List of PlugIn IDs

List of PlugIn IDs >PRINT The following plugin IDs have problems associated with them. Select the ID to review more detail. PLUGIN ID# The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. # OF ISSUES The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. PLUGIN NAME SEVERITY 51192 6 SSL Certificate signed with an unknown Certificate Authority Medium Severity problem(s) found 11954 4 SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure Medium Severity problem(s) found 49806 4 MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) (uncredentialed check) Medium Severity problem(s) found 50413 4 CGI Generic Padding Oracle Medium Severity problem(s) found 55903 4 CGI Generic Cross-Site Scripting Vulnerability (extended patterns) Medium Severity problem(s) found 20007 2 SSL Version 2 (v2) Protocol Detection Medium Severity problem(s) found 22964 22 Service Detection Low Severity problem(s) found 10736 14 DCE Services Enumeration Low Severity problem(s) found 24260 12 HyperText Transfer Protocol (HTTP) Information Low Severity problem(s) found 10107 10 HTTP Server Type and Version Low Severity problem(s) found 20108 6 Web Server / Application favicon.ico Vendor Fingerprinting Low Severity problem(s) found 10662 6 Web mirroring Low Severity problem(s) found 33817 6 Web Application Tests : Load Estimation Low Severity problem(s) found 43111 6 HTTP Methods Allowed (per directory) Low Severity problem(s) found 10863 5 SSL Certificate Information Low Severity problem(s) found 11032 4 Web Server Directory Enumeration Low Severity problem(s) found 42057 4 Web Server Allows Password Auto-Completion Low Severity problem(s) found 53491 4 SSL / TLS Renegotiation DoS Low Severity problem(s) found 11011 4 Microsoft Windows SMB Service Detection Low Severity PLUGIN ID# The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. # OF ISSUES The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. PLUGIN NAME The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. SEVERITY problem(s) found 49704 4 External URLs Low Severity problem(s) found 47830 4 CGI Generic Injectable Parameter Low Severity problem(s) found 21643 3 SSL Cipher Suites Supported Low Severity problem(s) found 10150 2 Windows NetBIOS / SMB Remote Host Information Disclosure Low Severity problem(s) found 26194 2 Web Server Uses Plain Text Authentication Forms Low Severity problem(s) found 10386 2 Web Server No 404 Error Code Check Low Severity problem(s) found 51891 2 SSL Session Resume Supported Low Severity problem(s) found 54582 2 SMTP Service Cleartext Login Permitted Low Severity problem(s) found 10263 2 SMTP Server Detection Low Severity problem(s) found 54580 2 SMTP Authentication Methods Low Severity problem(s) found 11153 2 Service Detection (HELP Request) Low Severity problem(s) found 10185 2 POP Server Detection Low Severity problem(s) found 11936 2 OS Identification Low Severity problem(s) found 10147 2 Nessus Server Detection Low Severity problem(s) found 19506 2 Nessus Scan Information Low Severity problem(s) found 10785 2 Microsoft Windows SMB NativeLanManager Remote System Information Disclosure Low Severity problem(s) found 11414 2 IMAP Service Banner Retrieval Low Severity problem(s) found 12053 2 Host Fully Qualified Domain Name (FQDN) Resolution Low Severity problem(s) found 54615 2 Device Type Low Severity problem(s) found 45590 2 Common Platform Enumeration (CPE) Low Severity problem(s) found 46180 2 Additional DNS Hostnames Low Severity problem(s) found 26917 1 Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry Low Severity problem(s) found 26920 1 Microsoft Windows SMB NULL Session Authentication Low Severity problem(s) found PLUGIN ID# The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. # OF ISSUES The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. The link ed image cannot be display ed. The file may hav e been mov ed, renamed, or deleted. Verify that the link points to the correct file and location. PLUGIN NAME SEVERITY 10394 1 Microsoft Windows SMB Log In Possible Low Severity problem(s) found 10397 1 Microsoft Windows SMB LanMan Pipe Server Listing Disclosure Low Severity problem(s) found PORT SMTP (25/TCP) Plugin ID: 54580 SMTP Authentication Methods Synopsis The remote mail server supports authentication. List of Hosts Plugin Output The following authentication methods are advertised by the SMTP server without encryption : LOGIN Plugin Output The following authentication methods are advertised by the SMTP server without encryption : LOGIN Description The remote SMTP server advertises that it supports authentication. Solution Review the list of methods and whether they're available over an encrypted channel. See also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954 Risk Factor None Plugin publication date: 2011/05/19 Plugin last modification date: 2011/06/29 PORT CIFS (445/TCP) Plugin ID: 10785 Microsoft Windows SMB NativeLanManager Remote System Information Disclosure Synopsis It is possible to obtain information about the remote operating system. List of Hosts Plugin Output The remote Operating System is : Windows 7 Professional 7600 The remote native lan manager is : Windows 7 Professional 6.1 The remote SMB Domain Name is : SEBASTIAN-PC Plugin Output The remote Operating System is : Windows 7 Professional 7600 The remote native lan manager is : Windows 7 Professional 6.1 The remote SMB Domain Name is : SEBASTIAN-PC Description It is possible to get the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Solution n/a Risk Factor None Plugin publication date: 2001/10/17 Plugin last modification date: 2011/03/17 PORT POP3 (110/TCP) Plugin ID: 10185 POP Server Detection Synopsis A POP server is listening on the remote port. List of Hosts Plugin Output Remote POP server banner : +OK POP3 Plugin Output Remote POP server banner : +OK POP3 Description The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve messages from a server, possibly across a network link. Solution Disable this service if you do not use it. See also http://en.wikipedia.org/wiki/Post_Office_Protocol Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/11 PORT WWW (443/TCP) Plugin ID: 11032 Web Server Directory Enumeration Synopsis It is possible to enumerate directories on the web server. List of Hosts Plugin Output The following directories were discovered: /Admin, /admin, /img, /js While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Plugin Output The following directories were discovered: /Admin, /admin, /img, /js While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Description This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not. Solution n/a See also http://projects.webappsec.org/Predictable-Resource-Location Risk Factor None Other references OWASP:OWASP-CM-006 Plugin publication date: 2002/06/26 Plugin last modification date: 2011/08/02 PORT WWW (80/TCP) Plugin ID: 11032 Web Server Directory Enumeration Synopsis It is possible to enumerate directories on the web server. List of Hosts Plugin Output The following directories were discovered: /Admin, /admin, /img, /js While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Plugin Output The following directories were discovered: /Admin, /admin, /img, /js While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Description This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not. Solution n/a See also http://projects.webappsec.org/Predictable-Resource-Location Risk Factor None Other references OWASP:OWASP-CM-006 Plugin publication date: 2002/06/26 Plugin last modification date: 2011/08/02 PORT SMTP (25/TCP) Plugin ID: 54582 SMTP Service Cleartext Login Permitted Synopsis The remote mail server allows cleartext logins. List of Hosts Plugin Output The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : LOGIN Cleartext methods : LOGIN Plugin Output The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : LOGIN Cleartext methods : LOGIN Description The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used. Solution Configure the service to support less secure authentication mechanisms only over an encrypted channel. See also http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954 Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N) Plugin publication date: 2011/05/19 Plugin last modification date: 2011/08/08 PORT WWW (80/TCP) Plugin ID: 26194 Web Server Uses Plain Text Authentication Forms Synopsis The remote web server might transmit credentials in cleartext. List of Hosts Plugin Output Page : / Destination page : Input name : ctl00$LoginView1$Login1$Password Page : /Login.aspx Destination page : Login.aspx Input name : ctl00$SiteContentPlaceHolder$myLogin$Password Page : /Membership/CreatingUserAccounts.aspx Destination page : CreatingUserAccounts.aspx Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Password Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$ConfirmPassword Page : /default.aspx Destination page : default.aspx Input name : ctl00$LoginView1$Login1$Password Plugin Output Page : / Destination page : Input name : ctl00$LoginView1$Login1$Password Page : /Login.aspx Destination page : Login.aspx Input name : ctl00$SiteContentPlaceHolder$myLogin$Password Page : /Membership/CreatingUserAccounts.aspx Destination page : CreatingUserAccounts.aspx Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Password Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$ConfirmPassword Page : /default.aspx Destination page : default.aspx Input name : ctl00$LoginView1$Login1$Password Description The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users. Solution Make sure that every sensitive form transmits content over HTTPS. Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N) Other references CWE:522 CWE:523 CWE:718 CWE:724 Plugin publication date: 2007/09/28 Plugin last modification date: 2011/08/08 PORT WWW (10243/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output A web server is running on this port. Plugin Output A web server is running on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT WWW (8834/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output A web server is running on this port through TLSv1. Plugin Output A web server is running on this port through TLSv1. Plugin Output A TLSv1 server answered on this port. Plugin Output A TLSv1 server answered on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT WWW (5357/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output A web server is running on this port. Plugin Output A web server is running on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT NESSUS (1241/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output A TLSv1 server answered on this port. Plugin Output A TLSv1 server answered on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT WWW (443/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output A web server is running on this port through TLSv1. Plugin Output A web server is running on this port through TLSv1. Plugin Output A TLSv1 server answered on this port. Plugin Output A TLSv1 server answered on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT IMAP (143/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output An IMAP server is running on this port. Plugin Output An IMAP server is running on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT POP3 (110/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output A POP3 server is running on this port. Plugin Output A POP3 server is running on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT WWW (80/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output A web server is running on this port. Plugin Output A web server is running on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT SMTP (25/TCP) Plugin ID: 22964 Service Detection Synopsis The remote service could be identified. List of Hosts Plugin Output An SMTP server is running on this port. Plugin Output An SMTP server is running on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request. Solution n/a Risk Factor None Plugin publication date: 2007/08/19 Plugin last modification date: 2011/08/23 PORT CIFS (445/TCP) Plugin ID: 26920 Microsoft Windows SMB NULL Session Authentication Synopsis It is possible to log into the remote Windows host with a NULL session. List of Hosts Description The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password). Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host. Consult the referenced URLs for more details. Solution n/a See also http://support.microsoft.com/kb/q143474/ http://support.microsoft.com/kb/q246261/ Risk Factor None CVE CVE-1999-0519 CVE-1999-0520 CVE-2002-1117 Bugtraq ID 494 Other references OSVDB:299 Vulnerability publication date: 1999/07/14 Plugin publication date: 2007/10/04 Plugin last modification date: 2011/08/18 Ease of exploitability: No known exploits are available PORT (0/TCP) Plugin ID: 45590 Common Platform Enumeration (CPE) Synopsis It is possible to enumerate CPE names that matched on the remote system. List of Hosts Plugin Output The remote operating system matched the following CPE : cpe:/o:microsoft:windows_7:::professional Following application CPE matched on the remote system : cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5 Plugin Output The remote operating system matched the following CPE : cpe:/o:microsoft:windows_7:::professional Following application CPE matched on the remote system : cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5 Description By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan. Solution n/a See also http://cpe.mitre.org/ Risk Factor None Plugin publication date: 2010/04/21 Plugin last modification date: 2011/06/07 PORT WWW (8834/TCP) Plugin ID: 53491 SSL / TLS Renegotiation DoS Synopsis The remote service allows repeated renegotiation of TLS / SSL connections. List of Hosts Description The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Solution Contact the vendor for specific patch information. See also http://orchilles.com/2011/03/ssl-renegotiation-dos.html http://www.ietf.org/mail-archive/web/tls/current/msg07553.html Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P) CVE CVE-2011-1473 Bugtraq ID 48626 Other references OSVDB:73894 Vulnerability publication date: 2011/03/13 Plugin publication date: 2011/05/04 Plugin last modification date: 2011/07/25 PORT NESSUS (1241/TCP) Plugin ID: 53491 SSL / TLS Renegotiation DoS Synopsis The remote service allows repeated renegotiation of TLS / SSL connections. List of Hosts Description The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Solution Contact the vendor for specific patch information. See also http://orchilles.com/2011/03/ssl-renegotiation-dos.html http://www.ietf.org/mail-archive/web/tls/current/msg07553.html Risk Factor Low/ CVSS Base Score: 2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P) CVE CVE-2011-1473 Bugtraq ID 48626 Other references OSVDB:73894 Vulnerability publication date: 2011/03/13 Plugin publication date: 2011/05/04 Plugin last modification date: 2011/07/25 PORT (0/TCP) Plugin ID: 11936 OS Identification Synopsis It is possible to guess the remote operating system List of Hosts Plugin Output Remote operating system : Windows 7 Professional Confidence Level : 99 Method : MSRPC The remote host is running Windows 7 Professional Plugin Output Remote operating system : Windows 7 Professional Confidence Level : 99 Method : MSRPC The remote host is running Windows 7 Professional Description Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system in use, and sometimes its version Solution N/A Risk Factor None Plugin publication date: 2003/12/09 Plugin last modification date: 2011/05/19 PORT WWW (10243/TCP) Plugin ID: 20108 Web Server / Application favicon.ico Vendor Fingerprinting Synopsis The remote web server contains a graphic image that is prone to information disclosure. List of Hosts Plugin Output The MD5 fingerprint for 'favicon.ico' suggests the web server is myghty 1.1 - zblog. Plugin Output The MD5 fingerprint for 'favicon.ico' suggests the web server is myghty 1.1 - zblog. Description The 'favicon.ico' file found on the remote web server belongs to a popular webserver. This may be used to fingerprint the web server. Solution Remove the 'favicon.ico' file or create a custom one for your site. Risk Factor None Other references OSVDB:39272 Plugin publication date: 2005/10/28 Plugin last modification date: 2011/08/15 PORT WWW (8834/TCP) Plugin ID: 20108 Web Server / Application favicon.ico Vendor Fingerprinting Synopsis The remote web server contains a graphic image that is prone to information disclosure. List of Hosts Plugin Output The MD5 fingerprint for 'favicon.ico' suggests the web server is Nessus 4.x Web Client. Plugin Output The MD5 fingerprint for 'favicon.ico' suggests the web server is Nessus 4.x Web Client. Description The 'favicon.ico' file found on the remote web server belongs to a popular webserver. This may be used to fingerprint the web server. Solution Remove the 'favicon.ico' file or create a custom one for your site. Risk Factor None Other references OSVDB:39272 Plugin publication date: 2005/10/28 Plugin last modification date: 2011/08/15 PORT WWW (2869/TCP) Plugin ID: 20108 Web Server / Application favicon.ico Vendor Fingerprinting Synopsis The remote web server contains a graphic image that is prone to information disclosure. List of Hosts Plugin Output The MD5 fingerprint for 'favicon.ico' suggests the web server is myghty 1.1 - zblog. Plugin Output The MD5 fingerprint for 'favicon.ico' suggests the web server is myghty 1.1 - zblog. Description The 'favicon.ico' file found on the remote web server belongs to a popular webserver. This may be used to fingerprint the web server. Solution Remove the 'favicon.ico' file or create a custom one for your site. Risk Factor None Other references OSVDB:39272 Plugin publication date: 2005/10/28 Plugin last modification date: 2011/08/15 PORT WWW (8834/TCP) Plugin ID: 10662 Web mirroring Synopsis Nessus crawled the remote web site. List of Hosts Plugin Output The following CGI have been discovered : Syntax : cginame (arguments [default value]) /file/upload (Filedata [] ) Plugin Output The following CGI have been discovered : Syntax : cginame (arguments [default value]) /file/upload (Filedata [] ) Description This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the client. Solution n/a Risk Factor None Plugin publication date: 2001/05/04 Plugin last modification date: 2011/08/19 PORT WWW (443/TCP) Plugin ID: 10662 Web mirroring Synopsis Nessus crawled the remote web site. List of Hosts Plugin Output The following CGI have been discovered : Syntax : cginame (arguments [default value]) /default.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) / (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) /ScriptResource.axd (t [1e961a8d] d [sT5d_2VWBg5xawZRkHsOU7f5jx2LcLrYNUq5HBMRKCYC44nNpWMG3...) /WebResource.axd (t [634444165638181083] d [wouO9pKHH3gA8HOXLxbKAQ2] ) /RecoverPassword.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwULLTIxMDc5MzE2N...) /Membership/CreatingUserAccounts.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTY0NTU3MTQ4O...) /Login.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTQzNTY4OTI5O...) Plugin Output The following CGI have been discovered : Syntax : cginame (arguments [default value]) /default.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) / (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) /ScriptResource.axd (t [1e961a8d] d [sT5d_2VWBg5xawZRkHsOU7f5jx2LcLrYNUq5HBMRKCYC44nNpWMG3...) /WebResource.axd (t [634444165638181083] d [wouO9pKHH3gA8HOXLxbKAQ2] ) /RecoverPassword.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwULLTIxMDc5MzE2N...) /Membership/CreatingUserAccounts.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTY0NTU3MTQ4O...) /Login.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTQzNTY4OTI5O...) Description This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the client. Solution n/a Risk Factor None Plugin publication date: 2001/05/04 Plugin last modification date: 2011/08/19 PORT WWW (80/TCP) Plugin ID: 10662 Web mirroring Synopsis Nessus crawled the remote web site. List of Hosts Plugin Output The following CGI have been discovered : Syntax : cginame (arguments [default value]) /default.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) / (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) /ScriptResource.axd (t [1e961a8d] d [sT5d_2VWBg5xawZRkHsOU7f5jx2LcLrYNUq5HBMRKCYC44nNpWMG3...) /WebResource.axd (t [634444165638181083] d [wouO9pKHH3gA8HOXLxbKAQ2] ) /RecoverPassword.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwULLTIxMDc5MzE2N...) /Membership/CreatingUserAccounts.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTY0NTU3MTQ4O...) /Login.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTQzNTY4OTI5O...) Plugin Output The following CGI have been discovered : Syntax : cginame (arguments [default value]) /default.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) / (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTM0MDg0MzA5N...) /ScriptResource.axd (t [1e961a8d] d [sT5d_2VWBg5xawZRkHsOU7f5jx2LcLrYNUq5HBMRKCYC44nNpWMG3...) /WebResource.axd (t [634444165638181083] d [wouO9pKHH3gA8HOXLxbKAQ2] ) /RecoverPassword.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwULLTIxMDc5MzE2N...) /Membership/CreatingUserAccounts.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTY0NTU3MTQ4O...) /Login.aspx (__EVENTTARGET [] __EVENTARGUMENT [] __VIEWSTATE [/wEPDwUKLTQzNTY4OTI5O...) Description This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the client. Solution n/a Risk Factor None Plugin publication date: 2001/05/04 Plugin last modification date: 2011/08/19 PORT WWW (443/TCP) Plugin ID: 51891 SSL Session Resume Supported Synopsis The remote host allows resuming SSL sessions. List of Hosts Plugin Output This port supports resuming SSLv3/TLSv1 sessions. Plugin Output This port supports resuming SSLv3/TLSv1 sessions. Description This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed. Solution n/a Risk Factor None Plugin publication date: 2011/02/07 Plugin last modification date: 2011/06/07 PORT NETBIOS-NS (137/UDP) Plugin ID: 10150 Windows NetBIOS / SMB Remote Host Information Disclosure Synopsis It is possible to obtain the network name of the remote host. List of Hosts Plugin Output The following 6 NetBIOS names have been gathered : SEBASTIAN-PC = Computer name WORKGROUP = Workgroup / Domain name SEBASTIAN-PC = File Server Service WORKGROUP = Browser Service Elections WORKGROUP = Master Browser __MSBROWSE__ = Master Browser The remote host has the following MAC address on its adapter : f4:6d:04:39:c1:c6 Plugin Output The following 6 NetBIOS names have been gathered : SEBASTIAN-PC = Computer name WORKGROUP = Workgroup / Domain name SEBASTIAN-PC = File Server Service WORKGROUP = Browser Service Elections WORKGROUP = Master Browser __MSBROWSE__ = Master Browser The remote host has the following MAC address on its adapter : f4:6d:04:39:c1:c6 Description The remote host listens on UDP port 137 or TCP port 445 and replies to NetBIOS nbtscan or SMB requests. Note that this plugin gathers information to be used in other plugins but does not itself generate a report. Solution n/a Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/05/24 PORT WWW (443/TCP) Plugin ID: 50413 CGI Generic Padding Oracle Synopsis A web application hosted on the remote server is potentially prone to a padding oracle attack List of Hosts Plugin Output The following page / argument is potentially affected : - /ScriptResource.axd [arg=d] Note that Nessus stopped searching after one affected script was found. For a complete scan, enable 'Thorough tests' and re-scan. Plugin Output The following page / argument is potentially affected : - /ScriptResource.axd [arg=d] Note that Nessus stopped searching after one affected script was found. For a complete scan, enable 'Thorough tests' and re-scan. Description By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono. An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data. Note that this plugin should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled in that. Solution Update the affected server software, or modify the CGI scripts so that they properly validate encrypted data before attempting decryption. See also http://netifera.com/research/ http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle https://bugzilla.redhat.com/show_bug.cgi?id=623799 Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE CVE-2010-3332 Bugtraq ID 43316 44285 Other references OSVDB:68127 MSFT:MS10-070 Vulnerability publication date: 2010/09/17 Patch publication date: 2010/09/28 Plugin publication date: 2010/10/29 Plugin last modification date: 2011/08/02 PORT WWW (80/TCP) Plugin ID: 50413 CGI Generic Padding Oracle Synopsis A web application hosted on the remote server is potentially prone to a padding oracle attack List of Hosts Plugin Output The following page / argument is potentially affected : - /ScriptResource.axd [arg=d] Note that Nessus stopped searching after one affected script was found. For a complete scan, enable 'Thorough tests' and re-scan. Plugin Output The following page / argument is potentially affected : - /ScriptResource.axd [arg=d] Note that Nessus stopped searching after one affected script was found. For a complete scan, enable 'Thorough tests' and re-scan. Description By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono. An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data. Note that this plugin should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled in that. Solution Update the affected server software, or modify the CGI scripts so that they properly validate encrypted data before attempting decryption. See also http://netifera.com/research/ http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle https://bugzilla.redhat.com/show_bug.cgi?id=623799 Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE CVE-2010-3332 Bugtraq ID 43316 44285 Other references OSVDB:68127 MSFT:MS10-070 Vulnerability publication date: 2010/09/17 Patch publication date: 2010/09/28 Plugin publication date: 2010/10/29 Plugin last modification date: 2011/08/02 PORT CIFS (445/TCP) Plugin ID: 10397 Microsoft Windows SMB LanMan Pipe Server Listing Disclosure Synopsis It is possible to obtain network information. List of Hosts Plugin Output Here is the browse list of the remote host : SEBASTIAN-PC ( os : 6.1 ) Description It was possible to obtain the browse list of the remote Windows system by send a request to the LANMAN pipe. The browse list is the list of the nearest Windows systems of the remote host. Solution n/a Risk Factor None Other references OSVDB:300 Vulnerability publication date: 2000/01/01 Plugin publication date: 2000/05/09 Plugin last modification date: 2011/03/04 PORT WWW (443/TCP) Plugin ID: 47830 CGI Generic Injectable Parameter Synopsis Some CGIs are candidate for extended injection tests. List of Hosts Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to injectable parameter : + The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$Password=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$LoginButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24L oginButton=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" i d="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24U serName=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =%00gmtboi&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2 QW AgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ== &ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$Us erName= -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00gmtboi&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&a mp;ctl00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=%00gmtboi&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=%00gmtboi&ctl 00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebFor m_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%0 0gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00% 24LoginView1%24Login1%24UserName=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$SubmitButton' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$SubmitButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24SubmitButton=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$UserName' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24UserName=%00gmtboi" onsu bmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?ctl00$LoginView1$Login1$Password=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00g mtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__VIEWSTATE=%00gmtboi -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .gmtboi] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?ctl00$LoginView1$Login1$LoginButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24LoginButton=% 00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?ctl00$LoginView1$Login1$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24UserName=%00g mtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__EVENTVALIDATION' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=%00gmtboi&ctl00$LoginView1$Login1$Pas sword=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWA gID D2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl 00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserNa me= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .gmtboi] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=%00gmtboi&_ _EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QW AgIJ D2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Login View1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00g mtboi&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24L oginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__EVENTARGUMENT' parameter of the / CGI : /?__EVENTTARGET=M_2OyteE&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsD ALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=M_2 OyteE&__EVENTARGUMENT=%00gmtboi&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJ m D2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6j XQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login 1$UserName=M_2OyteE -------- output -------</title></head> <body> [...] _2OyteE%26__EVENTARGUMENT%3d%2500gmtboi%26__VIEWSTATE%3d%2fwEPDwUKLTM0 MD [...] <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=%00gmtboi&ctl00$LoginView1$Login1$LoginButton=Log%20I n&ctl00$LoginView1$Login1$UserName= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .gmtboi] [HttpException (0x80004005): The state information is invalid for [...] ------------------------ + The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=%00gmtboi&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=%00gmtboi&ctl00%24LoginVi ew1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit() ;" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24LoginView1 %24Login1%24UserName=%00gmtboi" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$LoginButton' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24LoginButton=%00gmtboi" onsubmit="javascript:return WebForm_OnS ubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> ------------------------ + The 'ctl00$SiteContentPlaceHolder$myLogin$Password' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24Password=%00gmtboi" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$UserName' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24UserName=%00gmtboi" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Email' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Email=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Email=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$StepNextButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$StepNextButtonButton=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24StepNextButtonButton=%00gmt boi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Answer' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Answer=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Answer=%00gmtboi " onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$CancelButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$CancelButtonButton=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24CancelButtonButton=%00gmtbo i" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$UserName' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$UserName=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24UserName=%00gmtb oi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Question' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Question=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Question=%00gmtb oi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$RegularExpressionValidat or1_ValidatorCalloutExtender_ClientState' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$RegularExpressionValidator1_ValidatorCal loutExtender_ClientState=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24RegularExpressio nValidator1_ValidatorCalloutExtender_ClientState=%00gmtboi" onsubmit="ja vascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$ConfirmPassword' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$ConfirmPassword=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24ConfirmPassword= %00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Password' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Password=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Password=%00gmtb oi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------Clicking directly on these URLs should exhibit the issue : (you will probably need to read the HTML source) https:///default.aspx?ctl00$LoginView1$Login1$Password=%00gmtboi https:///default.aspx?ctl00$LoginView1$Login1$LoginButton=%00gmtboi https:///default.aspx?ctl00$LoginView1$Login1$UserName=%00gmtboi https:///?ctl00$LoginView1$Login1$Password=%00gmtboi https:///?__VIEWSTATE=%00gmtboi https:///?ctl00$LoginView1$Login1$LoginButton=%00gmtboi https:///?ctl00$LoginView1$Login1$UserName=%00gmtboi https:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00gmtboi https:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00gmtboi https:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00gmtboi Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to injectable parameter : + The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$Password=%00xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$LoginButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24L oginButton=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" i d="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24U serName=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =%00xskcui&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2 QW AgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ== &ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$Us erName= -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00xskcui&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&a mp;ctl00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=%00xskcui&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=%00xskcui&ctl 00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebFor m_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%0 0xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00% 24LoginView1%24Login1%24UserName=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$SubmitButton' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$SubmitButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24SubmitButton=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$UserName' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24UserName=%00xskcui" onsu bmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?ctl00$LoginView1$Login1$Password=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00x skcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__VIEWSTATE=%00xskcui -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .xskcui] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?ctl00$LoginView1$Login1$LoginButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24LoginButton=% 00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?ctl00$LoginView1$Login1$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24UserName=%00x skcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__EVENTVALIDATION' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=%00xskcui&ctl00$LoginView1$Login1$Pas sword=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWA gID D2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl 00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserNa me= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .xskcui] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=%00xskcui&_ _EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QW AgIJ D2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Login View1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00x skcui&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24L oginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> ------------------------ + The '__EVENTARGUMENT' parameter of the / CGI : /?__EVENTTARGET=edrOJASr&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsD ALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=edr OJASr&__EVENTARGUMENT=%00xskcui&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJ m D2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6j XQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login 1$UserName=edrOJASr -------- output -------</title></head> <body> [...] drOJASr%26__EVENTARGUMENT%3d%2500xskcui%26__VIEWSTATE%3d%2fwEPDwUKLTM0 MD [...] <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=%00xskcui&ctl00$LoginView1$Login1$LoginButton=Log%20I n&ctl00$LoginView1$Login1$UserName= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .xskcui] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=%00xskcui&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=%00xskcui&ctl00%24LoginVi ew1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit() ;" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24LoginView1 %24Login1%24UserName=%00xskcui" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$LoginButton' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24LoginButton=%00xskcui" onsubmit="javascript:return WebForm_OnS ubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$Password' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00xskcui -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24Password=%00xskcui" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$UserName' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24UserName=%00xskcui" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Email' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Email=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Email=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$StepNextButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$StepNextButtonButton=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24StepNextButtonButton=%00xsk cui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Answer' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Answer=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Answer=%00xskcui " onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$CancelButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$CancelButtonButton=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24CancelButtonButton=%00xskcu i" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$UserName' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$UserName=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24UserName=%00xskc ui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Question' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Question=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Question=%00xskc ui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> ------------------------ + The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$RegularExpressionValidat or1_ValidatorCalloutExtender_ClientState' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$RegularExpressionValidator1_ValidatorCal loutExtender_ClientState=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24RegularExpressio nValidator1_ValidatorCalloutExtender_ClientState=%00xskcui" onsubmit="ja vascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$ConfirmPassword' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$ConfirmPassword=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24ConfirmPassword= %00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Password' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Password=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Password=%00xskc ui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> ------------------------ Clicking directly on these URLs should exhibit the issue : (you will probably need to read the HTML source) https:///default.aspx?ctl00$LoginView1$Login1$Password=%00xskcui https:///default.aspx?ctl00$LoginView1$Login1$LoginButton=%00xskcui https:///default.aspx?ctl00$LoginView1$Login1$UserName=%00xskcui https:///?ctl00$LoginView1$Login1$Password=%00xskcui https:///?__VIEWSTATE=%00xskcui https:///?ctl00$LoginView1$Login1$LoginButton=%00xskcui https:///?ctl00$LoginView1$Login1$UserName=%00xskcui https:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00xskcui https:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00xskcui https:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00xskcui Description Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se, the main purpose of this test is to speed up other scripts. The results may be useful for a human pen-tester. Solution n/a Risk Factor Low Other references CWE:86 Plugin publication date: 2010/07/26 Plugin last modification date: 2011/08/26 PORT WWW (80/TCP) Plugin ID: 47830 CGI Generic Injectable Parameter Synopsis Some CGIs are candidate for extended injection tests. List of Hosts Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to injectable parameter : + The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$Password=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$LoginButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24L oginButton=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" i d="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24U serName=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =%00gmtboi&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2 QW AgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ== &ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$Us erName= -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00gmtboi&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&a mp;ctl00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=%00gmtboi&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=%00gmtboi&ctl 00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebFor m_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%0 0gmtboi -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00% 24LoginView1%24Login1%24UserName=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$SubmitButton' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$SubmitButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24SubmitButton=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$UserName' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24UserName=%00gmtboi" onsu bmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?ctl00$LoginView1$Login1$Password=%00gmtboi -------- output -------- </title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00g mtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__VIEWSTATE=%00gmtboi -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .gmtboi] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?ctl00$LoginView1$Login1$LoginButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24LoginButton=% 00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?ctl00$LoginView1$Login1$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24UserName=%00g mtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__EVENTVALIDATION' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=%00gmtboi&ctl00$LoginView1$Login1$Pas sword=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWA gID D2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl 00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserNa me= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .gmtboi] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=%00gmtboi&_ _EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QW AgIJ D2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Login View1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00g mtboi&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24L oginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__EVENTARGUMENT' parameter of the / CGI : /?__EVENTTARGET=kUF3CiEO&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsD ALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=kUF 3CiEO&__EVENTARGUMENT=%00gmtboi&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFg Jm D2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6j XQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login 1$UserName=kUF3CiEO -------- output -------</title></head> <body> [...] UF3CiEO%26__EVENTARGUMENT%3d%2500gmtboi%26__VIEWSTATE%3d%2fwEPDwUKLTM 0MD [...] <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=%00gmtboi&ctl00$LoginView1$Login1$LoginButton=Log%20I n&ctl00$LoginView1$Login1$UserName= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .gmtboi] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=%00gmtboi&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=%00gmtboi&ctl00%24LoginVi ew1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit() ;" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24LoginView1 %24Login1%24UserName=%00gmtboi" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$LoginButton' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24LoginButton=%00gmtboi" onsubmit="javascript:return WebForm_OnS ubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$Password' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24Password=%00gmtboi" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$UserName' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00gmtboi -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24UserName=%00gmtboi" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Email' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Email=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Email=%00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$StepNextButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$StepNextButtonButton=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24StepNextButtonButton=%00gmt boi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Answer' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Answer=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Answer=%00gmtboi " onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$CancelButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$CancelButtonButton=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24CancelButtonButton=%00gmtbo i" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$UserName' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$UserName=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24UserName=%00gmtb oi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Question' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Question=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Question=%00gmtb oi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$RegularExpressionValidat or1_ValidatorCalloutExtender_ClientState' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$RegularExpressionValidator1_ValidatorCal loutExtender_ClientState=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24RegularExpressio nValidator1_ValidatorCalloutExtender_ClientState=%00gmtboi" onsubmit="ja vascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$ConfirmPassword' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$ConfirmPassword=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24ConfirmPassword= %00gmtboi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Password' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Password=%00gmtboi -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Password=%00gmtb oi" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------Clicking directly on these URLs should exhibit the issue : (you will probably need to read the HTML source) http:///default.aspx?ctl00$LoginView1$Login1$Password=%00gmtboi http:///default.aspx?ctl00$LoginView1$Login1$LoginButton=%00gmtboi http:///default.aspx?ctl00$LoginView1$Login1$UserName=%00gmtboi http:///?ctl00$LoginView1$Login1$Password=%00gmtboi http:///?__VIEWSTATE=%00gmtboi http:///?ctl00$LoginView1$Login1$LoginButton=%00gmtboi http:///?ctl00$LoginView1$Login1$UserName=%00gmtboi http:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00gmtboi http:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00gmtboi http:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00gmtboi Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to injectable parameter : + The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$Password=%00xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$LoginButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24L oginButton=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" i d="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?ctl00$LoginView1$Login1$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24U serName=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id=" form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =%00xskcui&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2 QW AgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ== &ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$Us erName= -------- output -------- </title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=%00xskcui&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&a mp;ctl00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=%00xskcui&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=%00xskcui&ctl 00%24LoginView1%24Login1%24UserName=" onsubmit="javascript:return WebFor m_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the /default.aspx CGI : /default.aspx?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTt bTsDALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password =&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD 2QWA gIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Lo ginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%0 0xskcui -------- output -------</title></head> <body> <form method="post" action="default.aspx?ctl00%24LoginView1%24Login1%24P assword=&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00% 24LoginView1%24Login1%24UserName=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$SubmitButton' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$SubmitButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24SubmitButton=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNameContainerID$UserName' parameter of the /RecoverPassword.aspx CGI : /RecoverPassword.aspx?ctl00$SiteContentPlaceHolder$RecoverPasswd$UserNam eContainerID$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="RecoverPassword.aspx?ctl00%24SiteContentPlac eHolder%24RecoverPasswd%24UserNameContainerID%24UserName=%00xskcui" onsu bmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?ctl00$LoginView1$Login1$Password=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00x skcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__VIEWSTATE=%00xskcui -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .xskcui] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?ctl00$LoginView1$Login1$LoginButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24LoginButton=% 00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?ctl00$LoginView1$Login1$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24UserName=%00x skcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__EVENTVALIDATION' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=%00xskcui&ctl00$LoginView1$Login1$Pas sword=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWA gID D2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl 00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserNa me= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .xskcui] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$Password' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=%00xskcui&_ _EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QW AgIJ D2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$Login View1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=%00x skcui&ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24L oginView1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__EVENTARGUMENT' parameter of the / CGI : /?__EVENTTARGET=xYNPzmfL&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsD ALz/POaC8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=xYN PzmfL&__EVENTARGUMENT=%00xskcui&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJ m D2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6j XQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&ctl00$LoginView1$Login 1$UserName=xYNPzmfL -------- output -------</title></head> <body> [...] YNPzmfL%26__EVENTARGUMENT%3d%2500xskcui%26__VIEWSTATE%3d%2fwEPDwUKLTM0 MD [...] <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The '__VIEWSTATE' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=%00xskcui&ctl00$LoginView1$Login1$LoginButton=Log%20I n&ctl00$LoginView1$Login1$UserName= -------- output -------Path: /default.aspx User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Tri [...] ViewState: .xskcui] [HttpException (0x80004005): The state information is invalid for [...] -----------------------+ The 'ctl00$LoginView1$Login1$LoginButton' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=%00xskcui&ctl00$LoginView1$Login1$UserName= -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=%00xskcui&ctl00%24LoginVi ew1%24Login1%24UserName=" onsubmit="javascript:return WebForm_OnSubmit() ;" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTTARGET=&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC 8bWUsNt8gMGTU0CAlO2ZZC6Fi/F&ctl00$LoginView1$Login1$Password=&__EVENTARG UMENT=&__VIEWSTATE=/wEPDwUKLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWA gIBD w8WAh4HVmlzaWJsZWhkZGS7YQyNNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Log in1$LoginButton=Log%20In&ctl00$LoginView1$Login1$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="?ctl00%24LoginView1%24Login1%24Password=&amp ;ctl00%24LoginView1%24Login1%24LoginButton=Log+In&ctl00%24LoginView1 %24Login1%24UserName=%00xskcui" onsubmit="javascript:return WebForm_OnSu bmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$LoginButton' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00xskcui -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24LoginButton=%00xskcui" onsubmit="javascript:return WebForm_OnS ubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$Password' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00xskcui -------- output -------- </title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24Password=%00xskcui" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$myLogin$UserName' parameter of the /Login.aspx CGI : /Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00xskcui -------- output -------</title></head> <body> <form method="post" action="Login.aspx?ctl00%24SiteContentPlaceHolder%24 myLogin%24UserName=%00xskcui" onsubmit="javascript:return WebForm_OnSubm it();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Email' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Email=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Email=%00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$StepNextButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$StepNextButtonButton=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24StepNextButtonButton=%00xsk cui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Answer' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Answer=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Answer=%00xskcui " onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$__CustomNav0$CancelButtonButton' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$__CustomNav0$CancelButtonButton=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24__CustomNav0%24CancelButtonButton=%00xskcu i" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$UserName' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$UserName=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24UserName=%00xskc ui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Question' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Question=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Question=%00xskc ui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$RegularExpressionValidat or1_ValidatorCalloutExtender_ClientState' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$RegularExpressionValidator1_ValidatorCal loutExtender_ClientState=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24RegularExpressio nValidator1_ValidatorCalloutExtender_ClientState=%00xskcui" onsubmit="ja vascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$ConfirmPassword' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$ConfirmPassword=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24ConfirmPassword= %00xskcui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------+ The 'ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepContainer$Password' parameter of the /Membership/CreatingUserAccounts.aspx CGI : /Membership/CreatingUserAccounts.aspx?ctl00$SiteContentPlaceHolder$Regis terUser$CreateUserStepContainer$Password=%00xskcui -------- output -------</title><link href="/WebResource.axd?d=DRo_txePu9LdFnD2ppDT9afQxmI [...] <body> <form method="post" action="CreatingUserAccounts.aspx?ctl00%24SiteConten tPlaceHolder%24RegisterUser%24CreateUserStepContainer%24Password=%00xskc ui" onsubmit="javascript:return WebForm_OnSubmit();" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> -----------------------Clicking directly on these URLs should exhibit the issue : (you will probably need to read the HTML source) http:///default.aspx?ctl00$LoginView1$Login1$Password=%00xskcui http:///default.aspx?ctl00$LoginView1$Login1$LoginButton=%00xskcui http:///default.aspx?ctl00$LoginView1$Login1$UserName=%00xskcui http:///?ctl00$LoginView1$Login1$Password=%00xskcui http:///?__VIEWSTATE=%00xskcui http:///?ctl00$LoginView1$Login1$LoginButton=%00xskcui http:///?ctl00$LoginView1$Login1$UserName=%00xskcui http:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$LoginButton=%00xskcui http:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$Password=%00xskcui http:///Login.aspx?ctl00$SiteContentPlaceHolder$myLogin$UserName=%00xskcui Description Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se, the main purpose of this test is to speed up other scripts. The results may be useful for a human pen-tester. Solution n/a Risk Factor Low Other references CWE:86 Plugin publication date: 2010/07/26 Plugin last modification date: 2011/08/26 PORT WWW (443/TCP) Plugin ID: 49806 MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) (uncredentialed check) Synopsis The version of the .NET framework installed on the remote host has an information disclosure vulnerability. List of Hosts Plugin Output /ScriptResource.axd returned a padding error. Plugin Output /ScriptResource.axd returned a padding error. Description There is an information disclosure vulnerability in ASP.NET, part of the .NET framework. Information can be leaked due to improper error handling during encryption padding. A remote attacker could exploit this to decrypt and modify an ASP.NET application's server-encrypted data. In .NET Framework 3.5 SP1 and above, an attacker could exploit this to download any file within the ASP.NET application, including web.config. Solution Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 : http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE CVE-2010-3332 Bugtraq ID 43316 Other references OSVDB:68127 MSFT:MS10-070 Vulnerability publication date: 2010/09/17 Patch publication date: 2010/09/28 Plugin publication date: 2010/10/08 Plugin last modification date: 2011/08/02 Ease of exploitability: Exploits are available PORT WWW (80/TCP) Plugin ID: 49806 MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) (uncredentialed check) Synopsis The version of the .NET framework installed on the remote host has an information disclosure vulnerability. List of Hosts Plugin Output /ScriptResource.axd returned a padding error. Plugin Output /ScriptResource.axd returned a padding error. Description There is an information disclosure vulnerability in ASP.NET, part of the .NET framework. Information can be leaked due to improper error handling during encryption padding. A remote attacker could exploit this to decrypt and modify an ASP.NET application's server-encrypted data. In .NET Framework 3.5 SP1 and above, an attacker could exploit this to download any file within the ASP.NET application, including web.config. Solution Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 : http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE CVE-2010-3332 Bugtraq ID 43316 Other references OSVDB:68127 MSFT:MS10-070 Vulnerability publication date: 2010/09/17 Patch publication date: 2010/09/28 Plugin publication date: 2010/10/08 Plugin last modification date: 2011/08/02 Ease of exploitability: Exploits are available PORT WWW (443/TCP) Plugin ID: 11954 SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure Synopsis The remote host has an application that is affected by an information disclosure vulnerability. List of Hosts Plugin Output It is possible to obtain the physical path to the remote website by sending the following request : GET /scripts/sgdynamo.exe?HTNAME=sgdynamo.exe HTTP/1.1 We determined that the remote web path is : 'C:\inetpub\wwwroot\scripts\sgdynamo.exe' This information may be useful to an attacker who can use it to make better attacks against the remote server. Plugin Output It is possible to obtain the physical path to the remote website by sending the following request : GET /scripts/sgdynamo.exe?HTNAME=sgdynamo.exe HTTP/1.1 We determined that the remote web path is : 'C:\inetpub\wwwroot\scripts\sgdynamo.exe' This information may be useful to an attacker who can use it to make better attacks against the remote server. Description The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to make better attacks against the remote server. Solution None at this time Risk Factor Medium/ CVSS Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) Other references OSVDB:54010 Plugin publication date: 2003/12/18 Plugin last modification date: 2011/03/15 PORT WWW (80/TCP) Plugin ID: 11954 SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure Synopsis The remote host has an application that is affected by an information disclosure vulnerability. List of Hosts Plugin Output It is possible to obtain the physical path to the remote website by sending the following request : GET /scripts/sgdynamo.exe?HTNAME=sgdynamo.exe HTTP/1.1 We determined that the remote web path is : 'C:\inetpub\wwwroot\scripts\sgdynamo.exe' This information may be useful to an attacker who can use it to make better attacks against the remote server. Plugin Output It is possible to obtain the physical path to the remote website by sending the following request : GET /scripts/sgdynamo.exe?HTNAME=sgdynamo.exe HTTP/1.1 We determined that the remote web path is : 'C:\inetpub\wwwroot\scripts\sgdynamo.exe' This information may be useful to an attacker who can use it to make better attacks against the remote server. Description The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to make better attacks against the remote server. Solution None at this time Risk Factor Medium/ CVSS Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) Other references OSVDB:54010 Plugin publication date: 2003/12/18 Plugin last modification date: 2011/03/15 PORT CIFS (445/TCP) Plugin ID: 26917 Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry Synopsis Nessus is not able to access the remote Windows Registry. List of Hosts Plugin Output Could not connect to the registry because: Could not connect to \winreg Description It was not possible to connect to PIPE\winreg on the remote host. If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'Remote Registry Access' service (winreg) has been disabled on the remote host or can not be connected to with the supplied credentials. Solution n/a Risk Factor None Plugin publication date: 2007/10/04 Plugin last modification date: 2011/03/27 PORT (0/TCP) Plugin ID: 46180 Additional DNS Hostnames Synopsis Potential virtual hosts have been detected. List of Hosts Plugin Output - sebastian-pc Plugin Output - sebastian-pc Description Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web servers may be hosted on namebased virtual hosts. Solution If you want to test them, re-scan using the special vhost syntax, such as : www.example.com[192.0.32.10] See also http://en.wikipedia.org/wiki/Virtual_hosting Risk Factor None Plugin publication date: 2010/04/29 Plugin last modification date: 2011/06/22 PORT CIFS (445/TCP) Plugin ID: 11011 Microsoft Windows SMB Service Detection Synopsis A file / print sharing service is listening on the remote host. List of Hosts Plugin Output A CIFS server is running on this port. Plugin Output A CIFS server is running on this port. Description The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. Solution n/a Risk Factor None Plugin publication date: 2002/06/05 Plugin last modification date: 2011/03/11 PORT SMB (139/TCP) Plugin ID: 11011 Microsoft Windows SMB Service Detection Synopsis A file / print sharing service is listening on the remote host. List of Hosts Plugin Output An SMB server is running on this port. Plugin Output An SMB server is running on this port. Description The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. Solution n/a Risk Factor None Plugin publication date: 2002/06/05 Plugin last modification date: 2011/03/11 PORT WWW (8834/TCP) Plugin ID: 49704 External URLs Synopsis Links to external sites were gathered. List of Hosts Plugin Output 2 external URLs were gathered on this web server : URL... - Seen on... http://itunes.apple.com/app/nessus/id390891776?mt=8/ - / http://www.adobe.com/go/getflash/ - / Plugin Output 2 external URLs were gathered on this web server : URL... - Seen on... http://itunes.apple.com/app/nessus/id390891776?mt=8/ - / http://www.adobe.com/go/getflash/ - / Description Nessus gathered HREF links to external sites by crawling the remote web server. Solution n/a Risk Factor None Plugin publication date: 2010/10/04 Plugin last modification date: 2011/08/19 PORT WWW (443/TCP) Plugin ID: 49704 External URLs Synopsis Links to external sites were gathered. List of Hosts Plugin Output 1 external URL was gathered on this web server : URL... - Seen on... https://swifpaals.dyndns-remote.com/Default.aspx - / Plugin Output 1 external URL was gathered on this web server : URL... - Seen on... https://swifpaals.dyndns-remote.com/Default.aspx - / Description Nessus gathered HREF links to external sites by crawling the remote web server. Solution n/a Risk Factor None Plugin publication date: 2010/10/04 Plugin last modification date: 2011/08/19 PORT WWW (8834/TCP) Plugin ID: 10863 SSL Certificate Information Synopsis This plugin displays the SSL certificate. List of Hosts Plugin Output Subject Name: Organization: Nessus Users United Organization Unit: Nessus Server Locality: New York Country: US State/Province: NY Common Name: Sebastian-PC Issuer Name: Organization: Nessus Users United Organization Unit: Nessus Certification Authority Locality: New York Country: US State/Province: NY Common Name: Nessus Certification Authority Serial Number: 09 A3 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Sep 02 19:44:14 2011 GMT Not Valid After: Sep 01 19:44:14 2015 GMT Public Key Info: Algorithm: RSA Encryption Public Key: 00 FC EA 6A 55 0E CA A1 24 B9 69 99 8D AF B6 D6 5A DB 14 F0 8C 44 C5 AD 52 47 C5 EA D0 F5 E4 15 BE FF AC 46 FC 5B 5D D3 E3 31 25 F9 5A 05 F6 0F B2 D4 65 F3 47 D4 FA 5E E6 C0 3F 1E D5 D0 99 D2 A1 CE E1 0D 7A F3 CF 90 CA 90 FD 9E 1F FC 1F 40 A2 BB 1D F7 97 E0 E8 9E AC 7D A7 D9 68 E3 73 87 EB E9 0E 06 AC 92 CB 9F 80 3E EF F8 C4 BF 01 6A 00 77 F5 A2 7B 7F D5 92 B1 DF 26 C1 DF 76 47 ED CD Exponent: 01 00 01 Signature: 00 1F 68 F6 C6 B6 6A FE C3 80 C0 2B C9 12 28 0C C7 88 62 6D 56 BC 90 AE D8 20 07 3B FE 65 1D 80 55 F4 DB 16 C3 3B B5 5C 3D EE A0 1D 5C 1C 41 D0 B7 22 CC 25 55 91 32 6F DE E6 50 DE F2 68 81 91 2C B7 85 BA 9B D7 7C 1F 06 DF A7 65 F4 D9 89 DD 34 C2 8D A1 76 D1 70 2D 84 8B 64 78 75 1C 51 43 6B 3E 10 83 BD 98 0C 3D BB 3C E6 52 72 BF CC D6 77 82 81 51 DF 12 A7 80 7F 68 E2 6B D2 CD D7 4B 7E Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03 02 06 40 Extension: Key Usage (2.5.29.15) Critical: 1 Key Usage: Digital Signature, Non Repudiation, Key Encipherment Plugin Output Subject Name: Organization: Nessus Users United Organization Unit: Nessus Server Locality: New York Country: US State/Province: NY Common Name: Sebastian-PC Issuer Name: Organization: Nessus Users United Organization Unit: Nessus Certification Authority Locality: New York Country: US State/Province: NY Common Name: Nessus Certification Authority Serial Number: 09 A3 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Sep 02 19:44:14 2011 GMT Not Valid After: Sep 01 19:44:14 2015 GMT Public Key Info: Algorithm: RSA Encryption Public Key: 00 FC EA 6A 55 0E CA A1 24 B9 69 99 8D AF B6 D6 5A DB 14 F0 8C 44 C5 AD 52 47 C5 EA D0 F5 E4 15 BE FF AC 46 FC 5B 5D D3 E3 31 25 F9 5A 05 F6 0F B2 D4 65 F3 47 D4 FA 5E E6 C0 3F 1E D5 D0 99 D2 A1 CE E1 0D 7A F3 CF 90 CA 90 FD 9E 1F FC 1F 40 A2 BB 1D F7 97 E0 E8 9E AC 7D A7 D9 68 E3 73 87 EB E9 0E 06 AC 92 CB 9F 80 3E EF F8 C4 BF 01 6A 00 77 F5 A2 7B 7F D5 92 B1 DF 26 C1 DF 76 47 ED CD Exponent: 01 00 01 Signature: 00 1F 68 F6 C6 B6 6A FE C3 80 C0 2B C9 12 28 0C C7 88 62 6D 56 BC 90 AE D8 20 07 3B FE 65 1D 80 55 F4 DB 16 C3 3B B5 5C 3D EE A0 1D 5C 1C 41 D0 B7 22 CC 25 55 91 32 6F DE E6 50 DE F2 68 81 91 2C B7 85 BA 9B D7 7C 1F 06 DF A7 65 F4 D9 89 DD 34 C2 8D A1 76 D1 70 2D 84 8B 64 78 75 1C 51 43 6B 3E 10 83 BD 98 0C 3D BB 3C E6 52 72 BF CC D6 77 82 81 51 DF 12 A7 80 7F 68 E2 6B D2 CD D7 4B 7E Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03 02 06 40 Extension: Key Usage (2.5.29.15) Critical: 1 Key Usage: Digital Signature, Non Repudiation, Key Encipherment Description This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. Solution n/a Risk Factor None Plugin publication date: 2008/05/19 Plugin last modification date: 2011/03/17 PORT NESSUS (1241/TCP) Plugin ID: 10863 SSL Certificate Information Synopsis This plugin displays the SSL certificate. List of Hosts Plugin Output Subject Name: Organization: Nessus Users United Organization Unit: Nessus Server Locality: New York Country: US State/Province: NY Common Name: Sebastian-PC Issuer Name: Organization: Nessus Users United Organization Unit: Nessus Certification Authority Locality: New York Country: US State/Province: NY Common Name: Nessus Certification Authority Serial Number: 09 A3 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Sep 02 19:44:14 2011 GMT Not Valid After: Sep 01 19:44:14 2015 GMT Public Key Info: Algorithm: RSA Encryption Public Key: 00 FC EA 6A 55 0E CA A1 24 B9 69 99 8D AF B6 D6 5A DB 14 F0 8C 44 C5 AD 52 47 C5 EA D0 F5 E4 15 BE FF AC 46 FC 5B 5D D3 E3 31 25 F9 5A 05 F6 0F B2 D4 65 F3 47 D4 FA 5E E6 C0 3F 1E D5 D0 99 D2 A1 CE E1 0D 7A F3 CF 90 CA 90 FD 9E 1F FC 1F 40 A2 BB 1D F7 97 E0 E8 9E AC 7D A7 D9 68 E3 73 87 EB E9 0E 06 AC 92 CB 9F 80 3E EF F8 C4 BF 01 6A 00 77 F5 A2 7B 7F D5 92 B1 DF 26 C1 DF 76 47 ED CD Exponent: 01 00 01 Signature: 00 1F 68 F6 C6 B6 6A FE C3 80 C0 2B C9 12 28 0C C7 88 62 6D 56 BC 90 AE D8 20 07 3B FE 65 1D 80 55 F4 DB 16 C3 3B B5 5C 3D EE A0 1D 5C 1C 41 D0 B7 22 CC 25 55 91 32 6F DE E6 50 DE F2 68 81 91 2C B7 85 BA 9B D7 7C 1F 06 DF A7 65 F4 D9 89 DD 34 C2 8D A1 76 D1 70 2D 84 8B 64 78 75 1C 51 43 6B 3E 10 83 BD 98 0C 3D BB 3C E6 52 72 BF CC D6 77 82 81 51 DF 12 A7 80 7F 68 E2 6B D2 CD D7 4B 7E Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03 02 06 40 Extension: Key Usage (2.5.29.15) Critical: 1 Key Usage: Digital Signature, Non Repudiation, Key Encipherment Description This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. Solution n/a Risk Factor None Plugin publication date: 2008/05/19 Plugin last modification date: 2011/03/17 PORT WWW (443/TCP) Plugin ID: 10863 SSL Certificate Information Synopsis This plugin displays the SSL certificate. List of Hosts Plugin Output Subject Name: Common Name: Sebastian-PC Issuer Name: Common Name: Sebastian-PC Serial Number: 44 4D C6 78 5D 26 4D 88 4D 2E 11 42 0B 23 D4 96 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jun 27 21:58:53 2011 GMT Not Valid After: Jun 27 00:00:00 2012 GMT Public Key Info: Algorithm: RSA Encryption Public Key: 00 A4 34 BF 27 89 4B 6E 07 C7 3B 60 DE 9F 56 06 31 C5 1D ED D2 C4 B3 5D 03 37 38 DA 4B B1 6C 41 41 E6 B0 EC CD C9 28 84 29 27 0C A3 45 85 CB E2 B9 3A ED CE A3 80 8B 82 24 05 43 11 22 9A 3F 93 5D 08 15 92 5A 22 D4 E0 57 04 DB D7 86 49 0A BD C5 89 C1 0D C2 38 17 5C 6A A7 B5 AE CB 0D 54 C4 76 8D F6 63 68 09 D3 75 62 64 0A A6 84 02 97 DA 53 3A A8 1D C6 B9 74 31 C1 83 65 57 BD B9 EC 57 D3 7D 51 2E A1 7A A2 67 0E 0F 3E 10 95 15 EE ED 0C E6 C4 61 B9 A4 61 B3 D1 54 19 88 74 CE 17 4B F6 86 F9 8C B6 3F 1F 33 C0 36 08 25 34 86 BD C9 EE 03 51 C2 35 83 50 24 1E 32 3A A0 0B 3B ED B1 40 2D E4 7B 50 CF A6 EA 7E 8E F0 48 C6 28 F3 03 2B 5F 08 59 34 26 CB 7B 51 08 C0 E7 59 DB A5 12 C9 BF EF 1F 07 EA 7A DD 2A 1E 94 C7 D4 A1 54 92 7E 4A DC C3 3C FA 5C 29 F3 0E 4F 54 29 80 AA 73 F7 Exponent: 01 00 01 Signature: 00 7D 46 A9 8E 90 00 FF DC 5A E2 B3 AE 30 6B 07 36 8E 8D 19 35 F3 60 AB F0 4B FD B9 C7 B2 AF 0F 13 75 2A AA B5 DE F8 11 79 84 0C EF FA B0 2F C8 82 AA AD 33 D6 9B 1A E8 5F 06 64 75 3A 43 09 B0 F3 27 CC 9D 38 65 82 CF 57 4C F5 C1 4B F6 87 21 40 68 11 E6 64 F0 B6 7A F4 5F E2 8D CA 97 7D 49 AC CE 7D 6C ED 13 13 BE 9A 91 12 23 AA 76 88 51 7C 0B 45 DE F1 A4 20 08 41 B5 F9 79 01 AD 0E 85 A5 17 AB 72 BE C7 F6 F5 5F A1 A9 13 0E 0B 3E FE D2 E9 59 69 1E 6F 63 CB AD 94 15 ED B6 53 1F 38 49 70 03 D1 D2 BA 37 DB E1 35 07 8D D6 7F 36 3C 98 A3 75 BC EC BB 2A DB 2C 11 3F 5E EB 42 DC A4 5A CF 92 15 F2 51 21 7A 03 78 60 E6 F9 39 9A 7E DC DE 06 AB 54 F8 50 F3 DE 35 30 A4 77 12 5A F5 0C 65 4A 81 F3 C9 AD 07 64 4E F7 67 0F EE DB B6 92 0A F6 4A 3A 7C FA 9F 97 69 C7 D2 34 18 0E DF D3 Extension: Key Usage (2.5.29.15) Critical: 0 Key Usage: Key Encipherment, Data Encipherment Extension: Extended Key Usage (2.5.29.37) Critical: 0 Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1) Plugin Output Subject Name: Common Name: Sebastian-PC Issuer Name: Common Name: Sebastian-PC Serial Number: 44 4D C6 78 5D 26 4D 88 4D 2E 11 42 0B 23 D4 96 Version: 3 Signature Algorithm: SHA-1 With RSA Encryption Not Valid Before: Jun 27 21:58:53 2011 GMT Not Valid After: Jun 27 00:00:00 2012 GMT Public Key Info: Algorithm: RSA Encryption Public Key: 00 A4 34 BF 27 89 4B 6E 07 C7 3B 60 DE 9F 56 06 31 C5 1D ED D2 C4 B3 5D 03 37 38 DA 4B B1 6C 41 41 E6 B0 EC CD C9 28 84 29 27 0C A3 45 85 CB E2 B9 3A ED CE A3 80 8B 82 24 05 43 11 22 9A 3F 93 5D 08 15 92 5A 22 D4 E0 57 04 DB D7 86 49 0A BD C5 89 C1 0D C2 38 17 5C 6A A7 B5 AE CB 0D 54 C4 76 8D F6 63 68 09 D3 75 62 64 0A A6 84 02 97 DA 53 3A A8 1D C6 B9 74 31 C1 83 65 57 BD B9 EC 57 D3 7D 51 2E A1 7A A2 67 0E 0F 3E 10 95 15 EE ED 0C E6 C4 61 B9 A4 61 B3 D1 54 19 88 74 CE 17 4B F6 86 F9 8C B6 3F 1F 33 C0 36 08 25 34 86 BD C9 EE 03 51 C2 35 83 50 24 1E 32 3A A0 0B 3B ED B1 40 2D E4 7B 50 CF A6 EA 7E 8E F0 48 C6 28 F3 03 2B 5F 08 59 34 26 CB 7B 51 08 C0 E7 59 DB A5 12 C9 BF EF 1F 07 EA 7A DD 2A 1E 94 C7 D4 A1 54 92 7E 4A DC C3 3C FA 5C 29 F3 0E 4F 54 29 80 AA 73 F7 Exponent: 01 00 01 Signature: 00 7D 46 A9 8E 90 00 FF DC 5A E2 B3 AE 30 6B 07 36 8E 8D 19 35 F3 60 AB F0 4B FD B9 C7 B2 AF 0F 13 75 2A AA B5 DE F8 11 79 84 0C EF FA B0 2F C8 82 AA AD 33 D6 9B 1A E8 5F 06 64 75 3A 43 09 B0 F3 27 CC 9D 38 65 82 CF 57 4C F5 C1 4B F6 87 21 40 68 11 E6 64 F0 B6 7A F4 5F E2 8D CA 97 7D 49 AC CE 7D 6C ED 13 13 BE 9A 91 12 23 AA 76 88 51 7C 0B 45 DE F1 A4 20 08 41 B5 F9 79 01 AD 0E 85 A5 17 AB 72 BE C7 F6 F5 5F A1 A9 13 0E 0B 3E FE D2 E9 59 69 1E 6F 63 CB AD 94 15 ED B6 53 1F 38 49 70 03 D1 D2 BA 37 DB E1 35 07 8D D6 7F 36 3C 98 A3 75 BC EC BB 2A DB 2C 11 3F 5E EB 42 DC A4 5A CF 92 15 F2 51 21 7A 03 78 60 E6 F9 39 9A 7E DC DE 06 AB 54 F8 50 F3 DE 35 30 A4 77 12 5A F5 0C 65 4A 81 F3 C9 AD 07 64 4E F7 67 0F EE DB B6 92 0A F6 4A 3A 7C FA 9F 97 69 C7 D2 34 18 0E DF D3 Extension: Key Usage (2.5.29.15) Critical: 0 Key Usage: Key Encipherment, Data Encipherment Extension: Extended Key Usage (2.5.29.37) Critical: 0 Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1) Description This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate. Solution n/a Risk Factor None Plugin publication date: 2008/05/19 Plugin last modification date: 2011/03/17 PORT (0/TCP) Plugin ID: 12053 Host Fully Qualified Domain Name (FQDN) Resolution Synopsis It was possible to resolve the name of the remote host. List of Hosts Plugin Output 192.168.1.150 resolves as . Plugin Output 192.168.1.150 resolves as . Description Nessus was able to resolve the FQDN of the remote host. Solution n/a Risk Factor None Plugin publication date: 2004/02/11 Plugin last modification date: 2011/07/14 PORT (0/TCP) Plugin ID: 54615 Device Type Synopsis It is possible to guess the remote device type. List of Hosts Plugin Output Remote device type : general-purpose Confidence level : 99 Plugin Output Remote device type : general-purpose Confidence level : 99 Description Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc). Solution n/a Risk Factor None Plugin publication date: 2011/05/23 Plugin last modification date: 2011/05/23 PORT WWW (443/TCP) Plugin ID: 20007 SSL Version 2 (v2) Protocol Detection Synopsis The remote service encrypts traffic using a protocol with known weaknesses. List of Hosts Description The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. Solution Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See also http://www.schneier.com/paper-ssl.pdf http://support.microsoft.com/kb/187498 http://www.linux4beginners.info/node/disable-sslv2 Risk Factor Medium/ CVSS Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin publication date: 2005/10/12 Plugin last modification date: 2011/03/11 PORT WWW (10243/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : (Not implemented) Headers : Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 02 Sep 2011 20:42:59 GMT Connection: close Content-Length: 334 Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : (Not implemented) Headers : Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 02 Sep 2011 20:42:51 GMT Connection: close Content-Length: 334 Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (8834/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts Plugin Output Protocol version : HTTP/1.1 SSL : yes Keep-Alive : no Options allowed : (Not implemented) Headers : Date: Fri, 02 Sep 2011 20:42:59 GMT Server: NessusWWW Connection: close Expires: Fri, 02 Sep 2011 20:42:59 GMT Content-Length: 6518 Content-Type: text/html Cache-Control: Expires: 0 Pragma : Plugin Output Protocol version : HTTP/1.1 SSL : yes Keep-Alive : no Options allowed : (Not implemented) Headers : Date: Fri, 02 Sep 2011 20:42:52 GMT Server: NessusWWW Connection: close Expires: Fri, 02 Sep 2011 20:42:52 GMT Content-Length: 6518 Content-Type: text/html Cache-Control: Expires: 0 Pragma : Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (5357/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : (Not implemented) Headers : Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 02 Sep 2011 20:42:59 GMT Connection: close Content-Length: 334 Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : (Not implemented) Headers : Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 02 Sep 2011 20:42:51 GMT Connection: close Content-Length: 334 Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (2869/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : (Not implemented) Headers : Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 02 Sep 2011 20:42:59 GMT Connection: close Content-Length: 334 Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : (Not implemented) Headers : Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 02 Sep 2011 20:42:51 GMT Connection: close Content-Length: 334 Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (443/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts Plugin Output Protocol version : HTTP/1.1 SSL : yes Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers : Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 02 Sep 2011 20:42:59 GMT Content-Length: 11477 Plugin Output Protocol version : HTTP/1.1 SSL : yes Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers : Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 02 Sep 2011 20:42:51 GMT Content-Length: 11477 Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (80/TCP) Plugin ID: 24260 HyperText Transfer Protocol (HTTP) Information Synopsis Some information about the remote HTTP configuration can be extracted. List of Hosts Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers : Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 02 Sep 2011 20:42:59 GMT Content-Length: 11477 Plugin Output Protocol version : HTTP/1.1 SSL : no Keep-Alive : no Options allowed : OPTIONS, TRACE, GET, HEAD, POST Headers : Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 02 Sep 2011 20:42:51 GMT Content-Length: 11477 Description This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution n/a Risk Factor None Plugin publication date: 2007/01/30 Plugin last modification date: 2011/05/31 PORT WWW (443/TCP) Plugin ID: 42057 Web Server Allows Password Auto-Completion Synopsis Auto-complete is not disabled on password fields. List of Hosts Plugin Output Page : / Destination Page : Input name : ctl00$LoginView1$Login1$Password Page : /Login.aspx Destination Page : Login.aspx Input name : ctl00$SiteContentPlaceHolder$myLogin$Password Page : /Membership/CreatingUserAccounts.aspx Destination Page : CreatingUserAccounts.aspx Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$Password Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$ConfirmPassword Page : /default.aspx Destination Page : default.aspx Input name : ctl00$LoginView1$Login1$Password Plugin Output Page : / Destination Page : Input name : ctl00$LoginView1$Login1$Password Page : /Login.aspx Destination Page : Login.aspx Input name : ctl00$SiteContentPlaceHolder$myLogin$Password Page : /Membership/CreatingUserAccounts.aspx Destination Page : CreatingUserAccounts.aspx Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$Password Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$ConfirmPassword Page : /default.aspx Destination Page : default.aspx Input name : ctl00$LoginView1$Login1$Password Description The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or their machine is compromised at some point. Solution Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials. Risk Factor None Plugin publication date: 2009/10/07 Plugin last modification date: 2011/03/18 PORT WWW (80/TCP) Plugin ID: 42057 Web Server Allows Password Auto-Completion Synopsis Auto-complete is not disabled on password fields. List of Hosts Plugin Output Page : / Destination Page : Input name : ctl00$LoginView1$Login1$Password Page : /Login.aspx Destination Page : Login.aspx Input name : ctl00$SiteContentPlaceHolder$myLogin$Password Page : /Membership/CreatingUserAccounts.aspx Destination Page : CreatingUserAccounts.aspx Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$Password Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$ConfirmPassword Page : /default.aspx Destination Page : default.aspx Input name : ctl00$LoginView1$Login1$Password Plugin Output Page : / Destination Page : Input name : ctl00$LoginView1$Login1$Password Page : /Login.aspx Destination Page : Login.aspx Input name : ctl00$SiteContentPlaceHolder$myLogin$Password Page : /Membership/CreatingUserAccounts.aspx Destination Page : CreatingUserAccounts.aspx Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$Password Input name : ctl00$SiteContentPlaceHolder$RegisterUser$CreateUserStepCon tainer$ConfirmPassword Page : /default.aspx Destination Page : default.aspx Input name : ctl00$LoginView1$Login1$Password Description The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or their machine is compromised at some point. Solution Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials. Risk Factor None Plugin publication date: 2009/10/07 Plugin last modification date: 2011/03/18 PORT WWW (443/TCP) Plugin ID: 55903 CGI Generic Cross-Site Scripting Vulnerability (extended patterns) Synopsis The remote web server is prone to cross-site scripting attacks. List of Hosts Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to cross-site scripting (extended patterns) : + The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTARGUMENT=&ctl00$LoginView1$Login1$Password=&__VIEWSTATE=/wEPDwU KLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7 YQy NNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&c tl00$LoginView1$Login1$UserName=508%20src=http://www.example.com/exploit 508.js&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC8bWUsNt8gM GTU0CAlO2ZZC6Fi/F -------- output -------<tr> <td> <input name="ctl00$LoginView1$Login1$UserName" type="text" value="508 sr c=http://www.example.com/exploit508.js" id="LoginView1_Login1_UserName" /> <span id="LoginView1_Login1_UserNameRequired" title="User Name is [...] </td> ------------------------ Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to cross-site scripting (extended patterns) : + The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTARGUMENT=&ctl00$LoginView1$Login1$Password=&__VIEWSTATE=/wEPDwU KLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7 YQy NNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&c tl00$LoginView1$Login1$UserName=508%20src=http://www.example.com/exploit 508.js&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC8bWUsNt8gM GTU0CAlO2ZZC6Fi/F -------- output -------<tr> <td> <input name="ctl00$LoginView1$Login1$UserName" type="text" value="508 sr c=http://www.example.com/exploit508.js" id="LoginView1_Login1_UserName" /> <span id="LoginView1_Login1_UserNameRequired" title="User Name is [...] </td> ------------------------ Description The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These XSS vulnerabilities are likely to be 'non-persistent' or 'reflected'. Solution Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade. See also http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent http://www.nessus.org/u?9717ad85 http://projects.webappsec.org/Cross-Site+Scripting Risk Factor Medium/ CVSS Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) Other references CWE:79 CWE:80 CWE:81 CWE:83 CWE:20 CWE:74 CWE:442 CWE:712 CWE:722 CWE:725 CWE:811 CWE:751 CWE:801 CWE:116 CWE:692 CWE:86 Plugin publication date: 2011/08/03 Plugin last modification date: 2011/08/24 PORT WWW (80/TCP) Plugin ID: 55903 CGI Generic Cross-Site Scripting Vulnerability (extended patterns) Synopsis The remote web server is prone to cross-site scripting attacks. List of Hosts Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to cross-site scripting (extended patterns) : + The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTARGUMENT=&ctl00$LoginView1$Login1$Password=&__VIEWSTATE=/wEPDwU KLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7 YQy NNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&c tl00$LoginView1$Login1$UserName=508%20src=http://www.example.com/exploit 508.js&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC8bWUsNt8gM GTU0CAlO2ZZC6Fi/F -------- output -------<tr> <td> <input name="ctl00$LoginView1$Login1$UserName" type="text" value="508 sr c=http://www.example.com/exploit508.js" id="LoginView1_Login1_UserName" /> <span id="LoginView1_Login1_UserNameRequired" title="User Name is [...] </td> ------------------------ Plugin Output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to cross-site scripting (extended patterns) : + The 'ctl00$LoginView1$Login1$UserName' parameter of the / CGI : /?__EVENTARGUMENT=&ctl00$LoginView1$Login1$Password=&__VIEWSTATE=/wEPDwU KLTM0MDg0MzA5Nw9kFgJmD2QWAgIDD2QWAgIJD2QWAgIBDw8WAh4HVmlzaWJsZWhkZGS7 YQy NNhAM7y//OgiHAa38wu6jXQ==&ctl00$LoginView1$Login1$LoginButton=Log%20In&c tl00$LoginView1$Login1$UserName=508%20src=http://www.example.com/exploit 508.js&__EVENTVALIDATION=/wEWBAKD1b65CAL8mvnKDALTtbTsDALz/POaC8bWUsNt8gM GTU0CAlO2ZZC6Fi/F -------- output -------<tr> <td> <input name="ctl00$LoginView1$Login1$UserName" type="text" value="508 sr c=http://www.example.com/exploit508.js" id="LoginView1_Login1_UserName" /> <span id="LoginView1_Login1_UserNameRequired" title="User Name is [...] </td> ------------------------ Description The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These XSS vulnerabilities are likely to be 'non-persistent' or 'reflected'. Solution Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade. See also http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent http://www.nessus.org/u?9717ad85 http://projects.webappsec.org/Cross-Site+Scripting Risk Factor Medium/ CVSS Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) Other references CWE:79 CWE:80 CWE:81 CWE:83 CWE:20 CWE:74 CWE:442 CWE:712 CWE:722 CWE:725 CWE:811 CWE:751 CWE:801 CWE:116 CWE:692 CWE:86 Plugin publication date: 2011/08/03 Plugin last modification date: 2011/08/24 PORT WWW (2869/TCP) Plugin ID: 11153 Service Detection (HELP Request) Synopsis The remote service could be identified. List of Hosts Plugin Output A web server seems to be running on this port. Plugin Output A web server seems to be running on this port. Description It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an 'HELP' request. Solution n/a Risk Factor None Plugin publication date: 2002/11/18 Plugin last modification date: 2011/04/08 PORT WWW (10243/TCP) Plugin ID: 10107 HTTP Server Type and Version Synopsis A web server is running on the remote host. List of Hosts Plugin Output The remote web server type is : Microsoft-HTTPAPI/2.0 Plugin Output The remote web server type is : Microsoft-HTTPAPI/2.0 Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (8834/TCP) Plugin ID: 10107 HTTP Server Type and Version Synopsis A web server is running on the remote host. List of Hosts Plugin Output The remote web server type is : NessusWWW Plugin Output The remote web server type is : NessusWWW Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (5357/TCP) Plugin ID: 10107 HTTP Server Type and Version Synopsis A web server is running on the remote host. List of Hosts Plugin Output The remote web server type is : Microsoft-HTTPAPI/2.0 Plugin Output The remote web server type is : Microsoft-HTTPAPI/2.0 Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (443/TCP) Plugin ID: 10107 HTTP Server Type and Version Synopsis A web server is running on the remote host. List of Hosts Plugin Output The remote web server type is : Microsoft-IIS/7.5 Plugin Output The remote web server type is : Microsoft-IIS/7.5 Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT WWW (80/TCP) Plugin ID: 10107 HTTP Server Type and Version Synopsis A web server is running on the remote host. List of Hosts Plugin Output The remote web server type is : Microsoft-IIS/7.5 Plugin Output The remote web server type is : Microsoft-IIS/7.5 Description This plugin attempts to determine the type and the version of the remote web server. Solution n/a Risk Factor None Plugin publication date: 2000/01/04 Plugin last modification date: 2011/04/21 PORT (0/TCP) Plugin ID: 19506 Nessus Scan Information Synopsis Information about the Nessus scan. List of Hosts Plugin Output Information about this scan : Nessus version : 4.4.1 (Build 15078) Plugin feed version : 201109021336 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 192.168.1.150 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes CGI scanning : enabled Web application tests : enabled Web app tests - Test mode : some_pairs Web app tests - Send POST requests : no Web app tests - Maximum run time : 60 minutes. Web app tests - Stop at first flaw : CGI Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : 2011/9/2 21:33 Scan duration : 3500 sec Plugin Output Information about this scan : Nessus version : 4.4.1 (Build 15078) Plugin feed version : 201109021336 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 192.168.1.150 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes CGI scanning : enabled Web application tests : enabled Web app tests - Test mode : some_pairs Web app tests - Send POST requests : no Web app tests - Maximum run time : 60 minutes. Web app tests - Stop at first flaw : CGI Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : 2011/9/2 21:33 Scan duration : 3492 sec Description This script displays, for each tested host, information about the scan itself: - The version of the plugin set - The type of plugin feed (HomeFeed or ProfessionalFeed) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel Solution n/a Risk Factor None Plugin publication date: 2005/08/26 Plugin last modification date: 2011/03/19 PORT DCE-RPC (1031/TCP) Plugin ID: 10736 DCE Services Enumeration Synopsis A DCE/RPC service is running on the remote host. List of Hosts Plugin Output The following DCERPC services are available on TCP port 1031 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1031 IP : 192.168.1.150 Plugin Output The following DCERPC services are available on TCP port 1031 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1031 IP : 192.168.1.150 Description By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Solution N/A Risk Factor None Plugin publication date: 2001/08/26 Plugin last modification date: 2011/03/04 PORT DCE-RPC (1030/TCP) Plugin ID: 10736 DCE Services Enumeration Synopsis A DCE/RPC service is running on the remote host. List of Hosts Plugin Output The following DCERPC services are available on TCP port 1030 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 1030 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service TCP Port : 1030 IP : 192.168.1.150 Plugin Output The following DCERPC services are available on TCP port 1030 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service TCP Port : 1030 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service TCP Port : 1030 IP : 192.168.1.150 Description By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Solution N/A Risk Factor None Plugin publication date: 2001/08/26 Plugin last modification date: 2011/03/04 PORT DCE-RPC (1027/TCP) Plugin ID: 10736 DCE Services Enumeration Synopsis A DCE/RPC service is running on the remote host. List of Hosts Plugin Output The following DCERPC services are available on TCP port 1027 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Plugin Output The following DCERPC services are available on TCP port 1027 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service TCP Port : 1027 IP : 192.168.1.150 Description By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Solution N/A Risk Factor None Plugin publication date: 2001/08/26 Plugin last modification date: 2011/03/04 PORT DCE-RPC (1026/TCP) Plugin ID: 10736 DCE Services Enumeration Synopsis A DCE/RPC service is running on the remote host. List of Hosts Plugin Output The following DCERPC services are available on TCP port 1026 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Plugin Output The following DCERPC services are available on TCP port 1026 : Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Remote RPC service TCP Port : 1026 IP : 192.168.1.150 Description By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Solution N/A Risk Factor None Plugin publication date: 2001/08/26 Plugin last modification date: 2011/03/04 PORT DCE-RPC (1025/TCP) Plugin ID: 10736 DCE Services Enumeration Synopsis A DCE/RPC service is running on the remote host. List of Hosts Plugin Output The following DCERPC services are available on TCP port 1025 : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1025 IP : 192.168.1.150 Plugin Output The following DCERPC services are available on TCP port 1025 : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service TCP Port : 1025 IP : 192.168.1.150 Description By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Solution N/A Risk Factor None Plugin publication date: 2001/08/26 Plugin last modification date: 2011/03/04 PORT CIFS (445/TCP) Plugin ID: 10736 DCE Services Enumeration Synopsis A DCE/RPC service is running on the remote host. List of Hosts Plugin Output The following DCERPC services are available remotely : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\SEBASTIAN-PC Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 Description : Unknown RPC service Annotation : PcaSvc Type : Remote RPC service Named pipe : \pipe\trkwks Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\trkwks Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Plugin Output The following DCERPC services are available remotely : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\SEBASTIAN-PC Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\InitShutdown Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 Description : Unknown RPC service Annotation : PcaSvc Type : Remote RPC service Named pipe : \pipe\trkwks Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \pipe\trkwks Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service Named pipe : \pipe\lsass Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Remote RPC service Named pipe : \PIPE\protected_storage Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\atsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\srvsvc Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Remote RPC service Named pipe : \PIPE\browser Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Remote RPC service Named pipe : \pipe\eventlog Netbios name : \\SEBASTIAN-PC Description By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Solution N/A Risk Factor None Plugin publication date: 2001/08/26 Plugin last modification date: 2011/03/04 PORT EPMAP (135/TCP) Plugin ID: 10736 DCE Services Enumeration Synopsis A DCE/RPC service is running on the remote host. List of Hosts Plugin Output The following DCERPC services are available locally : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc075200 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc075200 Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-6406872cc7296bea43 Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 Description : Unknown RPC service Annotation : Secure Desktop LRPC interface Type : Local RPC service Named pipe : WMsgKRpc08B8E1 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc08B8E1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0 Description : SSDP service Windows process : unknow Type : Local RPC service Named pipe : LRPC-28a0cb6c59d12ceaf2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.transport Type : Local RPC service Named pipe : LRPC-28a0cb6c59d12ceaf2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.transport Type : Local RPC service Named pipe : OLE6FF141BFDF404A35BA96CA8B0135 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.transport Type : Local RPC service Named pipe : wcncsvc.transport Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : LRPC-28a0cb6c59d12ceaf2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : OLE6FF141BFDF404A35BA96CA8B0135 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : wcncsvc.transport Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : wcncsvc.wcnprpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8174bb16-571b-4c38-8386-1102b449044a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-ca960d188555e5aabd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a2d47257-12f7-4beb-8981-0ebfa935c407, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-ca960d188555e5aabd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3f31c91e-2545-4b7b-9311-9529e8bffef6, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-ca960d188555e5aabd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 Description : Unknown RPC service Annotation : PcaSvc Type : Local RPC service Named pipe : OLE3140BF4E6C574AF2BAA193F55A91 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 Description : Unknown RPC service Annotation : PcaSvc Type : Local RPC service Named pipe : trkwks Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE3140BF4E6C574AF2BAA193F55A91 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : trkwks Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76209fe5-9049-4336-ba84-632d907cb154, version 1.0 Description : Unknown RPC service Annotation : Interprocess Logon Service Type : Local RPC service Named pipe : OLE8735EDF911B847989695BC20AD77 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76209fe5-9049-4336-ba84-632d907cb154, version 1.0 Description : Unknown RPC service Annotation : Interprocess Logon Service Type : Local RPC service Named pipe : ReportingServices$MSRS10_50.SQLSERVER2008 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : LRPC-97c6d4d88c1e4199d5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LRPC-34e8d8bd10a9a94b85 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : LRPC-34e8d8bd10a9a94b85 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 Description : Unknown RPC service Annotation : Base Firewall Engine API Type : Local RPC service Named pipe : LRPC-1ff36418342060ced8 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-1ff36418342060ced8 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-1ff36418342060ced8 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Annotation : Spooler function endpoint Type : Local RPC service Named pipe : spoolss Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Annotation : Spooler base remote object endpoint Type : Local RPC service Named pipe : spoolss Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Annotation : Spooler function endpoint Type : Local RPC service Named pipe : spoolss Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : OLEFA58A724D35B4E5AB757CA9D2647 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : LRPC-86889f440ff097d4f3 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : OLEFA58A724D35B4E5AB757CA9D2647 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : LRPC-86889f440ff097d4f3 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 666f7270-6c69-7365-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 666f7270-6c69-7365-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : dhcpcsvc Plugin Output The following DCERPC services are available locally : Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc075200 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WindowsShutdown Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc075200 Object UUID : 6d726574-7273-0076-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-6406872cc7296bea43 Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 Description : Unknown RPC service Annotation : Secure Desktop LRPC interface Type : Local RPC service Named pipe : WMsgKRpc08B8E1 Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : WMsgKRpc08B8E1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0 Description : SSDP service Windows process : unknow Type : Local RPC service Named pipe : LRPC-28a0cb6c59d12ceaf2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.transport Type : Local RPC service Named pipe : LRPC-28a0cb6c59d12ceaf2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.transport Type : Local RPC service Named pipe : OLE6FF141BFDF404A35BA96CA8B0135 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.transport Type : Local RPC service Named pipe : wcncsvc.transport Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : LRPC-28a0cb6c59d12ceaf2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : OLE6FF141BFDF404A35BA96CA8B0135 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : wcncsvc.transport Object UUID : 00000000-0000-0000-0000-000000000000 UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0 Description : Unknown RPC service Annotation : wcncsvc.wcnprpc Type : Local RPC service Named pipe : wcncsvc.wcnprpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 8174bb16-571b-4c38-8386-1102b449044a, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-ca960d188555e5aabd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : a2d47257-12f7-4beb-8981-0ebfa935c407, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-ca960d188555e5aabd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3f31c91e-2545-4b7b-9311-9529e8bffef6, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-ca960d188555e5aabd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 Description : Unknown RPC service Annotation : PcaSvc Type : Local RPC service Named pipe : OLE3140BF4E6C574AF2BAA193F55A91 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 Description : Unknown RPC service Annotation : PcaSvc Type : Local RPC service Named pipe : trkwks Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE3140BF4E6C574AF2BAA193F55A91 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : trkwks Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76209fe5-9049-4336-ba84-632d907cb154, version 1.0 Description : Unknown RPC service Annotation : Interprocess Logon Service Type : Local RPC service Named pipe : OLE8735EDF911B847989695BC20AD77 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 76209fe5-9049-4336-ba84-632d907cb154, version 1.0 Description : Unknown RPC service Annotation : Interprocess Logon Service Type : Local RPC service Named pipe : ReportingServices$MSRS10_50.SQLSERVER2008 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 Description : IPsec Services (Windows XP & 2003) Windows process : lsass.exe Annotation : IPSec Policy agent endpoint Type : Local RPC service Named pipe : LRPC-97c6d4d88c1e4199d5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LRPC-34e8d8bd10a9a94b85 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 Description : Security Account Manager Windows process : lsass.exe Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : LRPC-34e8d8bd10a9a94b85 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : audit Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : securityevent Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : LSARPC_ENDPOINT Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : lsapolicylookup Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : lsasspirpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : protected_storage Object UUID : 00000000-0000-0000-0000-000000000000 UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0 Description : Unknown RPC service Annotation : KeyIso Type : Local RPC service Named pipe : samss lpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 Description : Unknown RPC service Annotation : Base Firewall Engine API Type : Local RPC service Named pipe : LRPC-1ff36418342060ced8 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-1ff36418342060ced8 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 Description : Unknown RPC service Annotation : Fw APIs Type : Local RPC service Named pipe : LRPC-1ff36418342060ced8 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 Description : Unknown RPC service Annotation : Spooler function endpoint Type : Local RPC service Named pipe : spoolss Object UUID : 00000000-0000-0000-0000-000000000000 UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 Description : Unknown RPC service Annotation : Spooler base remote object endpoint Type : Local RPC service Named pipe : spoolss Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 Description : Unknown RPC service Annotation : Spooler function endpoint Type : Local RPC service Named pipe : spoolss Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : OLEFA58A724D35B4E5AB757CA9D2647 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 Description : Unknown RPC service Annotation : NSI server endpoint Type : Local RPC service Named pipe : LRPC-86889f440ff097d4f3 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : OLEFA58A724D35B4E5AB757CA9D2647 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 Description : Unknown RPC service Annotation : WinHttp Auto-Proxy Service Type : Local RPC service Named pipe : LRPC-86889f440ff097d4f3 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 6c637067-6569-746e-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 666f7270-6c69-7365-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 666f7270-6c69-7365-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 736e6573-0000-0000-0000-000000000000 UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 Description : Unknown RPC service Annotation : Impl friendly name Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 Description : Scheduler Service Windows process : svchost.exe Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 Description : Unknown RPC service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 Description : Unknown RPC service Annotation : IP Transition Configuration endpoint Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 Description : Unknown RPC service Annotation : XactSrv service Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : IUserProfile2 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : LRPC-996b579679a6ebebfd Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : OLE44744EA652934382B72F6D20C8C1 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 Description : Unknown RPC service Annotation : AppInfo Type : Local RPC service Named pipe : senssvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 Description : Unknown RPC service Annotation : Event log TCPIP Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 Description : Unknown RPC service Annotation : NRP server endpoint Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 Description : Unknown RPC service Annotation : DHCPv6 Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 Description : DHCP Client Service Windows process : svchost.exe Annotation : DHCP Client LRPC Endpoint Type : Local RPC service Named pipe : dhcpcsvc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : eventlog Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : AudioClientRpc Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : Audiosrv Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : OLE352D50CF54CA471BA134987C35A5 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : dhcpcsvc6 Object UUID : 00000000-0000-0000-0000-000000000000 UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 Description : Unknown RPC service Annotation : Security Center Type : Local RPC service Named pipe : dhcpcsvc Description By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. Solution N/A Risk Factor None Plugin publication date: 2001/08/26 Plugin last modification date: 2011/03/04 PORT WWW (8834/TCP) Plugin ID: 10386 Web Server No 404 Error Code Check Synopsis The remote web server does not return 404 error codes. List of Hosts Plugin Output The following title tag will be used : 200 Unauthorized Plugin Output The following title tag will be used : 200 Unauthorized Description The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate. Solution n/a Risk Factor None Plugin publication date: 2000/04/28 Plugin last modification date: 2011/08/13 PORT WWW (8834/TCP) Plugin ID: 51192 SSL Certificate signed with an unknown Certificate Authority Synopsis The SSL certificate for this service is signed by an unknown certificate authority. List of Hosts Plugin Output *** ERROR: Unknown root CA in the chain: Organization: Nessus Users United Organization Unit: Nessus Certification Authority Locality: New York Country: US State/Province: NY Common Name: Nessus Certification Authority Certificate chain: |-Organization: Nessus Users United |-Organization Unit: Nessus Certification Authority |-Locality: New York |-Country: US |-State/Province: NY |-Common Name: Nessus Certification Authority | |--Organization: Nessus Users United |--Organization Unit: Nessus Server |--Locality: New York |--Country: US |--State/Province: NY |--Common Name: Sebastian-PC | Plugin Output *** ERROR: Unknown root CA in the chain: Organization: Nessus Users United Organization Unit: Nessus Certification Authority Locality: New York Country: US State/Province: NY Common Name: Nessus Certification Authority Certificate chain: |-Organization: Nessus Users United |-Organization Unit: Nessus Certification Authority |-Locality: New York |-Country: US |-State/Province: NY |-Common Name: Nessus Certification Authority | |--Organization: Nessus Users United |--Organization Unit: Nessus Server |--Locality: New York |--Country: US |--State/Province: NY |--Common Name: Sebastian-PC | Description The X.509 certificate of the remote host is not signed by a known public certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man in the middle attack against the remote host. Solution Purchase or generate a proper certificate for this service. Risk Factor Medium/ CVSS Base Score: 6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N) Plugin publication date: 2010/12/15 Plugin last modification date: 2011/05/26 PORT NESSUS (1241/TCP) Plugin ID: 51192 SSL Certificate signed with an unknown Certificate Authority Synopsis The SSL certificate for this service is signed by an unknown certificate authority. List of Hosts Plugin Output *** ERROR: Unknown root CA in the chain: Organization: Nessus Users United Organization Unit: Nessus Certification Authority Locality: New York Country: US State/Province: NY Common Name: Nessus Certification Authority Certificate chain: |-Organization: Nessus Users United |-Organization Unit: Nessus Certification Authority |-Locality: New York |-Country: US |-State/Province: NY |-Common Name: Nessus Certification Authority | |--Organization: Nessus Users United |--Organization Unit: Nessus Server |--Locality: New York |--Country: US |--State/Province: NY |--Common Name: Sebastian-PC | Plugin Output *** ERROR: Unknown root CA in the chain: Organization: Nessus Users United Organization Unit: Nessus Certification Authority Locality: New York Country: US State/Province: NY Common Name: Nessus Certification Authority Certificate chain: |-Organization: Nessus Users United |-Organization Unit: Nessus Certification Authority |-Locality: New York |-Country: US |-State/Province: NY |-Common Name: Nessus Certification Authority | |--Organization: Nessus Users United |--Organization Unit: Nessus Server |--Locality: New York |--Country: US |--State/Province: NY |--Common Name: Sebastian-PC | Description The X.509 certificate of the remote host is not signed by a known public certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man in the middle attack against the remote host. Solution Purchase or generate a proper certificate for this service. Risk Factor Medium/ CVSS Base Score: 6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N) Plugin publication date: 2010/12/15 Plugin last modification date: 2011/05/26 PORT WWW (443/TCP) Plugin ID: 51192 SSL Certificate signed with an unknown Certificate Authority Synopsis The SSL certificate for this service is signed by an unknown certificate authority. List of Hosts Plugin Output *** ERROR: Unknown root CA in the chain: Common Name: Sebastian-PC Certificate chain: |-Common Name: Sebastian-PC | Plugin Output *** ERROR: Unknown root CA in the chain: Common Name: Sebastian-PC Certificate chain: |-Common Name: Sebastian-PC | Description The X.509 certificate of the remote host is not signed by a known public certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man in the middle attack against the remote host. Solution Purchase or generate a proper certificate for this service. Risk Factor Medium/ CVSS Base Score: 6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N) Plugin publication date: 2010/12/15 Plugin last modification date: 2011/05/26 PORT WWW (8834/TCP) Plugin ID: 21643 SSL Cipher Suites Supported Synopsis The remote service encrypts communications using SSL. List of Hosts Plugin Output Here is the list of SSL ciphers supported by the remote server : High Strength Ciphers (>= 112-bit key) SSLv3 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} Description This script detects which SSL ciphers are supported by the remote service for encrypting communications. Solution n/a See also http://www.openssl.org/docs/apps/ciphers.html Risk Factor None Plugin publication date: 2006/06/05 Plugin last modification date: 2011/06/07 PORT WWW (443/TCP) Plugin ID: 21643 SSL Cipher Suites Supported Synopsis The remote service encrypts communications using SSL. List of Hosts Plugin Output Here is the list of SSL ciphers supported by the remote server : High Strength Ciphers (>= 112-bit key) SSLv3 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} Plugin Output Here is the list of SSL ciphers supported by the remote server : High Strength Ciphers (>= 112-bit key) SSLv3 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 TLSv1 ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} Description This script detects which SSL ciphers are supported by the remote service for encrypting communications. Solution n/a See also http://www.openssl.org/docs/apps/ciphers.html Risk Factor None Plugin publication date: 2006/06/05 Plugin last modification date: 2011/06/07 PORT WWW (8834/TCP) Plugin ID: 33817 Web Application Tests : Load Estimation Synopsis Load estimation for web application tests. List of Hosts Plugin Output Here are the estimated number of requests in miscellaneous modes for the GET method only : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] arbitrary command execution (time based) : S=6 SP=6 AP=6 SC=6 AC=6 arbitrary command execution : S=16 SP=16 AP=16 SC=16 AC=16 format string : S=2 SP=2 AP=2 SC=2 AC=2 SSI injection : S=3 SP=3 AP=3 SC=3 AC=3 unseen parameters : S=35 SP=35 AP=35 SC=35 AC=35 SQL injection (2nd order) : S=1 SP=1 AP=1 SC=1 AC=1 blind SQL injection (4 requests) : S=4 SP=4 AP=4 SC=4 AC=4 blind SQL injection : S=12 SP=12 AP=12 SC=12 AC=12 SQL injection : S=24 SP=24 AP=24 SC=24 AC=24 directory traversal (extended test) : S=51 SP=51 AP=51 SC=51 AC=51 directory traversal : S=25 SP=25 AP=25 SC=25 AC=25 directory traversal (write access) : S=2 SP=2 AP=2 SC=2 AC=2 local file inclusion : S=1 SP=1 AP=1 SC=1 AC=1 web code injection : S=1 SP=1 AP=1 SC=1 AC=1 cross-site scripting (comprehensive test): S=4 SP=4 AP=4 SC=4 AC=4 DOM XSS : S=1 SP=1 AP=1 SC=1 AC=1 persistent XSS : S=4 SP=4 AP=4 SC=4 AC=4 injectable parameter : S=2 SP=2 AP=2 SC=2 AC=2 XML injection : S=1 SP=1 AP=1 SC=1 AC=1 All tests : S=195 SP=195 AP=195 SC=195 AC=195 Here are the estimated number of requests in miscellaneous modes for both methods (GET & POST) : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] arbitrary command execution (time based) : S=12 SP=12 AP=12 SC=12 AC=12 arbitrary command execution : S=32 SP=32 AP=32 SC=32 AC=32 format string : S=4 SP=4 AP=4 SC=4 AC=4 SSI injection : S=6 SP=6 AP=6 SC=6 AC=6 unseen parameters : S=70 SP=70 AP=70 SC=70 AC=70 SQL injection (2nd order) : S=2 SP=2 AP=2 SC=2 AC=2 blind SQL injection (4 requests) : S=8 SP=8 AP=8 SC=8 AC=8 blind SQL injection : S=24 SP=24 AP=24 SC=24 AC=24 SQL injection : S=48 SP=48 AP=48 SC=48 AC=48 directory traversal (extended test) : S=102 SP=102 AP=102 SC=102 AC=102 directory traversal : S=50 SP=50 AP=50 SC=50 AC=50 directory traversal (write access) : S=4 SP=4 AP=4 SC=4 AC=4 local file inclusion : S=2 SP=2 AP=2 SC=2 AC=2 web code injection : S=2 SP=2 AP=2 SC=2 AC=2 cross-site scripting (comprehensive test): S=8 SP=8 AP=8 SC=8 AC=8 DOM XSS : S=2 SP=2 AP=2 SC=2 AC=2 persistent XSS : S=8 SP=8 AP=8 SC=8 AC=8 injectable parameter : S=4 SP=4 AP=4 SC=4 AC=4 XML injection : S=2 SP=2 AP=2 SC=2 AC=2 All tests : S=390 SP=390 AP=390 SC=390 AC=390 Your mode : some_pairs, GET only. Maximum number of requests : 195 Plugin Output Here are the estimated number of requests in miscellaneous modes for the GET method only : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] arbitrary command execution (time based) : S=6 SP=6 AP=6 SC=6 AC=6 arbitrary command execution : S=16 SP=16 AP=16 SC=16 AC=16 format string : S=2 SP=2 AP=2 SC=2 AC=2 SSI injection : S=3 SP=3 AP=3 SC=3 AC=3 unseen parameters : S=35 SP=35 AP=35 SC=35 AC=35 SQL injection (2nd order) : S=1 SP=1 AP=1 SC=1 AC=1 blind SQL injection (4 requests) : S=4 SP=4 AP=4 SC=4 AC=4 blind SQL injection : S=12 SP=12 AP=12 SC=12 AC=12 SQL injection : S=24 SP=24 AP=24 SC=24 AC=24 directory traversal (extended test) : S=51 SP=51 AP=51 SC=51 AC=51 directory traversal : S=25 SP=25 AP=25 SC=25 AC=25 directory traversal (write access) : S=2 SP=2 AP=2 SC=2 AC=2 local file inclusion : S=1 SP=1 AP=1 SC=1 AC=1 web code injection : S=1 SP=1 AP=1 SC=1 AC=1 cross-site scripting (comprehensive test): S=4 SP=4 AP=4 SC=4 AC=4 DOM XSS : S=1 SP=1 AP=1 SC=1 AC=1 persistent XSS : S=4 SP=4 AP=4 SC=4 AC=4 injectable parameter : S=2 SP=2 AP=2 SC=2 AC=2 XML injection : S=1 SP=1 AP=1 SC=1 AC=1 All tests : S=195 SP=195 AP=195 SC=195 AC=195 Here are the estimated number of requests in miscellaneous modes for both methods (GET & POST) : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] arbitrary command execution (time based) : S=12 SP=12 AP=12 SC=12 AC=12 arbitrary command execution : S=32 SP=32 AP=32 SC=32 AC=32 format string : S=4 SP=4 AP=4 SC=4 AC=4 SSI injection : S=6 SP=6 AP=6 SC=6 AC=6 unseen parameters : S=70 SP=70 AP=70 SC=70 AC=70 SQL injection (2nd order) : S=2 SP=2 AP=2 SC=2 AC=2 blind SQL injection (4 requests) : S=8 SP=8 AP=8 SC=8 AC=8 blind SQL injection : S=24 SP=24 AP=24 SC=24 AC=24 SQL injection : S=48 SP=48 AP=48 SC=48 AC=48 directory traversal (extended test) : S=102 SP=102 AP=102 SC=102 AC=102 directory traversal : S=50 SP=50 AP=50 SC=50 AC=50 directory traversal (write access) : S=4 SP=4 AP=4 SC=4 AC=4 local file inclusion : S=2 SP=2 AP=2 SC=2 AC=2 web code injection : S=2 SP=2 AP=2 SC=2 AC=2 cross-site scripting (comprehensive test): S=8 SP=8 AP=8 SC=8 AC=8 DOM XSS : S=2 SP=2 AP=2 SC=2 AC=2 persistent XSS : S=8 SP=8 AP=8 SC=8 AC=8 injectable parameter : S=4 SP=4 AP=4 SC=4 AC=4 XML injection : S=2 SP=2 AP=2 SC=2 AC=2 All tests : S=390 SP=390 AP=390 SC=390 AC=390 Your mode : some_pairs, GET only. Maximum number of requests : 195 Description This script computes the maximum number of requests that would be done by the generic web tests, depending on miscellaneous options. It does not perform any test by itself. The results can be used to estimate the duration of these tests, or the complexity of additional manual tests. Note that the script does not try to compute this duration based on external factors such as the network and web servers loads. Solution n/a Risk Factor None Plugin publication date: 2009/10/26 Plugin last modification date: 2011/08/18 PORT WWW (443/TCP) Plugin ID: 33817 Web Application Tests : Load Estimation Synopsis Load estimation for web application tests. List of Hosts Plugin Output Here are the estimated number of requests in miscellaneous modes for the GET method only : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTTP response splitting : S=207 SP=927 AP=927 SC=6831 AC=6831 on site request forgery : S=23 SP=103 AP=103 SC=759 AC=759 cross-site scripting (extended patterns) : S=138 SP=618 AP=618 SC=4554 AC=4554 script injection : S=23 SP=103 AP=103 SC=759 AC=759 HTML injection : S=115 SP=515 AP=515 SC=3795 AC=3795 arbitrary command execution (time based) : S=264 SP=1452 AP=1500 SC=27810 AC=27858 arbitrary command execution : S=704 SP=3872 AP=4000 SC=74160 AC=74288 format string : S=88 SP=484 AP=500 SC=9270 AC=9286 SSI injection : S=132 SP=726 AP=750 SC=13905 AC=13929 unseen parameters : S=1540 SP=8470 AP=8750 SC=162225 AC=162505 SQL injection (2nd order) : S=44 SP=242 AP=250 SC=4635 AC=4643 blind SQL injection (4 requests) : S=176 SP=968 AP=1000 SC=18540 AC=18572 blind SQL injection : S=528 SP=2904 AP=3000 SC=55620 AC=55716 SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 directory traversal (extended test) : S=2244 SP=12342 AP=12750 SC=236385 AC=236793 directory traversal : S=1100 SP=6050 AP=6250 SC=115875 AC=116075 directory traversal (write access) : S=88 SP=484 AP=500 SC=9270 AC=9286 local file inclusion : S=44 SP=242 AP=250 SC=4635 AC=4643 web code injection : S=44 SP=242 AP=250 SC=4635 AC=4643 cross-site scripting (comprehensive test): S=176 SP=968 AP=1000 SC=18540 AC=18572 DOM XSS : S=44 SP=242 AP=250 SC=4635 AC=4643 persistent XSS : S=176 SP=968 AP=1000 SC=18540 AC=18572 injectable parameter : S=88 SP=484 AP=500 SC=9270 AC=9286 XML injection : S=44 SP=242 AP=250 SC=4635 AC=4643 All tests : S=9132 SP=49662 AP=51222 SC=922041 AC=923601 Here are the estimated number of requests in miscellaneous modes for both methods (GET & POST) : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=92 SP=412 AP=412 SC=3036 AC=3036 HTTP response splitting : S=414 SP=1854 AP=1854 SC=13662 AC=13662 on site request forgery : S=46 SP=206 AP=206 SC=1518 AC=1518 cross-site scripting (extended patterns) : S=276 SP=1236 AP=1236 SC=9108 AC=9108 script injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTML injection : S=230 SP=1030 AP=1030 SC=7590 AC=7590 arbitrary command execution (time based) : S=528 SP=2904 AP=3000 SC=55620 AC=55716 arbitrary command execution : S=1408 SP=7744 AP=8000 SC=148320 AC=148576 format string : S=176 SP=968 AP=1000 SC=18540 AC=18572 SSI injection : S=264 SP=1452 AP=1500 SC=27810 AC=27858 unseen parameters : S=3080 SP=16940 AP=17500 SC=324450 AC=325010 SQL injection (2nd order) : S=88 SP=484 AP=500 SC=9270 AC=9286 blind SQL injection (4 requests) : S=352 SP=1936 AP=2000 SC=37080 AC=37144 blind SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 SQL injection : S=2112 SP=11616 AP=12000 SC=222480 AC=222864 directory traversal (extended test) : S=4488 SP=24684 AP=25500 SC=472770 AC=473586 directory traversal : S=2200 SP=12100 AP=12500 SC=231750 AC=232150 directory traversal (write access) : S=176 SP=968 AP=1000 SC=18540 AC=18572 local file inclusion : S=88 SP=484 AP=500 SC=9270 AC=9286 web code injection : S=88 SP=484 AP=500 SC=9270 AC=9286 cross-site scripting (comprehensive test): S=352 SP=1936 AP=2000 SC=37080 AC=37144 DOM XSS : S=88 SP=484 AP=500 SC=9270 AC=9286 persistent XSS : S=352 SP=1936 AP=2000 SC=37080 AC=37144 injectable parameter : S=176 SP=968 AP=1000 SC=18540 AC=18572 XML injection : S=88 SP=484 AP=500 SC=9270 AC=9286 All tests : S=18264 SP=99324 AP=102444 SC=1844082 AC=1847202 Your mode : some_pairs, GET only. Maximum number of requests : 49662 Plugin Output Here are the estimated number of requests in miscellaneous modes for the GET method only : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTTP response splitting : S=207 SP=927 AP=927 SC=6831 AC=6831 on site request forgery : S=23 SP=103 AP=103 SC=759 AC=759 cross-site scripting (extended patterns) : S=138 SP=618 AP=618 SC=4554 AC=4554 script injection : S=23 SP=103 AP=103 SC=759 AC=759 HTML injection : S=115 SP=515 AP=515 SC=3795 AC=3795 arbitrary command execution (time based) : S=264 SP=1452 AP=1500 SC=27810 AC=27858 arbitrary command execution : S=704 SP=3872 AP=4000 SC=74160 AC=74288 format string : S=88 SP=484 AP=500 SC=9270 AC=9286 SSI injection : S=132 SP=726 AP=750 SC=13905 AC=13929 unseen parameters : S=1540 SP=8470 AP=8750 SC=162225 AC=162505 SQL injection (2nd order) : S=44 SP=242 AP=250 SC=4635 AC=4643 blind SQL injection (4 requests) : S=176 SP=968 AP=1000 SC=18540 AC=18572 blind SQL injection : S=528 SP=2904 AP=3000 SC=55620 AC=55716 SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 directory traversal (extended test) : S=2244 SP=12342 AP=12750 SC=236385 AC=236793 directory traversal : S=1100 SP=6050 AP=6250 SC=115875 AC=116075 directory traversal (write access) : S=88 SP=484 AP=500 SC=9270 AC=9286 local file inclusion : S=44 SP=242 AP=250 SC=4635 AC=4643 web code injection : S=44 SP=242 AP=250 SC=4635 AC=4643 cross-site scripting (comprehensive test): S=176 SP=968 AP=1000 SC=18540 AC=18572 DOM XSS : S=44 SP=242 AP=250 SC=4635 AC=4643 persistent XSS : S=176 SP=968 AP=1000 SC=18540 AC=18572 injectable parameter : S=88 SP=484 AP=500 SC=9270 AC=9286 XML injection : S=44 SP=242 AP=250 SC=4635 AC=4643 All tests : S=9132 SP=49662 AP=51222 SC=922041 AC=923601 Here are the estimated number of requests in miscellaneous modes for both methods (GET & POST) : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=92 SP=412 AP=412 SC=3036 AC=3036 HTTP response splitting : S=414 SP=1854 AP=1854 SC=13662 AC=13662 on site request forgery : S=46 SP=206 AP=206 SC=1518 AC=1518 cross-site scripting (extended patterns) : S=276 SP=1236 AP=1236 SC=9108 AC=9108 script injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTML injection : S=230 SP=1030 AP=1030 SC=7590 AC=7590 arbitrary command execution (time based) : S=528 SP=2904 AP=3000 SC=55620 AC=55716 arbitrary command execution : S=1408 SP=7744 AP=8000 SC=148320 AC=148576 format string : S=176 SP=968 AP=1000 SC=18540 AC=18572 SSI injection : S=264 SP=1452 AP=1500 SC=27810 AC=27858 unseen parameters : S=3080 SP=16940 AP=17500 SC=324450 AC=325010 SQL injection (2nd order) : S=88 SP=484 AP=500 SC=9270 AC=9286 blind SQL injection (4 requests) : S=352 SP=1936 AP=2000 SC=37080 AC=37144 blind SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 SQL injection : S=2112 SP=11616 AP=12000 SC=222480 AC=222864 directory traversal (extended test) : S=4488 SP=24684 AP=25500 SC=472770 AC=473586 directory traversal : S=2200 SP=12100 AP=12500 SC=231750 AC=232150 directory traversal (write access) : S=176 SP=968 AP=1000 SC=18540 AC=18572 local file inclusion : S=88 SP=484 AP=500 SC=9270 AC=9286 web code injection : S=88 SP=484 AP=500 SC=9270 AC=9286 cross-site scripting (comprehensive test): S=352 SP=1936 AP=2000 SC=37080 AC=37144 DOM XSS : S=88 SP=484 AP=500 SC=9270 AC=9286 persistent XSS : S=352 SP=1936 AP=2000 SC=37080 AC=37144 injectable parameter : S=176 SP=968 AP=1000 SC=18540 AC=18572 XML injection : S=88 SP=484 AP=500 SC=9270 AC=9286 All tests : S=18264 SP=99324 AP=102444 SC=1844082 AC=1847202 Your mode : some_pairs, GET only. Maximum number of requests : 49662 Description This script computes the maximum number of requests that would be done by the generic web tests, depending on miscellaneous options. It does not perform any test by itself. The results can be used to estimate the duration of these tests, or the complexity of additional manual tests. Note that the script does not try to compute this duration based on external factors such as the network and web servers loads. Solution n/a Risk Factor None Plugin publication date: 2009/10/26 Plugin last modification date: 2011/08/18 PORT WWW (80/TCP) Plugin ID: 33817 Web Application Tests : Load Estimation Synopsis Load estimation for web application tests. List of Hosts Plugin Output Here are the estimated number of requests in miscellaneous modes for the GET method only : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTTP response splitting : S=207 SP=927 AP=927 SC=6831 AC=6831 on site request forgery : S=23 SP=103 AP=103 SC=759 AC=759 cross-site scripting (extended patterns) : S=138 SP=618 AP=618 SC=4554 AC=4554 script injection : S=23 SP=103 AP=103 SC=759 AC=759 HTML injection : S=115 SP=515 AP=515 SC=3795 AC=3795 arbitrary command execution (time based) : S=264 SP=1452 AP=1500 SC=27810 AC=27858 arbitrary command execution : S=704 SP=3872 AP=4000 SC=74160 AC=74288 format string : S=88 SP=484 AP=500 SC=9270 AC=9286 SSI injection : S=132 SP=726 AP=750 SC=13905 AC=13929 unseen parameters : S=1540 SP=8470 AP=8750 SC=162225 AC=162505 SQL injection (2nd order) : S=44 SP=242 AP=250 SC=4635 AC=4643 blind SQL injection (4 requests) : S=176 SP=968 AP=1000 SC=18540 AC=18572 blind SQL injection : S=528 SP=2904 AP=3000 SC=55620 AC=55716 SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 directory traversal (extended test) : S=2244 SP=12342 AP=12750 SC=236385 AC=236793 directory traversal : S=1100 SP=6050 AP=6250 SC=115875 AC=116075 directory traversal (write access) : S=88 SP=484 AP=500 SC=9270 AC=9286 local file inclusion : S=44 SP=242 AP=250 SC=4635 AC=4643 web code injection : S=44 SP=242 AP=250 SC=4635 AC=4643 cross-site scripting (comprehensive test): S=176 SP=968 AP=1000 SC=18540 AC=18572 DOM XSS : S=44 SP=242 AP=250 SC=4635 AC=4643 persistent XSS : S=176 SP=968 AP=1000 SC=18540 AC=18572 injectable parameter : S=88 SP=484 AP=500 SC=9270 AC=9286 XML injection : S=44 SP=242 AP=250 SC=4635 AC=4643 All tests : S=9132 SP=49662 AP=51222 SC=922041 AC=923601 Here are the estimated number of requests in miscellaneous modes for both methods (GET & POST) : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=92 SP=412 AP=412 SC=3036 AC=3036 HTTP response splitting : S=414 SP=1854 AP=1854 SC=13662 AC=13662 on site request forgery : S=46 SP=206 AP=206 SC=1518 AC=1518 cross-site scripting (extended patterns) : S=276 SP=1236 AP=1236 SC=9108 AC=9108 script injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTML injection : S=230 SP=1030 AP=1030 SC=7590 AC=7590 arbitrary command execution (time based) : S=528 SP=2904 AP=3000 SC=55620 AC=55716 arbitrary command execution : S=1408 SP=7744 AP=8000 SC=148320 AC=148576 format string : S=176 SP=968 AP=1000 SC=18540 AC=18572 SSI injection : S=264 SP=1452 AP=1500 SC=27810 AC=27858 unseen parameters : S=3080 SP=16940 AP=17500 SC=324450 AC=325010 SQL injection (2nd order) : S=88 SP=484 AP=500 SC=9270 AC=9286 blind SQL injection (4 requests) : S=352 SP=1936 AP=2000 SC=37080 AC=37144 blind SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 SQL injection : S=2112 SP=11616 AP=12000 SC=222480 AC=222864 directory traversal (extended test) : S=4488 SP=24684 AP=25500 SC=472770 AC=473586 directory traversal : S=2200 SP=12100 AP=12500 SC=231750 AC=232150 directory traversal (write access) : S=176 SP=968 AP=1000 SC=18540 AC=18572 local file inclusion : S=88 SP=484 AP=500 SC=9270 AC=9286 web code injection : S=88 SP=484 AP=500 SC=9270 AC=9286 cross-site scripting (comprehensive test): S=352 SP=1936 AP=2000 SC=37080 AC=37144 DOM XSS : S=88 SP=484 AP=500 SC=9270 AC=9286 persistent XSS : S=352 SP=1936 AP=2000 SC=37080 AC=37144 injectable parameter : S=176 SP=968 AP=1000 SC=18540 AC=18572 XML injection : S=88 SP=484 AP=500 SC=9270 AC=9286 All tests : S=18264 SP=99324 AP=102444 SC=1844082 AC=1847202 Your mode : some_pairs, GET only. Maximum number of requests : 49662 Plugin Output Here are the estimated number of requests in miscellaneous modes for the GET method only : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTTP response splitting : S=207 SP=927 AP=927 SC=6831 AC=6831 on site request forgery : S=23 SP=103 AP=103 SC=759 AC=759 cross-site scripting (extended patterns) : S=138 SP=618 AP=618 SC=4554 AC=4554 script injection : S=23 SP=103 AP=103 SC=759 AC=759 HTML injection : S=115 SP=515 AP=515 SC=3795 AC=3795 arbitrary command execution (time based) : S=264 SP=1452 AP=1500 SC=27810 AC=27858 arbitrary command execution : S=704 SP=3872 AP=4000 SC=74160 AC=74288 format string : S=88 SP=484 AP=500 SC=9270 AC=9286 SSI injection : S=132 SP=726 AP=750 SC=13905 AC=13929 unseen parameters : S=1540 SP=8470 AP=8750 SC=162225 AC=162505 SQL injection (2nd order) : S=44 SP=242 AP=250 SC=4635 AC=4643 blind SQL injection (4 requests) : S=176 SP=968 AP=1000 SC=18540 AC=18572 blind SQL injection : S=528 SP=2904 AP=3000 SC=55620 AC=55716 SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 directory traversal (extended test) : S=2244 SP=12342 AP=12750 SC=236385 AC=236793 directory traversal : S=1100 SP=6050 AP=6250 SC=115875 AC=116075 directory traversal (write access) : S=88 SP=484 AP=500 SC=9270 AC=9286 local file inclusion : S=44 SP=242 AP=250 SC=4635 AC=4643 web code injection : S=44 SP=242 AP=250 SC=4635 AC=4643 cross-site scripting (comprehensive test): S=176 SP=968 AP=1000 SC=18540 AC=18572 DOM XSS : S=44 SP=242 AP=250 SC=4635 AC=4643 persistent XSS : S=176 SP=968 AP=1000 SC=18540 AC=18572 injectable parameter : S=88 SP=484 AP=500 SC=9270 AC=9286 XML injection : S=44 SP=242 AP=250 SC=4635 AC=4643 All tests : S=9132 SP=49662 AP=51222 SC=922041 AC=923601 Here are the estimated number of requests in miscellaneous modes for both methods (GET & POST) : [Single / Some Pairs / All Pairs / Some Combinations / All Combinations] header injection : S=92 SP=412 AP=412 SC=3036 AC=3036 HTTP response splitting : S=414 SP=1854 AP=1854 SC=13662 AC=13662 on site request forgery : S=46 SP=206 AP=206 SC=1518 AC=1518 cross-site scripting (extended patterns) : S=276 SP=1236 AP=1236 SC=9108 AC=9108 script injection : S=46 SP=206 AP=206 SC=1518 AC=1518 HTML injection : S=230 SP=1030 AP=1030 SC=7590 AC=7590 arbitrary command execution (time based) : S=528 SP=2904 AP=3000 SC=55620 AC=55716 arbitrary command execution : S=1408 SP=7744 AP=8000 SC=148320 AC=148576 format string : S=176 SP=968 AP=1000 SC=18540 AC=18572 SSI injection : S=264 SP=1452 AP=1500 SC=27810 AC=27858 unseen parameters : S=3080 SP=16940 AP=17500 SC=324450 AC=325010 SQL injection (2nd order) : S=88 SP=484 AP=500 SC=9270 AC=9286 blind SQL injection (4 requests) : S=352 SP=1936 AP=2000 SC=37080 AC=37144 blind SQL injection : S=1056 SP=5808 AP=6000 SC=111240 AC=111432 SQL injection : S=2112 SP=11616 AP=12000 SC=222480 AC=222864 directory traversal (extended test) : S=4488 SP=24684 AP=25500 SC=472770 AC=473586 directory traversal : S=2200 SP=12100 AP=12500 SC=231750 AC=232150 directory traversal (write access) : S=176 SP=968 AP=1000 SC=18540 AC=18572 local file inclusion : S=88 SP=484 AP=500 SC=9270 AC=9286 web code injection : S=88 SP=484 AP=500 SC=9270 AC=9286 cross-site scripting (comprehensive test): S=352 SP=1936 AP=2000 SC=37080 AC=37144 DOM XSS : S=88 SP=484 AP=500 SC=9270 AC=9286 persistent XSS : S=352 SP=1936 AP=2000 SC=37080 AC=37144 injectable parameter : S=176 SP=968 AP=1000 SC=18540 AC=18572 XML injection : S=88 SP=484 AP=500 SC=9270 AC=9286 All tests : S=18264 SP=99324 AP=102444 SC=1844082 AC=1847202 Your mode : some_pairs, GET only. Maximum number of requests : 49662 Description This script computes the maximum number of requests that would be done by the generic web tests, depending on miscellaneous options. It does not perform any test by itself. The results can be used to estimate the duration of these tests, or the complexity of additional manual tests. Note that the script does not try to compute this duration based on external factors such as the network and web servers loads. Solution n/a Risk Factor None Plugin publication date: 2009/10/26 Plugin last modification date: 2011/08/18 PORT IMAP (143/TCP) Plugin ID: 11414 IMAP Service Banner Retrieval Synopsis An IMAP server is running on the remote host. List of Hosts Plugin Output The remote imap server banner is : * OK IMAPrev1 Plugin Output The remote imap server banner is : * OK IMAPrev1 Description An IMAP (Internet Message Access Protocol) server is installed and running on the remote host. Solution n/a Risk Factor None Plugin publication date: 2003/03/18 Plugin last modification date: 2011/03/16 PORT CIFS (445/TCP) Plugin ID: 10394 Microsoft Windows SMB Log In Possible Synopsis It is possible to log into the remote host. List of Hosts Plugin Output - NULL sessions are enabled on the remote host Description The remote host is running Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : - NULL session - Guest account - Given Credentials Solution n/a See also http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP Risk Factor None CVE CVE-1999-0504 CVE-1999-0505 CVE-1999-0506 CVE-2000-0222 CVE-2002-1117 CVE-2005-3595 Bugtraq ID 494 990 11199 Other references OSVDB:297 OSVDB:3106 OSVDB:8230 OSVDB:10050 Vulnerability publication date: 1999/01/01 Plugin publication date: 2000/05/09 Plugin last modification date: 2011/08/15 Ease of exploitability: Exploits are available Exploitable with: Metasploit (Microsoft Windows Authenticated User Code Execution) PORT SMTP (25/TCP) Plugin ID: 10263 SMTP Server Detection Synopsis An SMTP server is listening on the remote port. List of Hosts Plugin Output Remote SMTP server banner : 220 swifpaals.dyndns-remote.com ESMTP Plugin Output Remote SMTP server banner : 220 swifpaals.dyndns-remote.com ESMTP Description The remote host is running a mail (SMTP) server on this port. Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it. Solution Disable this service if you do not use it, or filter incoming traffic to this port. Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/11 PORT NESSUS (1241/TCP) Plugin ID: 10147 Nessus Server Detection Synopsis A Nessus daemon is listening on the remote port. List of Hosts Description A Nessus daemon is listening on the remote port. It is not recommended to let anyone connect to this port. Also, make sure that the remote Nessus installation has been authorized. Solution Filter incoming traffic to this port. Risk Factor None Plugin publication date: 1999/10/12 Plugin last modification date: 2011/03/11 PORT WWW (8834/TCP) Plugin ID: 43111 HTTP Methods Allowed (per directory) Synopsis This plugin determines which HTTP methods are allowed on various CGI directories. List of Hosts Plugin Output Based on tests of each method : - HTTP methods GET HEAD POST are allowed on : / /file Plugin Output Based on tests of each method : - HTTP methods GET HEAD POST are allowed on : / /file Description By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Solution n/a Risk Factor None Plugin publication date: 2009/12/10 Plugin last modification date: 2011/07/08 PORT WWW (443/TCP) Plugin ID: 43111 HTTP Methods Allowed (per directory) Synopsis This plugin determines which HTTP methods are allowed on various CGI directories. List of Hosts Plugin Output Based on the response to an OPTIONS request : - HTTP methods GET HEAD POST TRACE OPTIONS are allowed on : / /Admin /Membership /Membership/js /admin /img /js Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT CONNECT DEBUG GET HEAD INDEX LABEL MERGE MKACTIVITY MKWORKSPACE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : / /Admin /Membership /Membership/js /admin /img /js - Invalid/unknown HTTP methods are allowed on : / /Admin /Membership /Membership/js /admin /img /js Plugin Output Based on the response to an OPTIONS request : - HTTP methods GET HEAD POST TRACE OPTIONS are allowed on : / /Admin /Membership /Membership/js /admin /img /js Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT CONNECT DEBUG GET HEAD INDEX LABEL MERGE MKACTIVITY MKWORKSPACE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : / /Admin /Membership /Membership/js /admin /img /js - Invalid/unknown HTTP methods are allowed on : / /Admin /Membership /Membership/js /admin /img /js Description By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Solution n/a Risk Factor None Plugin publication date: 2009/12/10 Plugin last modification date: 2011/07/08 PORT WWW (80/TCP) Plugin ID: 43111 HTTP Methods Allowed (per directory) Synopsis This plugin determines which HTTP methods are allowed on various CGI directories. List of Hosts Plugin Output Based on the response to an OPTIONS request : - HTTP methods GET HEAD POST TRACE OPTIONS are allowed on : / /Admin /Membership /Membership/js /admin /img /js Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT CONNECT DEBUG GET HEAD INDEX LABEL MERGE MKACTIVITY MKWORKSPACE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : / /Admin /Membership /Membership/js /admin /img /js - Invalid/unknown HTTP methods are allowed on : / /Admin /Membership /Membership/js /admin /img /js Plugin Output Based on the response to an OPTIONS request : - HTTP methods GET HEAD POST TRACE OPTIONS are allowed on : / /Admin /Membership /Membership/js /admin /img /js Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT CONNECT DEBUG GET HEAD INDEX LABEL MERGE MKACTIVITY MKWORKSPACE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : / /Admin /Membership /Membership/js /admin /img /js - Invalid/unknown HTTP methods are allowed on : / /Admin /Membership /Membership/js /admin /img /js Description By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Solution n/a Risk Factor None Plugin publication date: 2009/12/10 Plugin last modification date: 2011/07/08 Scan Time Start time: Fri Sep 02 21:33:42 2011 End time: Fri Sep 02 22:32:02 2011 Number of vulnerabilities High 0 Medium 24 Low 154 Remote Host Information Operating System: Windows 7 Professional NetBIOS name: SEBASTIAN-PC IP address: 192.168.1.150 MAC address: f4:6d:04:39:c1:c6 ^BACK

List of PlugIn IDs

Related documents

Products

Support

List of PlugIn IDs

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib