132'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>161/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10264'><name>Report default community names of the SNMP Agent</name><family>SNMP</family><cvss_base>7.5</cvss_base><cve>CVE-1999-0516</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P|impact=If an attacker is able to guess a PUBLIC community string, they would be able to
read SNMP data (depending on which MIBs are installed) from the remote device.
This information might include system time, IP addresses, interfaces, processes
running, etc.
If an attacker is able to guess a PRIVATE community string (WRITE or &apos;writeall&apos;
access), they will have the ability to change information on the remote machine.
This could be a huge security hole, enabling remote attackers to wreak complete
havoc such as routing network traffic, initiating processes, etc. In essence,
&apos;writeall&apos; access will give the remote attacker full administrative rights over
the remote machine.
Note that this test only gathers information and does not attempt to write to
the remote device. Thus it is not possible to determine automatically whether
the reported community is public or private.
Also note that information made available through a guessable community string
might or might not contain sensitive data. Please review the information
available through the reported community string to determine the impact of this
disclosure.|solution=Determine if the detected community string is a private community string.
Determine whether a public community string exposes sensitive information.
Disable the SNMP service if you don&apos;t use it or change the default community string.|summary=Simple Network Management Protocol (SNMP) is a protocol
which can be used by administrators to remotely manage a computer or network
device. There are typically 2 modes of remote SNMP monitoring. These modes
are roughly &apos;READ&apos; and &apos;WRITE&apos; (or PUBLIC and PRIVATE).</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 640 $</scan_nvt_version><threat>High</threat><severity>7.5</severity><description>SNMP Agent responded as expected with community name:
public
</description></result><result id='427f8b15-ad5e-45c9-a2a3-e4b2e6e0e7ab'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>17/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10198'><name>Quote of the day</name><family>Useless services</family><cvss_base>5.0</cvss_base><cve>CVE-1999-0103</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|summary=The quote service (qotd) is running on this host.
Description :
A server listens for TCP connections on TCP port 17. Once a connection
is established a short message is sent out the connection (and any
data received is thrown away). The service closes the connection
after sending the quote.
Another quote of the day service is defined as a datagram based
application on UDP. A server listens for UDP datagrams on UDP port 17.
When a datagram is received, an answering datagram is sent containing
a quote (the data in the received datagram is ignored).
An easy attack is &apos;pingpong&apos; which IP spoofs a packet between two machines
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network.|solution=- Under Unix systems, comment out the &apos;qotd&apos; line in /etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='5a5bd87c-178c-422b-81f3-eee845403510'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>17/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10198'><name>Quote of the day</name><family>Useless services</family><cvss_base>5.0</cvss_base><cve>CVE-1999-0103</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|summary=The quote service (qotd) is running on this host.
Description :
A server listens for TCP connections on TCP port 17. Once a connection
is established a short message is sent out the connection (and any
data received is thrown away). The service closes the connection
after sending the quote.
Another quote of the day service is defined as a datagram based
application on UDP. A server listens for UDP datagrams on UDP port 17.
When a datagram is received, an answering datagram is sent containing
a quote (the data in the received datagram is ignored).
An easy attack is &apos;pingpong&apos; which IP spoofs a packet between two machines
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network.|solution=- Under Unix systems, comment out the &apos;qotd&apos; line in /etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='84d244b3-0437-4146-bcc6-7c318b7c4597'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>19/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10043'><name>Chargen</name><family>Useless services</family><cvss_base>5.0</cvss_base><cve>CVE-1999-0103</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|summary=The remote host is running a &apos;chargen&apos; service.
Description :
When contacted, chargen responds with some random characters (something
like all the characters in the alphabet in a row). When contacted via UDP, it
will respond with a single UDP packet. When contacted via TCP, it will
continue spewing characters until the client closes the connection.
The purpose of this service was to mostly to test the TCP/IP protocol
by itself, to make sure that all the packets were arriving at their
destination unaltered. It is unused these days, so it is suggested
you disable it, as an attacker may use it to set up an attack against
this host, or against a third party host using this host as a relay.
An easy attack is &apos;ping-pong&apos; in which an attacker spoofs a packet between
two machines running chargen. This will cause them to spew characters at
each other, slowing the machines down and saturating the network.|solution=- Under Unix systems, comment out the &apos;chargen&apos; line in /etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpChargen
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpChargen
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='44a18747-3279-4aca-889d-56c104a7c7a7'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>135/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10736'><name>DCE Services Enumeration</name><family>Windows</family><cvss_base>5.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|solution=filter incoming traffic to this port.|summary=Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='0eb4b9e5-bdf1-416f-ba75-ec8fb497bda4'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>135/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10736'><name>DCE Services Enumeration</name><family>Windows</family><cvss_base>5.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|solution=filter incoming traffic to this port.|summary=Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description>Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this host:
Port: 1025/tcp
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.10[1025]
Named pipe : atsvc
Win32 service or process : mstask.exe
Description : Scheduler service
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.0.10[1025]
UUID: 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1
Endpoint: ncacn_ip_tcp:192.168.0.10[1025]
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncacn_ip_tcp:192.168.0.10[1025]
Annotation: Messenger Service
Named pipe : ntsvcs
Win32 service or process : messenger
Description : Messenger service
Port: 1028/udp
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.0.10[1028]
Annotation: Messenger Service
Named pipe : ntsvcs
Win32 service or process : messenger
Description : Messenger service
Solution : filter incoming traffic to this port(s).
</description></result><result id='7149159d-f3fa-4216-99e1-57ae56aeb864'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>135/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11159'><name>MS RPC Services null pointer reference DoS</name><family>Denial of Service</family><cvss_base>5.0</cvss_base><cve>CVE-2002-1561</cve><bid>6005</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:P|solution=Block access to TCP port 135.|summary=MS Windows RPC service (RPCSS) crashes trying to dereference a
null pointer when it receives a certain malformed request.
All MS RPC-based services (i.e. a large part of MS Windows 2000+)
running on the target machine are rendered inoperable.</tags><cert/><xref>IAVA:2003-t-0008</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Medium</threat><severity>5.0</severity><description/></result><result id='e05573c9-6f53-40ff-a7fe-36c12cf303b0'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11834'><name>Source routed packets</name><family>Firewalls</family><cvss_base>3.3</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:L/AC:M/Au:N/C:N/I:P/A:P|solution=drop source routed packets on this host or on other ingress
routers or firewalls.|summary=The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Low</threat><severity>3.3</severity><description>
The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.
Worse, the remote host reverses the route when it answers to loose
source routed TCP packets. This makes attacks easier.
Solution: drop source routed packets on this host or on other ingress
routers or firewalls.
</description></result><result id='34496ceb-2007-4e19-bace-6422411d1243'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/CPE-T</port><nvt oid='1.3.6.1.4.1.25623.1.0.810002'><name>CPE Inventory</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This routine uses information collected by other routines about
CPE identities (http://cpe.mitre.org/) of operating systems, services and
applications detected during the scan.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 314 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>192.168.0.10|cpe:/o:microsoft:windows_2000
</description></result><result id='97908303-8a95-412e-9f8f-1825319bc95b'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/icmp</port><nvt oid='1.3.6.1.4.1.25623.1.0.103190'><name>ICMP Timestamp Detection</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>CVE-1999-0524</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:L/AC:L/Au:N/C:N/I:N/A:N|summary=The remote host responded to an ICMP timestamp request. The Timestamp Reply is
an ICMP message which replies to a Timestamp message. It consists of the
originating timestamp sent by the sender of the Timestamp as well as a receive
timestamp and a transmit timestamp. This information could theoretically be used
to exploit weak time-based random number generators in other services.</tags><cert><cert_ref id='DFN-CERT-2014-0658' type='DFN-CERT'/></cert><xref>URL:http://www.ietf.org/rfc/rfc0792.txt</xref></nvt><scan_nvt_version>$Revision: 13 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='a13b97b5-15f4-4556-a8f1-9c03e8f8ddaf'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/icmp</port><nvt oid='1.3.6.1.4.1.25623.1.0.12264'><name>Record route</name><family>General</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin sends packets with the &apos;Record Route&apos; option.
It is a complement to traceroute.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 17 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Here is the route recorded between 192.168.0.13 and 192.168.0.10 :
192.168.0.10.
</description></result><result id='8c8fbf47-bed7-404f-9ca9-3df6ac91c9a6'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.80103'><name>3com switch2hub</name><family>Denial of Service</family><cvss_base>7.8</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:C|solution=Lock Mac addresses on each port of the remote switch or
buy newer switch.|summary=The remote host is subject to the
switch to hub flood attack.
Description :
The remote host on the local network seems to be connected
through a switch which can be turned into a hub when flooded
by different mac addresses.
The theory is to send a lot of packets (&gt; 1000000) to the
port of the switch we are connected to, with random mac
addresses. This turns the switch into learning mode, where
traffic goes everywhere.
An attacker may use this flaw in the remote switch
to sniff data going to this host
Reference :
http://www.securitybugware.org/Other/2041.html</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 15 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Fake IP address not specified. Skipping this check.
</description></result><result id='940c254c-4ee1-460b-89df-145a5571199c'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.102002'><name>OS fingerprinting</name><family>Product detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script performs ICMP based OS fingerprinting (as described by
Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine
remote operating system version.</tags><cert/><xref>URL:http://www.phrack.org/issues.html?issue=57&amp;amp;id=7#article</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>ICMP based OS fingerprint results: (91% confidence)
Microsoft Windows
</description></result><result id='529d4836-c074-4ba0-b38c-48c44f56078f'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.103429'><name>SNMP OS Identification</name><family>Product detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script performs SNMP based OS detection.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 656 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Detected OS: Windows 2000
CPE: cpe:/o:microsoft:windows_2000
Concluded from SNMP SysDesc: Hardware: x86 Family 6 Model 6 Stepping 1 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
</description></result><result id='711722b0-d080-44d1-944a-45c16cc5d323'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10919'><name>Check open ports</name><family>General</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin checks if the port scanners did not kill a service.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 382 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>
OpenVAS cannot reach any of the previously open ports of the remote
host at the end of its scan.
This might be an availability problem related which might be
due to the following reasons :
- The remote host is now down, either because a user turned it
off during the scan or a selected denial of service was effective against
this host
- A network outage has been experienced during the scan, and the remote
network cannot be reached from the OpenVAS server any more
- This OpenVAS server has been blacklisted by the system administrator
or by automatic intrusion detection/prevention systems which have detected the
vulnerability assessment.
In any case, the audit of the remote host might be incomplete and may need to
be done again
</description></result><result id='087d7850-a9a5-4bac-8b35-0208b738f682'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>general/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.51662'><name>Traceroute</name><family>General</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Block unwanted packets from escaping your network.|summary=A traceroute from the scanning server to the target system was
conducted. This traceroute is provided primarily for informational
value only. In the vast majority of cases, it does not represent a
vulnerability. However, if the displayed traceroute contains any
private addresses that should not have been publicly visible, then you
have an issue you need to correct.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 14 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Here is the route from 192.168.0.13 to 192.168.0.10:
192.168.0.13
192.168.0.10
</description></result><result id='06c398b7-a13c-4c81-abdb-4cfd778a9a8b'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>7/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.100075'><name>Check for echo Service</name><family>Useless services</family><cvss_base>0.0</cvss_base><cve>CVE-1999-0635</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Disable echo Service.|summary=Echo Service is running at this Host.
The echo service is an Internet protocol defined in RFC 862. It was
originally proposed for testing and measurement of round-trip times in IP
networks. While still available on most UNIX-like operating systems, testing
and measurement is now performed with the Internet Control Message Protocol
(ICMP), using the applications ping and traceroute.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='06f31b07-adee-4cbc-884a-73dd30850d3a'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>7/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.100075'><name>Check for echo Service</name><family>Useless services</family><cvss_base>0.0</cvss_base><cve>CVE-1999-0635</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Disable echo Service.|summary=Echo Service is running at this Host.
The echo service is an Internet protocol defined in RFC 862. It was
originally proposed for testing and measurement of round-trip times in IP
networks. While still available on most UNIX-like operating systems, testing
and measurement is now performed with the Internet Control Message Protocol
(ICMP), using the applications ping and traceroute.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='025c5a67-bead-4592-97e5-613f5c923c47'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>7/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10330'><name>Services</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 69 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>An echo server is running on this port
</description></result><result id='35c6580b-9154-405c-8277-583677d8471d'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>13/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11153'><name>Identify unknown services with &apos;HELP&apos;</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin performs service detection.
Description :
This plugin is a complement of find_service.nasl. It sends a HELP
request to the remaining unknown services and tries to identify
them.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 487 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Daytime is running on this port
</description></result><result id='ec226717-b805-4096-b2cd-815ef01c0e66'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>17/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11153'><name>Identify unknown services with &apos;HELP&apos;</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin performs service detection.
Description :
This plugin is a complement of find_service.nasl. It sends a HELP
request to the remaining unknown services and tries to identify
them.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 487 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>qotd (Quote of the Day) seems to be running on this port
</description></result><result id='92584679-3dbe-4e95-b8dd-fffc06cd0476'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>19/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10330'><name>Services</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This plugin attempts to guess which
service is running on the remote ports. For instance,
it searches for a web server which could listen on
another port than 80 and set the results in the plugins
knowledge base.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 69 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>Chargen is running on this port
</description></result><result id='5dd39a30-8d2b-41f6-bb0c-93382d7c3ecc'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>123/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10884'><name>NTP read variables</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=A NTP (Network Time Protocol) server is listening on this port.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 487 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description/></result><result id='9fd23890-99f7-409f-bd34-10fb808a7c31'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>137/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10150'><name>Using NetBIOS to retrieve information from a Windows host</name><family>Windows</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|solution=Block those ports from outside communication|summary=The NetBIOS port is open (UDP:137). A remote attacker may use this to gain
access to sensitive information such as computer name, workgroup/domain
name, currently logged on user name, etc.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>The following 7 NetBIOS names have been gathered :
VICTIM-3IM53RDD = This is the computer name registered for workstation services by a WINS client.
MSHOME = Workgroup / Domain name
VICTIM-3IM53RDD = Computer name
VICTIM-3IM53RDD = This is the current logged in user registered for this workstation.
MSHOME = Workgroup / Domain name (part of the Browser elections)
MSHOME
__MSBROWSE__
The remote host has the following MAC address on its adapter :
08:00:27:a3:22:67
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
</description></result><result id='8e093f68-2c3b-4dbd-98fd-94ae608ebada'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>139/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11011'><name>SMB on port 445</name><family>Windows</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script detects wether port 445 and 139 are open and
if thet are running SMB servers.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>An SMB server is running on this port
</description></result><result id='958dc57e-8ba6-4d78-b09b-28ea8cb7245d'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>161/udp</port><nvt oid='1.3.6.1.4.1.25623.1.0.10265'><name>An SNMP Agent is running</name><family>SNMP</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=Either (or both) of the ports UDP:161 and UDP:162 are open. This usually
indicates an SNMP agent is present. Having such an agent open to outside
access may be used to compromise sensitive information, and can be used to
cause a Denial of Service attack. Certain SNMP agents may be
vulnerable to root compromise attacks.
More Information:
http://www.securiteam.com/exploits/Patrol_s_SNMP_Agent_3_2_can_lead_to_root_compromise.html</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 507 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>A SNMP server is running on this host
The following versions are supported
SNMP version1
SNMP version2c
</description></result><result id='d02ba438-f241-45b7-b9d9-12936b103a96'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>445/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.102011'><name>SMB NativeLanMan</name><family>Service detection</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=It is possible to extract OS, domain and SMB server information
from the Session Setup AndX Response packet which is generated
during NTLM authentication.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 43 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>
Summary:
It is possible to extract OS, domain and SMB server information
from the Session Setup AndX Response packet which is generated
during NTLM authentication.Detected SMB workgroup: MSHOME
Detected SMB server: Windows 2000 LAN Manager
Detected OS: Windows 5.1
</description></result><result id='86faff88-d0cb-49c4-9d3b-00dc6ab7963c'><user_tags><count>0</count></user_tags><host>192.168.0.10</host><port>445/tcp</port><nvt oid='1.3.6.1.4.1.25623.1.0.11011'><name>SMB on port 445</name><family>Windows</family><cvss_base>0.0</cvss_base><cve>NOCVE</cve><bid>NOBID</bid><tags>cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N/A:N|summary=This script detects wether port 445 and 139 are open and
if thet are running SMB servers.</tags><cert/><xref>NOXREF</xref></nvt><scan_nvt_version>$Revision: 41 $</scan_nvt_version><threat>Log</threat><severity>0.0</severity><description>A CIFS server is running on this port
</description></result></results><result_count>31<full>31</full><filtered>31</filtered><debug><full>0</full><filtered>0</filtered></debug><hole><full>4</full><filtered>4</filtered></hole><info><full>1</full><filtered>1</filtered></info><log><full>20</full><filtered>20</filtered></log><warning><full>6</full><filtered>6</filtered></warning><false_positive><full>0</full><filtered>0</filtered></false_positive></result_count><severity><full>10.0</full><filtered>10.0</filtered></severity><host><ip>192.168.0.10</ip><start>2015-01-12T01:24:52Z</start><end>2015-01-12T01:32:41Z</end><detail><name>OS</name><value>Windows 5.1</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102011</name><description>Extracts info about the OS through NTLM authentication packets</description></source><extra/></detail><detail><name>OS</name><value>cpe:/o:microsoft:windows</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102011</name><description>Extracts info about the OS through NTLM authentication packets</description></source><extra/></detail><detail><name>MAC</name><value>08:00:27:A3:22:67</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103585</name><description>Nmap MAC Scan</description></source><extra/></detail><detail><name>traceroute</name><value>192.168.0.13,192.168.0.10</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.51662</name><description>Traceroute</description></source><extra/></detail><detail><name>ports</name><value>13,1025,7,17,445,5000,9,19,135,139</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.900239</name><description>Check Open TCP Ports</description></source><extra/></detail><detail><name>tcp_ports</name><value>13,1025,7,17,445,5000,9,19,135,139</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.900239</name><description>Check Open TCP Ports</description></source><extra/></detail><detail><name>OS</name><value>Microsoft Windows</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102002</name><description>Detects remote operating system version</description></source><extra/></detail><detail><name>OS</name><value>cpe:/o:microsoft:windows</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102002</name><description>Detects remote operating system version</description></source><extra/></detail><detail><name>OS</name><value>cpe:/o:microsoft:windows_2000</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103429</name><description>SNMP OS Identification</description></source><extra/></detail><detail><name>OS</name><value>Windows 2000</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103429</name><description>SNMP OS Identification</description></source><extra/></detail><detail><name>MAC</name><value>08:00:27:a3:22:67</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.10150</name><description>Using NetBIOS to retrieve information from a Windows host</description></source><extra/></detail><detail><name>hostname</name><value>VICTIM-3IM53RDD</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103996</name><description>Gather hardware related information</description></source><extra/></detail><detail><name>best_os_cpe</name><value>cpe:/o:microsoft:windows_2000</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.103429</name><description>SNMP OS Identification</description></source><extra/></detail><detail><name>best_os_txt</name><value>Windows 5.1</value><source><type>nvt</type><name>1.3.6.1.4.1.25623.1.0.102011</name><description>Extracts info about the OS through NTLM authentication packets</description></source><extra/></detail></host><host_start><host>192.168.0.10</host>2015-01-12T01:24:52Z</host_start><host_end><host>192.168.0.10</host>2015-01-12T01:32:41Z</host_end><scan_end>2015-01-12T01:32:42Z</scan_end><errors><count>0</count></errors></report></report>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment