Scan Report CRM

7/21/2019 Scan Report CRM

http://slidepdf.com/reader/full/scan-report-crm 1/17

22/tcp

Summary

This document reports on the results of an automatic security scan. The report first summarises the results

found. Then, for each host, the report describes every issue found. Please cons ider the advice given in each

description, in order to rectify the issue.

Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the threat of the override.

Notes are included in the report.

This report might not show details of all issues that we re found. It only lists hosts that produced issues.Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not

shown.

This report contains a ll 40 results selected by the filtering described above. Before filtering there we re 40

results.

All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC".

Scan started: Fri Nov 13 08:50:20 2015 UTC

Scan ended: Fri Nov 13 09:07:34 2015 UTC

Task: secu crm mobile

Host Summary

Host Start End High Medium Low Log False Positive

172.29.99.33 Nov 13, 08:50:31 Nov 13, 09:07:34 7 3 1 29 0Total: 1 7 3 1 29 0

Results per Host

Host 172.29.99.33

Scanning of this host sta rted at: Fri Nov 13 08:50:31 2015 UTC

Number of results: 40

Port Summary for Host 172.29.99.33

Service (Port) Threat Level

22/tcp High

80/tcp High

3389/tcp Medium

general/tcp Low

general/icmp Log

general/CPE-T Log

21/tcp Log

111/tcp Log

Security Issues for Host 172.29.99.33

High (CVSS: 8.5)

NVT: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052)

Product detection result: cpe:/a:openbsd:openssh:6.6.1p1 by SSH Server type and version (OID:

1.3.6.1.4.1.25623.1.0.10267)

Summary

This host is running OpenSSH and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Installed version: 6.6.1p1Fixed version: 7.0

Impact

Successful exploitation will allow an attacker to gain privileges, to conduct impersonation attacks, to

conduct brute-force attacks or cause a denial of service.

Impact Level: Application

Solution

Upgrade to OpenSSH 7.0 or later. For updates refer to http://www.openssh.com

Affected Software/OS

OpenSSH versions before 7.0

Vulnerability Insight

http://home/lecancre/T%C3%A9l%C3%A9chargements/report-426e0112-6210-4310-9c3b-470a13a805ff.html#172.29.99.33



80/tcp

Multiple flaws are due to: - Use-after-free vulnerability in the 'mm_answer_pam_free_ctx' function in

monitor.c in sshd. - Vulnerability in 'kbdint_next_device' function in auth2-chall.c in sshd. - vulnerability in

the handler for the MONITOR_REQ_PAM_FREE_CTX request.

Vulnerability Detection Method

Get the installed version w ith the help of detect NVT and check the version is vulnerable or not.

Details: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052)

Version used: $Revision: 1784 $

Product Detection Result

Product: cpe:/a:openbsd:openssh:6.6.1p1

Method: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

References

CVE: CVE-2015-6564, CVE-2015-6563, CVE-2015-5600

CERT: DFN-CERT-2015-1679 , DFN-CERT-2015-1644 , DFN-CERT-2015-1632 , DFN-CERT-2015-1591 , DFN-

CERT-2015-1443 , DFN-CERT-2015-1406 , DFN-CERT-2015-1263 , DFN-CERT-2015-1259 , DFN-

CERT-2015-1252 , DFN-CERT-2015-1239 , DFN-CERT-2015-1161 , DFN-CERT-2015-1159

Other: http://seclists.org/fulldisclosure/2015/Aug/54

http://openwall.com/lists/oss-security/2015/07/23/4

High (CVSS: 7.5)

NVT: php Multiple Vulnerabilities -01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805651)

Product de tection result: cpe:/a:php:php:5.5.9 by PHP Version Detection (OID:

1.3.6.1.4.1.25623.1.0.800109)

Summary

This host is insta lled w ith php and is prone to multiple vulnerabilities.


Installed Version: 5.5.9Fixed Version: 5.5.23

Impact

Successfully exploiting this issue allow remote attackers to obtain sensitive information by providing crafted

serialized data w ith an int data type and to execute arbitrary code by providing crafted serialized data w ith

an unexpected data type.


Solution

Upgrade to php 5.4.39 or 5.5.23 or 5.6.7 or later. For updates refer to http://www.php.net


php versions before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7


Multiple flaws are due to, - 'do_soap_call' function in ext/soap/soap.c script in PHP does not verify that the

uri property is a s tring. - 'SoapClient::__call' method in ext/soap/soap.c script in PHP does not verify that

__default_headers is an array. - use-after-free error related to the 'unserialize' function when using

DateInterval input. - a flaw in the 'move_uploaded_file' function that is triggered w hen handling NULLbytes. - an integer overflow condition in the '_zip_cdir_new' function in 'zip_dirent.c' script.



Details: php Multiple Vulnerabilities -01 June15 (Linux) (OID: 1.3.6.1.4.1.25623.1.0.805651)



Product: cpe:/a:php:php:5.5.9

Method: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)

References

CVE: CVE-2015-4148, CVE-2015-4147, CVE-2015-2787, CVE-2015-2348, CVE-2015-2331

BID: 73357, 73431, 73434




CERT-2015-0505 , DFN-CERT-2015-0387 , DFN-CERT-2015-0383 , DFN-CERT-2015-0382



80/tcp

80/tcp

Other: http://php.net/ChangeLog-5.php

https://bugs.php.net/bug.php?id=69085


High (CVSS: 7.5)



1.3.6.1.4.1.25623.1.0.800109)

Summary




Impact

Successfully exploiting this issue allow remote a ttackers to cause a denial of service, to obtain sens itive

information from process memory and to execute arbitrary code via crafted dimensions.


Solution





Multiple flaws are due to, - Multiple stack-based buffer overflows in the 'phar_set_inode' function in

phar_internal.h script in PHP . - Vulnerabilities in 'phar_parse_metadata ' and 'phar_parse_pharfile'

functions in ext/phar/phar.c script in PHP. - A NULL pointer dereference flaw in the 'build_tablename'

function in 'ext/pgsql/pgsql.c' script that is triggered when handling NULL return values for 'token'.








References

CVE: CVE-2015-3329, CVE-2015-3307, CVE-2015-2783, CVE-2015-1352

BID: 74240, 74239, 74703




CERT-2015-0579 , DFN-CERT-2015-0212




High (CVSS: 7.5)



1.3.6.1.4.1.25623.1.0.800109)

Summary



Installed Version: 5.5.9

Fixed Version: 5.5.25

Impact

Successfully exploiting this issue allow remote a ttackers to cause a denial of service , bypass intended

extension restrictions and access and execute files or directories w ith unexpected names via crafted

dimensions and remote FTP servers to execute arbitrary code.



80/tcp


Solution





Multiple flaws are due to, - Algorithmic complexity vulnerability in the 'multipart_buffer_headers' function in

main/rfc1867.c script in PHP. - 'pcntl_exec' implementation in PHP truncates a pathname upon encounteringa \x00 character. - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP. - The

'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not verify that the first character of a

filename is different from the \0 character.








References

CVE: CVE-2015-4026, CVE-2015-4025, CVE-2015-4024, CVE-2015-4022, CVE-2015-4021

BID: 75056, 74904, 74903, 74902, 74700




CERT-2015-0732




High (CVSS: 7.5)

NVT: php Multiple Remote Code Execution Vulnerabilities July15 (Linux) (OID:1.3.6.1.4.1.25623.1.0.805685)


1.3.6.1.4.1.25623.1.0.800109)

Summary




Impact

Successfully exploiting this issue allow remote attackers to execute arbitrary code via some crafted

dimensions.


Solution





Multiple flaws are due to, - Multiple use-after-free vulnerabilities in 'ext/date/php_date.c' script. - Heap-

based buffer overflow in the 'enchant_broker_request_dict' function in 'ext/enchant/enchant.c' script.



Details: php Multiple Remote Code Execution Vulnerabilities July15 (Linux) (OID:

1.3.6.1.4.1.25623.1.0.805685)




80/tcp

80/tcp




References

CVE: CVE-2015-0273, CVE-2014-9705

BID: 73031, 72701



CERT-2015-0697 , DFN-CERT-2015-0505 , DFN-CERT-2015-0371 , DFN-CERT-2015-0370 , DFN-CERT-2015-0286 , DFN-CERT-2015-0228


https://bugzilla.redhat.com/show_bug.cgi?id=1194730

http://lists.opensuse.org/opensuse-updates /2015-04/msg00002.html

High (CVSS: 7.5)

NVT: php Use-After-Free Remote Code EXecution Vulnerability -01 July15 (Linux) (OID:

1.3.6.1.4.1.25623.1.0.805686)


1.3.6.1.4.1.25623.1.0.800109)

Summary

This hos t is installed with php and is prone to remote code execution vulnerability.



Impact

Successfully exploiting this issue allow remote a ttackers to execute arbitrary code on the target system.


Solution

Upgrade to php 5.5.22 or 5.6.6 or later. For updates refer to http://www.php.net


php versions before 5.5.22 and 5.6.x before 5.6.6


The flaw is due to Use-after-free vulnerability in the 'phar_rename_archive' function in 'phar_object.c' script



Details: php Use-After-Free Remote Code EXecution Vulnerability -01 July15 (Linux) (OID:

1.3.6.1.4.1.25623.1.0.805686)





References

CVE: CVE-2015-2301

BID: 73037



CERT-2015-0387 , DFN-CERT-2015-0370


https://bugzilla.redhat.com/show_bug.cgi?id=1194747

http://lists.opensuse.org/opensuse-updates /2015-04/msg00002.html

High (CVSS: 7.5)

NVT: php Use-After-Free Denial Of Service Vulnerability -02 July15 (Linux) (OID:

1.3.6.1.4.1.25623.1.0.805687)


1.3.6.1.4.1.25623.1.0.800109)

Summary



3389/tcp

This hos t is installed with php and is prone to denial of service vulnerability.



Impact

Successfully exploiting this issue allow remote a ttackers to cause a denial of service or possibly have

unspecified other impact.


Solution

Upgrade to php 5.5.22 or 5.6.6 or later. For updates refer to http://www.php.net


php versions through 5.6.7 and 5.5.x before 5.5.25


The flaw is due to Use-after-free vulnerability in the '_zend_shared_memdup' function in

'zend_shared_alloc.c' script.



Details: php Use-After-Free Denial Of Service Vulnerability -02 July15 (Linux) (OID:

1.3.6.1.4.1.25623.1.0.805687)





References

CVE: CVE-2015-1351

BID: 71929


CERT-2015-0212

Other: http://bugzilla.redhat.com/show_bug.cgi?id=1185900


Medium (CVSS: 6.4)

NVT: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID:

1.3.6.1.4.1.25623.1.0.902658)

Summary

This host is running Remote Desktop Protocol server and is prone to information disclosure vulnerability.


Vulnerability was de tected according to the Vulnerability Detection Method.

Impact

Successful exploitation could allow remote attackers to gain sens itive information.

Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure o f this vulnerability. Likely

none w ill be provided anymore. General solution options are to upgrade to a newer release, disable

respective features, remove the product or replace the product by another one.

A Workaround is to connect only to terminal services over trusted netw orks.


All Microsoft-compatible RDP (5.2 or earlier) softwares


The flaw is due to RDP se rver which stores an RSA private key used for signing a terminal server's public

key in the mstlsapi.dll library, which allows remote attackers to calculate a valid signature and further

perform a man-in-the-middle (MITM) attacks to obtain sensitive information.



80/tcp

22/tcp


Details: Microsoft RDP Server Private Key Information Disclosure Vulnerability (OID:

1.3.6.1.4.1.25623.1.0.902658)


References

CVE: CVE-2005-1794

BID: 13818

Other: http://secunia.com/advisories/15605/

http://xforce.iss.net/xforce/xfdb/21954

http://www.oxid.it/downloads/rdp-gbu.pdf

http://sourceforge.net/p/xrdp/mailman/message/32732056

Medium (CVSS: 5.0)

NVT: Missing httpOnly Cookie Attribute (OID: 1.3.6.1.4.1.25623.1.0.105925)

Summary

The application is missing the 'httpOnly' cookie attribute


The cookies:Set-Cookie: PHPSESSID=0foma9opbd9lv1gr1bf5gmraj6; path=/are missing the httpOnly attribute.

Impact

Application

Solution

Set the 'httpOnly' attribute for any session cookies.


Application with session handling in cookies.


The flaw is due to a cookie is not using the 'httpOnly' attribute. This allows a cookie to be accessed by

JavaScript which could lead to session hijacking attacks.


Check all cookies sent by the application for a missing 'httpOnly' attribute

Details: Missing httpOnly Cookie Attribute (OID: 1.3.6.1.4.1.25623.1.0.105925)


References

Other: https://www.owasp.org/index.php/HttpOnly

https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)

Medium (CVSS: 4.3)

NVT: OpenSSH Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.806049)

Product detection result: cpe:/a:openbsd:openssh:6.6.1p1 by SSH Server type and version (OID:1.3.6.1.4.1.25623.1.0.10267)

Summary

This host is running OpenSSH and is prone to security bypass vulnerability.


Installed version: 6.6.1p1Fixed version: 6.9

Impact

Successful exploitation will allow remote attackers to bypass intended access restrictions.


Solution

Upgrade to OpenSSH version 6.9 or later. For updates refer to http://www.openssh.com


OpenSSH versions before 6.9



general/tcp

general/CPE-T


The flaw is due to the refusal deadline was not checked within the x11_open_he lper function.



Details: OpenSSH Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.806049)



Product: cpe:/a:openbsd:openssh:6.6.1p1

Method: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

References

CVE: CVE-2015-5352

CERT: DFN-CERT-2015-1679 , DFN-CERT-2015-1406 , DFN-CERT-2015-1263 , DFN-CERT-2015-0987

Other: http://openw all.com/lists/oss-security/2015/07/01/10

Low (CVSS: 2.6)

NVT: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)

Summary

The remote host implements TCP timestamps and therefore a llows to compute the uptime.


It was detected that the host implements RFC1323.The following timestamps were retrieved with a delay of 1 seconds in-between:Paket 1: 14790252Paket 2: 14790508

Impact

A side effect of this feature is that the uptime of the remote host can sometimes be computed.

Solution

To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute

'sysctl -p' to apply the settings a t runtime.

To disable TCP timestamps on W indows execute 'netsh int tcp set global timestamps=disabled'

Starting w ith Windows Server 2008 and Vista, the timestamp can not be completely disabled.

The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options when

initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in

their synchronize (SYN) segment.

See also: http://www.microsoft.com/en-us/download/deta ils.aspx?id=9152


TCP/IPv4 implementations that implement RFC1323.


The remote host implements TCP timestamps, as de fined by RFC1323.


Special IP packets are forged and sent with a little delay in between to the target IP. The responses are

searched for a timestamps. If found, the timestamps are reported.

Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)


References

Other: http://www.ietf.org/rfc/rfc1323.txt

Log (CVSS: 0.0)

NVT: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)

Summary

This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of

operating systems, services and applications detected during the scan.


172.29.99.33|cpe:/a:apache:http_server:2.4.7



general/icmp

general/icmp

general/tcp

general/tcp

172.29.99.33|cpe:/a:php:php:5.5.9172.29.99.33|cpe:/a:openbsd:openssh:6.6.1p1172.29.99.33|cpe:/a:phpmyadmin:phpmyadmin172.29.99.33|cpe:/o:canonical:ubuntu_linux

Log Method

Details: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)


Log (CVSS: 0.0)

NVT: ICMP Timestamp Detection (OID: 1.3.6.1.4.1.25623.1.0.103190)

Summary

The remote host responded to an ICMP timestamp reques t. The Timestamp Reply is an ICMP message

which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the

Timestamp as well as a receive timestamp and a transmit timestamp. This information could theoretically be

used to exploit weak time-based random number generators in other services.



Log Method

Details: ICMP Timestamp Detection (OID: 1.3.6.1.4.1.25623.1.0.103190)


References

CVE: CVE-1999-0524

CERT: DFN-CERT-2014-0658

Other: http://www.ietf.org/rfc/rfc0792.txt

Log (CVSS: 0.0)

NVT: Record route (OID: 1.3.6.1.4.1.25623.1.0.12264)

Summary

This plugin sends packets w ith the 'Record Route' option. It is a complement to traceroute.


Here is the route recorded between 172.29.99.21 and 172.29.99.33 :172.29.99.33.172.29.99.33.

Log Method

Details: Record route (OID: 1.3.6.1.4.1.25623.1.0.12264)


Log (CVSS: 7.8)

NVT: 3com switch2hub (OID: 1.3.6.1.4.1.25623.1.0.80103)

Summary

The remote host is subject to the switch to hub flood attack.

Description : The remote host on the local network seems to be connected through a sw itch which can be

turned into a hub when flooded by different mac addresses . The theory is to send a lot o f packets (>1000000) to the port of the sw itch we are connected to, w ith random mac addresses. This turns the switch

into learning mode, where traffic goes everywhere. An attacker may use this flaw in the remote switch to

sniff data go ing to this host

Reference : http://www.securitybugware.org/Other/2041.html


Fake IP address not specified. Skipping this check.

Solution

Lock Mac addresses on each port of the remote sw itch or buy newer sw itch.


Details: 3com switch2hub (OID: 1.3.6.1.4.1.25623.1.0.80103)


Log (CVSS: 5.0)

NVT: Easy File Management Web Server USERID Buffer Overflow Vulnerability (OID:

1.3.6.1.4.1.25623.1.0.805096)



general/tcp

general/tcp

Summary

The host is running Easy File Management Web Server and is prone to buffer overflow vulnerability.


bannerHTTP/1.1 301 Moved PermanentlyDate: Fri, 13 Nov 2015 08:50:49 GMTServer: Apache/2.4.7 (Ubuntu)X-Powered-By: PHP/5.5.9-1ubuntu4.14Set-Cookie: PHPSESSID=qodnrdba4imh061hpblghss071; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cache

Location: index.php?action=Login&module=UsersContent-Length: 0Content-Type: text/html; charset=UTF-8

Impact

Successful exploitation may allow remote a ttackers to cause the application to crash, creating a denial-of-

service condition.


Solution

No solution or patch is available as of 25th September, 2015. Information regarding this issue will updated

once the so lution deta ils are available. For updates refer to http://www.efssoft.com


Easy File Management Web Server version 5.6


The flaw is due to an error when processing web requests and can be exploited to cause a buffer overflow

via an overly long string passed to USERID in a HEAD or GET reques t.


Send a crafted request via HTTP GET and check whether it is ab le to crash or not.

Details: Easy File Management Web Server USERID Buffer Overflow Vulnerability (OID:

1.3.6.1.4.1.25623.1.0.805096)


References

Other: https://www.exploit-db.com/exploits/37808

Log (CVSS: 0.0)

NVT: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)

Summary

This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in

Phrack #57). It can be used to determine remote operating system version.


ICMP based OS fingerprint results: (91% confidence)Linux Kernel

Log Method

Details: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)


References

Other: http://www.phrack.org/issues.html?issue=57&id=7#article

Log (CVSS: 0.0)

NVT: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)

Summary

This script uses DIRB to find directories and files on web applications via brute forcing.


DIRB could not be found in your system path.OpenVAS was unable to execute DIRB and to perform the scan yourequested.Please make sure that DIRB is installed and isavailable in the PATH variable defined for your environment.



general/tcp

general/tcp

general/tcp

21/tcp

Log Method

Details: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)


Log (CVSS: 0.0)

NVT: arachni (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)

Summary

This plugin uses arachni ruby command line to find web security issues.

See the preferences section for arachni options.

Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment,

you should use standa lone arachni tool for deeper/customized checks.


Arachni could not be found in your system path.OpenVAS was unable to execute Arachni and to perform the scan yourequested.Please make sure that Arachni is installed and that arachni isavailable in the PATH variable defined for your environment.

Log Method

Details: arachni (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)


Log (CVSS: 0.0)

NVT: IP protocols scan (OID: 1.3.6.1.4.1.25623.1.0.14788)

Summary

This plugin detects the protocols understood by the remote IP stack.


The following IP protocols are accepted on this host:1 ICMP2 IGMP6 TCP17 UDP103 PIM136 UDPLite

Log Method

Details: IP protocols scan (OID: 1.3.6.1.4.1.25623.1.0.14788)


References

Other: http://www.iana.org/assignments/protocol-numbers

Log (CVSS: 0.0)

NVT: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)

Summary

A traceroute from the scanning se rver to the target system was conducted. This traceroute is providedprimarily for informational value only. In the vast majority of cases, it does not represent a vulnerability.

However, if the displayed traceroute contains any private addresses that should not have been publicly

visible, then you have an issue you need to correct.


Here is the route from 172.29.99.21 to 172.29.99.33:172.29.99.21172.29.99.33

Solution

Block unwanted packets from escaping your network.

Log Method

Details: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)


Log (CVSS: 0.0)

NVT: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)

Summary



21/tcp

22/tcp

22/tcp

22/tcp

This Plugin detects the FTP Server Banner


Remote FTP server banner :220 My FTP Server

Log Method

Details: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)


Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a

web server which could listen on anothe r port than 80 and set the results in the plugins knowledge base.


An FTP server is running on this port.Here is its banner :220 My FTP Server

Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)


Log (CVSS: 0.0)

NVT: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)

Summary

Identification of SSH protocol versions supported by the remote SSH Server. Also reads the corresponding

fingerprints from the service.

The following versions are tried: 1.33, 1.5, 1.99 and 2.0


The remote SSH Server supports the following SSH Protocol Versions:1.992.0

Log Method

Details: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)


Log (CVSS: 0.0)

NVT: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

Summary

This detects the SSH Server's type and version by connecting to the server and processing the buffer

received.

This information gives potential attackers additional information about the system they are attacking.

Versions and Types should be omitted where possible.


Detected SSH server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3Remote SSH supported authentication: password,publickeyRemote SSH banner:(not available)CPE: cpe:/a:openbsd:openssh:6.6.1p1Concluded from remote connection attempt with credentials: Login: OpenVAS Password: OpenVAS

Log Method

Details: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)


Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Summary





80/tcp

80/tcp

80/tcp

80/tcp


An ssh server is running on this port

Log Method



Log (CVSS: 0.0)

NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

Summary

This detects the HTTP Server's type and version.


The remote web server type is :Apache/2.4.7 (Ubuntu)Solution : You can set the directive 'ServerTokens Prod' to limitthe information emanating from the server in its response headers.

Solution

Configure your server to use an a lternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to

remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod ' to

limit the information emanating from the se rver in its response heade rs.

Log Method

Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)


Log (CVSS: 0.0)

NVT: robot(s).txt exists on the Web Server (OID: 1.3.6.1.4.1.25623.1.0.10302)

Summary

Web Servers can use a file called /robot(s).txt to ask sea rch engines to ignore certain files and directories.

By nature this file can not be used to protect private files from public read access.


The file 'robots.txt' contains the following:User-agent: *

Disallow: /User-agent: GooglebotAllow: /ical_server.php

Solution

Review the content o f the robots file and consider removing the files from the server or protect them in

other ways in case you actually intended non-public availability.


Any serious web search engine will honor the /robot(s).txt file and not scan the files and d irectories listed

there.

Any entries listed in this file are not even hidden anymore.

Log Method

Details: robot(s).txt exists on the Web Server (OID: 1.3.6.1.4.1.25623.1.0.10302)


Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Summary




A web server is running on this port

Log Method



Log (CVSS: 0.0)

NVT: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)



80/tcp

80/tcp

80/tcp

Summary

This script makes a mirror of the remote web s ite and extracts the list of CGIs that are used by the remote

host.

It is suggested you a llow a long-enough timeout value for this test routine and also adjust the setting on

the number of pages to mirror.


The following CGI have been discovered :Syntax : cginame (arguments [default value])/index.php (module [Users] action [Login] )

Log Method

Details: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)


Log (CVSS: 0.0)

NVT: Directory Scanne r (OID: 1.3.6.1.4.1.25623.1.0.11032)

Summary

This plugin attempts to determine the presence of various common dirs on the remote w eb server


The following directories were discovered:/include, /data, /examples, /icons, /install, /javascript, /restricted, /service, /soap, /↵

uploadWhile this is not, in and of itself, a bug, you should manually inspectthese directories to ensure that they are in compliance with companysecurity standards

Log Method

Details: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)


References

Other: OWASP:OWASP-CM-006

Log (CVSS: 0.0)

NVT: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)

Summary

The script prints out the directories which are used when CGI scanning is enabled.


The following directories are used for CGI scanning:/scripts/cgi-bin/upload/soap/service/restricted/javascript/install/icons

/examples/data/include/

Log Method

Details: Directories used for CGI Scanning (OID: 1.3.6.1.4.1.25623.1.0.111038)


Log (CVSS: 0.0)

NVT: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)

Summary

This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web se rver security.

See the preferences section for configuration options.


Here is the Nikto report:- Nikto v2.1.5---------------------------------------------------------------------------+ Target IP: 172.29.99.33+ Target Hostname: 172.29.99.33



80/tcp

80/tcp

+ Target Port: 80+ Start Time: 2015-11-13 08:53:29 (GMT0)---------------------------------------------------------------------------+ Server: Apache/2.4.7 (Ubuntu)+ Cookie PHPSESSID created without the httponly flag+ Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.14+ The anti-clickjacking X-Frame-Options header is not present.+ Root page / redirects to: index.php?action=Login&module=Users+ No CGI Directories found (use '-C all' to force check all possible dirs)+ Server leaks inodes via ETags, header found with file /crossdomain.xml, fields: 0x8c5 0x↵

4fc73e1e28500+ /crossdomain.xml contains 0 line which should be manually viewed for improper domains or↵

wildcards.+ File/dir '/' in robots.txt returned a non-forbidden or redirect HTTP code (301)

+ Uncommon header 'x-webdav-status' found, with contents: 401 not authorized+ "robots.txt" contains 2 entries which should be manually viewed.+ /config.php: PHP Config file may contain database IDs and passwords.+ OSVDB-3268: /data/: Directory indexing found.+ OSVDB-3092: /data/: This might be interesting...+ OSVDB-3268: /install/: Directory indexing found.+ OSVDB-3092: /install/: This might be interesting...+ Cookie phpMyAdmin created without the httponly flag+ Uncommon header 'x-frame-options' found, with contents: DENY+ Uncommon header 'x-content-security-policy' found, with contents: default-src 'self' ;op↵

tions inline-script eval-script;img-src 'self' data: *.tile.openstreetmap.org *.tile.open↵

cyclemap.org;+ Uncommon header 'x-ob_mode' found, with contents: 0+ Uncommon header 'x-webkit-csp' found, with contents: default-src 'self' ;script-src 'sel↵

f' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: *↵

.tile.openstreetmap.org *.tile.opencyclemap.org;+ OSVDB-3268: /restricted/: Directory indexing found.+ OSVDB-3092: /restricted/: This might be interesting...+ OSVDB-3268: /service/: Directory indexing found.

+ OSVDB-3092: /service/: This might be interesting...+ OSVDB-3268: /examples/: Directory indexing found.+ OSVDB-3092: /install.php: install.php file found.+ OSVDB-3092: /LICENSE.txt: License file found may identify site software.+ OSVDB-3233: /icons/README: Apache default file found.+ /phpmyadmin/: phpMyAdmin directory found+ 6544 items checked: 0 error(s) and 27 item(s) reported on remote host+ End Time: 2015-11-13 08:53:52 (GMT0) (23 seconds)---------------------------------------------------------------------------+ 1 host(s) tested

Log Method

Details: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)


Log (CVSS: 0.0)NVT: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)

Summary

Detection of installed version of PHP.

This script sends HTTP GET reques t and try to get the version from the responce, and se ts the result in KB.


Detected PHPVersion: 5.5.9Location: tcp/80CPE: cpe:/a:php:php:5.5.9Concluded from version identification result:X-Powered-By: PHP/5.5.9-1ubuntu4.14

Log Method

Details: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)


Log (CVSS: 0.0)

NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)

Summary

This plugin uses wapiti to find web security issues .

Make sure to have wapiti 2.x as wapiti 1.x is not supported.

See the preferences section for wapiti options.

Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment,

you should use standalone wapiti tool for deeper/customized checks.


wapiti could not be found in your system path.OpenVAS was unable to execute wapiti and to perform the scan yourequested.Please make sure that wapiti is installed and that wapiti is



80/tcp

80/tcp

111/tcp

3389/tcp

available in the PATH variable defined for your environment.

Log Method

Details: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)


Log (CVSS: 0.0)

NVT: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary

Detection of phpMyAdmin.

The script sends a connection request to the server and attempts to extract the version number from the

reply.


Detected phpMyAdminVersion: unknownLocation: /phpmyadminCPE: cpe:/a:phpmyadmin:phpmyadmin

Log Method

Details: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)


Log (CVSS: 0.0)

NVT: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)

Summary

Detection of installed version of Apache Web Server

The script detects the version of Apache HTTP Server on remote host and se ts the KB.


Detected ApacheVersion: 2.4.7Location: 80/tcpCPE: cpe:/a:apache:http_server:2.4.7Concluded from version identification result:Server: Apache/2.4.7

Log Method

Details: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)


Log (CVSS: 0.0)

NVT: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)

Summary

This p lugin performs service detection by launching nmap's service probe against ports running unidentified

services.

Description :

This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that

are running unidentified services.


Nmap service detection result for this port: rpcbind

Log Method

Details: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)


Log (CVSS: 0.0)

NVT: Microsoft Remote Desktop Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.100062)

Summary

The Microsoft Remote Desktop Protocol (RDP) is running at this host. Remote Desktop Services, formerlyknown as Terminal Services, is one of the components o f Microsoft Windows (both server and client

versions) that allows a user to access applications and data on a remote computer over a network.





3389/tcp

Log Method

Details: Microsoft Remote Desktop Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.100062)


Log (CVSS: 0.0)

NVT: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)

Summary

This p lugin performs service detection by launching nmap's service probe against ports running unidentified

services.

Description :

This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that

are running unidentified services.


Nmap service detection result for this port: ms-wbt-server

Log Method

Details: Identify unknown services with nmap (OID: 1.3.6.1.4.1.25623.1.0.66286)


This file was automatically generated.

Date post:	05-Mar-2016
Category:	Documents
Upload:	web-sploit
View:	44 times
Download:	0 times

Scan Report CRM

Documents