found 163.26.60.100 Low Severity problem(s) found 163.26.60.103

advertisement
List of hosts
163.26.60.1
Medium Severity
problem(s) found
163.26.60.100
Low Severity
problem(s) found
163.26.60.103
Low Severity
problem(s) found
163.26.60.104
Low Severity
problem(s) found
163.26.60.105
Low Severity
problem(s) found
163.26.60.106
Low Severity
problem(s) found
163.26.60.107
Low Severity
problem(s) found
163.26.60.108
Low Severity
problem(s) found
163.26.60.109
Low Severity
problem(s) found
163.26.60.110
Low Severity
problem(s) found
163.26.60.112
Low Severity
problem(s) found
163.26.60.113
Low Severity
problem(s) found
163.26.60.115
Medium Severity
problem(s) found
163.26.60.122
Low Severity
problem(s) found
163.26.60.124
Low Severity
problem(s) found
163.26.60.2
Medium Severity
problem(s) found
163.26.60.3
Low Severity
problem(s) found
Low Severity
163.26.60.44
problem(s) found
163.26.60.49
Low Severity
problem(s) found
163.26.60.65
Low Severity
problem(s) found
163.26.60.74
Low Severity
problem(s) found
163.26.60.80
Low Severity
problem(s) found
163.26.60.84
Low Severity
problem(s) found
163.26.60.88
Low Severity
problem(s) found
163.26.60.89
Low Severity
problem(s) found
163.26.60.90
Low Severity
problem(s) found
163.26.60.93
Low Severity
problem(s) found
163.26.60.96
Low Severity
problem(s) found
163.26.60.97
Low Severity
problem(s) found
SCAN-ERROR
High Severity
problem(s) found
[^] Back
163.26.60.1
Scan Time
Start
time :
Fri Oct 1 07:13:15
2013
End time :
Fri Oct 1 07:15:55
2013
Number of vulnerabilities
Open ports :
7
High :
0
Medium :
7
Low :
36
Remote host information
Operating
System :
Microsoft Windows
Server 2008
Enterprise Service
Pack 2
NetBIOS
name :
DNS
name :
ABRAHAM5
Abraham5
[^] Back to 163.26.60.1
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.1 : 163.26.60.115
163.26.60.1
[-/+]
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
160 sec
Plugin ID:
19506
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched on
the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the best
possible CPE based on the information available from
the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE :
cpe:/o:microsoft:windows_server_2008::sp2:enterprise
Following application CPE matched on the remote
system : cpe:/a:microsoft:iis:7.0 -> Microsoft Internet
Information Services (IIS) 7.0
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 99
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Microsoft Windows Server
2008 Enterprise Service Pack 2 Confidence Level : 99
Method : MSRPC The remote host is running Microsoft
Windows Server 2008 Enterprise Service Pack 2
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:1d:60:d7:d5:d5 : ASUSTek COMPUTER INC.
Plugin ID:
35716
Host Fully Qualified Domain Name (FQDN)
Resolution
Synopsis:
It was possible to resolve the name of the remote
host.
Description:
Nessus was able to resolve the FQDN of the remote
host.
Risk factor:
None
Solution:
n/a
Plugin output:
163.26.60.1 resolves as Abraham5.
Plugin ID:
12053
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The ICMP timestamps seem to be in little endian
format (not in network format) The difference
between the local and remote clocks is -166 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port epmap (135/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available locally :
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : dsrole Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : protected_storage Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : securityevent Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : audit Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : LRPC-373ac753e54d6b59ad Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : tapsrvlpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : unimdmsvc Object UUID :
c3353b16-e70a-48ac-9707-0cc50a30768a UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-ff7fc4db011da682bc Object
UUID : 65eb02bd-9353-4e29-a4b3-1b49fd47e7ef
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type : Local
RPC service Named pipe : LRPC-ff7fc4db011da682bc
Object UUID :
95b4bde4-0c07-4e22-9c8d-e9fd1f1f7441 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-ff7fc4db011da682bc Object
UUID : 36b91ba5-6fec-45d8-933d-a78c98e196fc
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type : Local
RPC service Named pipe : LRPC-ff7fc4db011da682bc
Object UUID :
471a1a06-1d72-42d6-86a4-e270ce678d6a UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : OLEF2775CAF76454689BC92D9E6DEC3
Object UUID :
471a1a06-1d72-42d6-86a4-e270ce678d6a UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-be1aaee8ca227aeb62 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab,
version 1.0 Description : IPsec Services (Windows XP
& 2003) Windows process : lsass.exe Annotation :
IPSec Policy agent endpoint Type : Local RPC service
Named pipe : LRPC-e7a46f2d0fd7e1a92e Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1,
version 1.0 Description : Unknown RPC service
Annotation : Spooler function endpoint Type : Local
RPC service Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
ae33069b-a2a8-46ee-a235-ddfd339be281, version
1.0 Description : Unknown RPC service Annotation :
Spooler base remote object endpoint Type : Local RPC
service Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service Annotation :
Spooler function endpoint Type : Local RPC service
Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
dd490425-5325-4565-b774-7e27d6c09c24, version
1.0 Description : Unknown RPC service Annotation :
Base Firewall Engine API Type : Local RPC service
Named pipe : LRPC-036ab8fdf5a97ed0a4 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03,
version 1.0 Description : Unknown RPC service
Annotation : Fw APIs Type : Local RPC service Named
pipe : LRPC-036ab8fdf5a97ed0a4 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service Annotation : Fw
APIs Type : Local RPC service Named pipe :
LRPC-036ab8fdf5a97ed0a4 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service Annotation : NSI
server endpoint Type : Local RPC service Named pipe :
OLE6F660BFA621448E0B5EEDE0F6873 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service Annotation : NSI
server endpoint Type : Local RPC service Named pipe :
LRPC-349e38e20dfcb9fe45 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : OLE6F660BFA621448E0B5EEDE0F6873
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : LRPC-349e38e20dfcb9fe45 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10,
version 5.0 Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service Type : Local
RPC service Named pipe : W32TIME_ALT Object
UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe :
LRPC-f860754232f40367d9 Object UUID :
666f7270-6c69-7365-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEB19BA455B9B34AB7BA0155B32DF8 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b,
version 1.0 Description : Scheduler Service Windows
process : svchost.exe Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEB19BA455B9B34AB7BA0155B32DF8 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f,
version 1.0 Description : Scheduler Service Windows
process : svchost.exe Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEB19BA455B9B34AB7BA0155B32DF8 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : IUserProfile2 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe :
OLEB19BA455B9B34AB7BA0155B32DF8 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511,
version 1.0 Description : Unknown RPC service
Annotation : IKE/Authip API Type : Local RPC service
Named pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
OLEB19BA455B9B34AB7BA0155B32DF8 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : IUserProfile2 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe :
OLEB19BA455B9B34AB7BA0155B32DF8 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : SECLOGON Object
UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : IUserProfile2 Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : senssvc Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : OLEB19BA455B9B34AB7BA0155B32DF8 Object
UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : SECLOGON Object UUID :
6c637067-6569-746e-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-a78b06005cad3d53e0 Object UUID :
24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID :
2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : LRPC-a78b06005cad3d53e0
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Local RPC service Named pipe :
eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : eventlog Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Local RPC service Named pipe :
dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : dhcpcsvc
Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000001 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WMsgKRpc0A7BC1 Object
UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : LRPC-121efb8413c77076d2
Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000000 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WMsgKRpc0A4FD0 Object
UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WindowsShutdown
Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : WMsgKRpc0A4FD0 Object
UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WindowsShutdown
Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-373ac753e54d6b59ad Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : audit Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : securityevent Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : protected_storage Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : dsrole
Plugin ID:
10736
Port netbios-ns (137/udp)
[-/+]
Windows NetBIOS / SMB Remote Host
Information Disclosure
Synopsis:
It is possible to obtain the network name of the
remote host.
Description:
The remote host listens on UDP port 137 or TCP port
445 and replies to NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in
other plugins but does not itself generate a report.
Risk factor:
None
Solution:
n/a
Plugin output:
The following 3 NetBIOS names have been gathered :
ABRAHAM5 = Computer name WORKGROUP =
Workgroup / Domain name ABRAHAM5 = File Server
Service The remote host has the following MAC
address on its adapter : 00:1d:60:d7:d5:d5
Plugin ID:
10150
Port smb (139/tcp)
[-/+]
Microsoft Windows SMB Service Detection
Synopsis:
A file / print sharing service is listening on the remote
host.
Description:
The remote service understands the CIFS (Common
Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files,
printers, etc between nodes on a network.
Risk factor:
None
Solution:
n/a
Plugin output:
An SMB server is running on this port.
Plugin ID:
11011
Port dce-rpc (1688/tcp)
[-/+]
MSRPC Service Detection
Synopsis:
A DCE/RPC server is listening on the remote host.
Description:
The remote host is running a Windows RPC service.
This service replies to the RPC Bind Request with a
Bind Ack response. However it is not possible to
determine the uuid of this service.
Risk factor:
None
Solution:
n/a
Plugin ID:
22319
Port msrdp (3389/tcp)
[-/+]
Terminal Services Doesn't Use Network Level
Authentication (NLA)
Synopsis:
The remote Terminal Services doesn't use Network Level
Authentication.
Description:
The remote Terminal Services is not configured to use
Network Level Authentication (NLA). NLA uses the
Credential Security Support Provider (CredSSP) protocol to
perform strong server authentication either through
TLS/SSL or Kerberos mechanisms, which protect against
man-in-the-middle attacks. In addition to improving
authentication, NLA also helps protect the remote
computer from malicious users and software by
completing user authentication before a full RDP
connection is established.
Risk factor:
Medium
CVSS Base Score:4.3
CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
See also:
http://technet.microsoft.com/en-us/library/cc732713.aspx
See also:
http://www.nessus.org/u?e2628096
Solution:
Enable Network Level Authentication (NLA) on the remote
RDP server. This is generally done on the 'Remote' tab of
the 'System' settings on Windows.
Plugin ID:
58453
Microsoft Windows Remote Desktop Protocol
Server Man-in-the-Middle Weakness
Synopsis:
It may be possible to get access to the remote host.
Description:
The remote version of the Remote Desktop Protocol
Server (Terminal Service) is vulnerable to a
man-in-the-middle (MiTM) attack. The RDP client makes
no effort to validate the identity of the server when setting
up encryption. An attacker with the ability to intercept
traffic from the RDP server can establish encryption with
the client and server without being detected. A MiTM
attack of this nature would allow the attacker to obtain any
sensitive information transmitted, including authentication
credentials. This flaw exists because the RDP server stores
a hardcoded RSA private key in the mstlsapi.dll library. Any
local user with access to this file (on any Windows system)
can retrieve the key and use it for this attack.
Risk factor:
Medium
CVSS Base Score:5.1
CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
See also:
http://www.oxid.it/downloads/rdp-gbu.pdf
See also:
http://www.nessus.org/u?e2628096
See also:
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution:
- Force the use of SSL as a transport layer for this service if
supported, or/and - Select the 'Allow connections only
from computers running Remote Desktop with Network
Level Authentication' setting if it is available.
Plugin ID:
18405
CVE:
CVE-2005-1794
BID:
13818
Other references:
OSVDB:17131
Terminal Services Encryption Level is Medium or
Low
Synopsis:
The remote host is using weak cryptography.
Description:
The remote Terminal Services service is not configured
to use strong cryptography. Using weak cryptography
with this service may allow an attacker to eavesdrop
on the communications more easily and obtain
screenshots and/or keystrokes.
Risk factor:
Medium
CVSS Base Score:4.3
CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Solution:
Change RDP encryption level to one of : 3. High 4.
FIPS Compliant
Plugin output:
The terminal services encryption level is set to : 2.
Medium
Plugin ID:
57690
Terminal Services Encryption Level is not
FIPS-140 Compliant
Synopsis:
The remote host is not FIPS-140 compliant.
Description:
The encryption setting used by the remote Terminal
Services service is not FIPS-140 compliant.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Change RDP encryption level to : 4. FIPS Compliant
Plugin output:
The terminal services encryption level is set to : 2.
Medium (Client Compatible)
Plugin ID:
30218
Windows Terminal Services Enabled
Synopsis:
The remote Windows host has Terminal Services
enabled.
Description:
Terminal Services allows a Windows user to remotely
obtain a graphical login (and therefore act as a local
user on the remote host). If an attacker gains a valid
login and password, he may be able to use this service
to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack
against the remote host to try to log in remotely. Note
that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for
attackers to steal the credentials of legitimate users by
impersonating the Windows server.
Risk factor:
None
Solution:
Disable Terminal Services if you do not use it, and do
not allow this service to run across the Internet.
Plugin ID:
10940
Port cifs (445/tcp)
[-/+]
SMB Signing Disabled
Synopsis:
Signing is disabled on the remote SMB server.
Description:
Signing is disabled on the remote SMB server. This can allow
man-in-the-middle attacks against the SMB server.
Risk factor:
Medium
CVSS Base Score:5.0
CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
See also:
http://support.microsoft.com/kb/887429
See also:
http://www.nessus.org/u?74b80723
See also:
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
Solution:
Enforce message signing in the host's configuration. On Windows, this
is found in the Local Security Policy. On Samba, the setting is called
'server signing'. See the 'see also' links for further details.
Plugin ID:
57608
Microsoft Windows SMB Registry : Nessus
Cannot Access the Windows Registry
Synopsis:
Nessus is not able to access the remote Windows
Registry.
Description:
It was not possible to connect to PIPE\winreg on the
remote host. If you intend to use Nessus to perform
registry-based checks, the registry checks will not
work because the 'Remote Registry Access' service
(winreg) has been disabled on the remote host or can
not be connected to with the supplied credentials.
Risk factor:
None
Solution:
n/a
Plugin output:
Could not connect to the registry because: Could not
connect to \winreg
Plugin ID:
26917
Microsoft Windows SMB Log In Possible
Synopsis:
It is possible to log into the remote host.
Description:
The remote host is running Microsoft Windows operating system
or Samba, a CIFS/SMB server for Unix. It was possible to log into
it using one of the following accounts : - NULL session - Guest
account - Given Credentials
Risk factor:
None
See also:
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
See also:
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Solution:
n/a
Plugin output:
- NULL sessions are enabled on the remote host
Plugin ID:
10394
Microsoft Windows SMB NativeLanManager
Remote System Information Disclosure
Synopsis:
It is possible to obtain information about the remote
operating system.
Description:
It is possible to get the remote operating system name
and version (Windows and/or Samba) by sending an
authentication request to port 139 or 445.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote Operating System is : Windows Server (R)
2008 Enterprise 6002 Service Pack 2 The remote
native lan manager is : Windows Server (R) 2008
Enterprise 6.0 The remote SMB Domain Name is :
ABRAHAM5
Plugin ID:
10785
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available
remotely : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \PIPE\protected_storage Netbios name :
\\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name : \\ABRAHAM5 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db,
version 1.0 Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint Type : Remote
RPC service Named pipe : \pipe\tapsrv Netbios name :
\\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\wkssvc Netbios name :
\\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\W32TIME_ALT Netbios
name : \\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\ABRAHAM5 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f,
version 1.0 Description : Scheduler Service Windows
process : svchost.exe Type : Remote RPC service
Named pipe : \PIPE\atsvc Netbios name :
\\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\atsvc Netbios name :
\\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Remote RPC service Named
pipe : \PIPE\atsvc Netbios name : \\ABRAHAM5 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1,
version 1.0 Description : Unknown RPC service Type :
Remote RPC service Named pipe : \PIPE\atsvc Netbios
name : \\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\srvsvc Netbios name :
\\ABRAHAM5 Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service Named
pipe : \PIPE\atsvc Netbios name : \\ABRAHAM5 Object
UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Remote RPC
service Named pipe : \PIPE\srvsvc Netbios name :
\\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Remote RPC service Named pipe :
\pipe\eventlog Netbios name : \\ABRAHAM5 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6,
version 1.0 Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint Type :
Remote RPC service Named pipe : \pipe\eventlog
Netbios name : \\ABRAHAM5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service Named pipe :
\pipe\eventlog Netbios name : \\ABRAHAM5 Object
UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af,
version 1.0 Description : Unknown RPC service Type :
Remote RPC service Named pipe : \PIPE\InitShutdown
Netbios name : \\ABRAHAM5 Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\InitShutdown Netbios
name : \\ABRAHAM5 Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name : \\ABRAHAM5 Object
UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Remote RPC
service Named pipe : \PIPE\protected_storage Netbios
name : \\ABRAHAM5
Plugin ID:
10736
Microsoft Windows SMB Service Detection
Synopsis:
A file / print sharing service is listening on the remote
host.
Description:
The remote service understands the CIFS (Common
Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files,
printers, etc between nodes on a network.
Risk factor:
None
Solution:
n/a
Plugin output:
A CIFS server is running on this port.
Plugin ID:
11011
Port dce-rpc (49152/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49152 : Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49152 IP : 163.26.60.1
Plugin ID:
10736
Port dce-rpc (49153/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49153 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.1 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Remote RPC
service TCP Port : 49153 IP : 163.26.60.1 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.1
Plugin ID:
10736
Port dce-rpc (49154/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49154 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service TCP
Port : 49154 IP : 163.26.60.1
Plugin ID:
10736
Port dce-rpc (49155/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49155 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49155 IP : 163.26.60.1 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511,
version 1.0 Description : Unknown RPC service
Annotation : IKE/Authip API Type : Remote RPC
service TCP Port : 49155 IP : 163.26.60.1 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1,
version 1.0 Description : Unknown RPC service Type :
Remote RPC service TCP Port : 49155 IP : 163.26.60.1
Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service TCP
Port : 49155 IP : 163.26.60.1
Plugin ID:
10736
Port dce-rpc (49156/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49156 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5.0
Description : DNS Server Windows process : dns.exe
Type : Remote RPC service TCP Port : 49156 IP :
163.26.60.1
Plugin ID:
10736
Port dce-rpc (49157/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49157 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service Annotation :
Remote Fw APIs Type : Remote RPC service TCP Port :
49157 IP : 163.26.60.1 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Remote RPC service TCP Port :
49157 IP : 163.26.60.1
Plugin ID:
10736
Port dce-rpc (49158/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49158 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49158 IP : 163.26.60.1
Plugin ID:
10736
Port dce-rpc (49159/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49159 : Object UUID :
c3353b16-e70a-48ac-9707-0cc50a30768a UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Remote RPC
service TCP Port : 49159 IP : 163.26.60.1 Object
UUID : 65eb02bd-9353-4e29-a4b3-1b49fd47e7ef
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type :
Remote RPC service TCP Port : 49159 IP : 163.26.60.1
Object UUID :
95b4bde4-0c07-4e22-9c8d-e9fd1f1f7441 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Remote RPC
service TCP Port : 49159 IP : 163.26.60.1 Object
UUID : 36b91ba5-6fec-45d8-933d-a78c98e196fc
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type :
Remote RPC service TCP Port : 49159 IP : 163.26.60.1
Plugin ID:
10736
Port dns (53/tcp)
[-/+]
DNS Server Cache Snooping Remote Information Disclosure
Synopsis:
The remote DNS server is vulnerable to cache snooping attacks.
Description:
The remote DNS server responds to queries for third-party domains that do
not have the recursion bit set. This may allow a remote attacker to determine
which domains have recently been resolved via this name server, and
therefore which hosts have been recently visited. For instance, if an attacker
was interested in whether your company utilizes the online services of a
particular financial institution, they would be able to use this attack to build a
statistical model regarding company usage of that financial institution. Of
course, the attack can also be used to find B2B partners, web-surfing
patterns, external mail servers, and more. Note: If this is an internal DNS
server not accessable to outside networks, attacks would be limited to the
internal network. This may include employees, consultants and potentially
users on a guest network or WiFi connection if supported.
Risk factor:
Medium
CVSS Base Score:5.0
CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
See also:
http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf
Solution:
Contact the vendor of the DNS software for a fix.
Plugin output:
Nessus sent a non-recursive query for example.com and received 1 answer :
192.0.43.10
Plugin ID:
12217
DNS Server Recursive Query Cache Poisoning
Weakness
Synopsis:
The remote name server allows recursive queries to be
performed by the host running nessusd.
Description:
It is possible to query the remote name server for third
party names. If this is your internal nameserver, then
the attack vector may be limited to employees or guest
access if allowed. If you are probing a remote
nameserver, then it allows anyone to use it to resolve
third party names (such as www.nessus.org). This
allows attackers to perform cache poisoning attacks
against this nameserver. If the host allows these
recursive queries via UDP, then the host can be used
to 'bounce' Denial of Service attacks against another
network or system.
Risk factor:
Medium
CVSS Base Score:5.0
CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
See also:
http://www.cert.org/advisories/CA-1997-22.html
See also:
http://www.nessus.org/u?c4dcf24a
Solution:
Restrict recursive queries to the hosts that should use
this nameserver (such as those of the LAN connected
to it). If you are using bind 8, you can do this by using
the instruction 'allow-recursion' in the 'options' section
of your named.conf. If you are using bind 9, you can
define a grouping of internal addresses using the 'acl'
command. Then, within the options block, you can
explicitly state: 'allow-recursion
{ hosts_defined_in_acl }' If you are using another
name server, consult its documentation.
Plugin ID:
10539
CVE:
CVE-1999-0024
BID:
136, 678
Other references:
OSVDB:438
DNS Server Spoofed Request Amplification
DDoS
Synopsis:
The remote DNS server could be used in a distributed
denial of service attack.
Description:
The remote DNS server answers to any request. It is
possible to query the name servers (NS) of the root
zone ('.') and get an answer which is bigger than the
original request. By spoofing the source IP address, a
remote attacker can leverage this 'amplification' to
launch a denial of service attack against a third-party
host using the remote DNS server.
Risk factor:
Medium
CVSS Base Score:5.0
CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
See also:
http://isc.sans.org/diary.html?storyid=5713
Solution:
Restrict access to your DNS server from public network
or reconfigure it to reject such queries.
Plugin output:
The DNS query was 17 bytes long, the answer is 449
bytes long.
Plugin ID:
35450
CVE:
CVE-2006-0987
DNS Server DNSSEC Aware Resolver
Synopsis:
The remote DNS resolver is DNSSEC-aware.
Description:
The remote DNS resolver accepts DNSSEC options.
This means that it may verify the authenticity of
DNSSEC protected zones if it is configured to trust
their keys.
Risk factor:
None
Solution:
n/a
Plugin ID:
35373
DNS Server Detection
Synopsis:
A DNS server is listening on the remote host.
Description:
The remote service is a Domain Name System (DNS)
server, which provides a mapping between hostnames
and IP addresses.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Domain_Name_System
Solution:
Disable this service if it is not needed or restrict access
to internal hosts only if the service is available
externally.
Plugin ID:
11002
DNS Server Detection
Synopsis:
A DNS server is listening on the remote host.
Description:
The remote service is a Domain Name System (DNS)
server, which provides a mapping between hostnames
and IP addresses.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Domain_Name_System
Solution:
Disable this service if it is not needed or restrict access
to internal hosts only if the service is available
externally.
Plugin ID:
11002
Port llmnr (5355/udp)
[-/+]
Link-Local Multicast Name Resolution (LLMNR)
Detection
Synopsis:
The remote device supports LLMNR.
Description:
The remote device answered to a Link-local Multicast
Name Resolution (LLMNR) request. This protocol provides
a name lookup service similar to NetBIOS or DNS. It is
enabled by default on modern Windows versions.
Risk factor:
None
See also:
http://www.nessus.org/u?85beb421
See also:
http://technet.microsoft.com/en-us/library/bb878128.aspx
Solution:
Make sure that use of this software conforms to your
organization's acceptable use and security policies.
Plugin output:
According to LLMNR, the name of the remote host is
'Abraham5'.
Plugin ID:
53513
Port www (80/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD,
POST Headers : Content-Type: text/html
Last-Modified: Fri, 21 Feb 2003 11:33:58 GMT
Accept-Ranges: bytes ETag: "0176b1f9dd9c21:0"
Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2012 23:17:53 GMT
Content-Length: 1194
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : Microsoft-IIS/7.0
Plugin ID:
10107
HTTP Methods Allowed (per directory)
Synopsis:
This plugin determines which HTTP methods are
allowed on various CGI directories.
Description:
By calling the OPTIONS method, it is possible to
determine which HTTP methods are allowed on each
directory. As this list may be incomplete, the plugin
also tests - if 'Thorough tests' are enabled or 'Enable
web applications tests' is set to 'yes' in the scan policy
- various known HTTP methods on each directory and
considers them as unsupported if it receives a
response code of 400, 403, 405, or 501. Note that the
plugin output is only informational and does not
necessarily indicate the presence of any security
vulnerabilities.
Risk factor:
None
Solution:
n/a
Plugin output:
Based on the response to an OPTIONS request : HTTP methods GET HEAD POST TRACE OPTIONS are
allowed on : /
Plugin ID:
43111
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.1
[^] Back
163.26.60.100
Scan Time
Start
time :
Fri Oct 1 07:15:27
2013
Fri Oct 1 07:18:33
End time :
2013
Number of vulnerabilities
Open ports :
2
High :
0
Medium :
0
Low :
23
Remote host information
Operating
System :
Microsoft Windows
Server 2008
NetBIOS
name :
DNS
name :
WIN-45HMMSEJL9Q
[^] Back to 163.26.60.100
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
[-/+]
163.26.60.115 to 163.26.60.100 : 163.26.60.115
163.26.60.100
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:15 Scan duration :
186 sec
Plugin ID:
19506
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:microsoft:windows_server_2008
Following application CPE matched on the remote
system : cpe:/a:microsoft:iis:7.0 -> Microsoft Internet
Information Services (IIS) 7.0
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 75
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Microsoft Windows Server
2008 Confidence Level : 75 Method : HTTP The remote
host is running Microsoft Windows Server 2008
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:1f:d0:12:c0:80 : GIGA-BYTE TECHNOLOGY
CO.,LTD.
Plugin ID:
35716
Host Fully Qualified Domain Name (FQDN)
Resolution
Synopsis:
It was possible to resolve the name of the remote
host.
Description:
Nessus was able to resolve the FQDN of the remote
host.
Risk factor:
None
Solution:
n/a
Plugin output:
163.26.60.100 resolves as WIN-45HMMSEJL9Q.
Plugin ID:
12053
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
This host returns non-standard timestamps (high bit is
set) The ICMP timestamps might be in little endian
format (not in network format) The difference
between the local and remote clocks is -866 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port epmap (135/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available locally :
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : dsrole Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : protected_storage Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : securityevent Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : audit Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : LRPC-b4249551155e0c284b Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : tapsrvlpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : unimdmsvc Object UUID :
b25ab805-c75d-4d73-bb51-e8d3f12e29f7 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-c1b160f010140dbc14 Object
UUID : 36f46f33-d3b9-4283-81ea-b3eb70de5ebd
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type : Local
RPC service Named pipe : LRPC-c1b160f010140dbc14
Object UUID :
f373b35e-3596-44e0-a3a9-0a083328438c UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-c1b160f010140dbc14 Object
UUID : 309893b3-1f93-4928-9e08-0a241b027981
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type : Local
RPC service Named pipe : LRPC-c1b160f010140dbc14
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Local RPC service Named pipe :
LRPC-6d4e972560f3f5f619 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service Annotation :
Spooler function endpoint Type : Local RPC service
Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
ae33069b-a2a8-46ee-a235-ddfd339be281, version
1.0 Description : Unknown RPC service Annotation :
Spooler base remote object endpoint Type : Local RPC
service Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service Annotation :
Spooler function endpoint Type : Local RPC service
Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
dd490425-5325-4565-b774-7e27d6c09c24, version
1.0 Description : Unknown RPC service Annotation :
Base Firewall Engine API Type : Local RPC service
Named pipe : LRPC-59c5772168f3a87b41 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03,
version 1.0 Description : Unknown RPC service
Annotation : Fw APIs Type : Local RPC service Named
pipe : LRPC-59c5772168f3a87b41 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service Annotation : Fw
APIs Type : Local RPC service Named pipe :
LRPC-59c5772168f3a87b41 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service Annotation : NSI
server endpoint Type : Local RPC service Named pipe :
OLE508ABA8858E748BBB0ED98936668 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service Annotation : NSI
server endpoint Type : Local RPC service Named pipe :
LRPC-1426b1e33c91e26e58 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : OLE508ABA8858E748BBB0ED98936668
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : LRPC-1426b1e33c91e26e58 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10,
version 5.0 Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service Type : Local
RPC service Named pipe : W32TIME_ALT Object
UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe :
LRPC-9b4f06bb99b9cab1af Object UUID :
666f7270-6c69-7365-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
SECLOGON Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
SECLOGON Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLEB821FB3C5D24431B91A8E1A188C8 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
SECLOGON Object UUID :
6c637067-6569-746e-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-e961ca3f48f0dd0328 Object UUID :
24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID :
2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : LRPC-e961ca3f48f0dd0328
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Local RPC service Named pipe :
eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : eventlog Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Local RPC service Named pipe :
dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : dhcpcsvc
Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000001 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WMsgKRpc0D68F1 Object
UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WMsgKRpc0D1A60
Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000000 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WindowsShutdown Object
UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WMsgKRpc0D1A60
Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : WindowsShutdown Object
UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : LRPC-a3ef276fc2686d72c0
Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-b4249551155e0c284b Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : audit Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : securityevent Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : protected_storage Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : dsrole
Plugin ID:
10736
Port microsoft-ds? (445/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available
remotely : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \PIPE\protected_storage Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Remote RPC service
Named pipe : \pipe\tapsrv Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\wkssvc Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\W32TIME_ALT Netbios
name : \\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\atsvc Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Remote RPC service Named
pipe : \PIPE\atsvc Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\srvsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\srvsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\srvsvc Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Remote RPC service Named pipe :
\pipe\eventlog Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Remote RPC
service Named pipe : \pipe\eventlog Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service Named pipe :
\pipe\eventlog Netbios name : \\WIN-45HMMSEJL9Q
Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000000 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\InitShutdown Netbios
name : \\WIN-45HMMSEJL9Q Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\InitShutdown Netbios
name : \\WIN-45HMMSEJL9Q Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name :
\\WIN-45HMMSEJL9Q Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service Named
pipe : \PIPE\protected_storage Netbios name :
\\WIN-45HMMSEJL9Q
Plugin ID:
10736
Port dce-rpc (49152/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49152 : Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49152 IP : 163.26.60.100
Plugin ID:
10736
Port dce-rpc (49153/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49153 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.100 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Remote RPC
service TCP Port : 49153 IP : 163.26.60.100 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.100
Plugin ID:
10736
Port dce-rpc (49154/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49154 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service TCP
Port : 49154 IP : 163.26.60.100
Plugin ID:
10736
Port dce-rpc (49155/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49155 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49155 IP : 163.26.60.100
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Remote RPC service TCP Port :
49155 IP : 163.26.60.100 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.100 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.100 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.100
Plugin ID:
10736
Port dce-rpc (49156/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49156 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service Annotation :
Remote Fw APIs Type : Remote RPC service TCP Port :
49156 IP : 163.26.60.100 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Remote RPC service TCP Port :
49156 IP : 163.26.60.100
Plugin ID:
10736
Port dce-rpc (49157/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49157 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49157 IP : 163.26.60.100
Plugin ID:
10736
Port llmnr (5355/udp)
[-/+]
Link-Local Multicast Name Resolution (LLMNR)
Detection
Synopsis:
The remote device supports LLMNR.
Description:
The remote device answered to a Link-local Multicast
Name Resolution (LLMNR) request. This protocol provides
a name lookup service similar to NetBIOS or DNS. It is
enabled by default on modern Windows versions.
Risk factor:
None
See also:
http://www.nessus.org/u?85beb421
See also:
http://technet.microsoft.com/en-us/library/bb878128.aspx
Solution:
Make sure that use of this software conforms to your
organization's acceptable use and security policies.
Plugin output:
According to LLMNR, the name of the remote host is
'WIN-45HMMSEJL9Q'.
Plugin ID:
53513
Port www (80/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD,
POST Headers : Content-Type: text/html
Last-Modified: Thu, 04 Oct 2012 06:46:07 GMT
Accept-Ranges: bytes ETag: "3bd4c8eefba1cd1:0"
Server: Microsoft-IIS/7.0 Date: Thu, 11 Oct 2012
23:20:34 GMT Content-Length: 689
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : Microsoft-IIS/7.0
Plugin ID:
10107
HTTP Methods Allowed (per directory)
Synopsis:
This plugin determines which HTTP methods are
allowed on various CGI directories.
Description:
By calling the OPTIONS method, it is possible to
determine which HTTP methods are allowed on each
directory. As this list may be incomplete, the plugin
also tests - if 'Thorough tests' are enabled or 'Enable
web applications tests' is set to 'yes' in the scan policy
- various known HTTP methods on each directory and
considers them as unsupported if it receives a
response code of 400, 403, 405, or 501. Note that the
plugin output is only informational and does not
necessarily indicate the presence of any security
vulnerabilities.
Risk factor:
None
Solution:
n/a
Plugin output:
Based on the response to an OPTIONS request : HTTP methods GET HEAD POST TRACE OPTIONS are
allowed on : /
Plugin ID:
43111
Web Server Unconfigured - Default Install Page
Present
Synopsis:
The remote web server is not configured or is not
properly configured.
Description:
The remote web server uses its default welcome page.
It probably means that this server is not used at all or
is serving content that is meant to be hidden.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
The default welcome page is from IIS.
Plugin ID:
11422
Other references:
OSVDB:2117
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.100
[^] Back
163.26.60.103
Scan Time
Start
time :
Fri Oct 1 07:16:07
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
7
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.103
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.103 : 163.26.60.115
163.26.60.103
Plugin ID:
[-/+]
10287
IP Forwarding Enabled
Synopsis:
The remote host has IP forwarding enabled.
Description:
The remote host has IP forwarding enabled. An attacker may use this flaw to
use the to route packets through this host and potentially bypass some
firewalls / routers / NAC filtering. Unless the remote host is a router, it is
recommended that you disable IP forwarding.
Risk factor:
Low
CVSS Base Score:3.2
CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
Solution:
On Linux, you can disable IP forwarding by doing : echo 0 >
/proc/sys/net/ipv4/ip_forward On Windows, set the key 'IPEnableRouter' to 0
under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameter
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0 For other systems, check with your vendor.
Plugin ID:
50686
CVE:
CVE-1999-0511
Multiple Ethernet Driver Frame Padding
Information Disclosure (Etherleak)
Synopsis:
The remote host appears to leak memory in network
packets.
Description:
The remote host uses a network device driver that
pads ethernet frames with data which vary from one
packet to another, likely taken from kernel memory,
system memory allocated to the device driver, or a
hardware buffer on its network interface card. Known
as 'Etherleak', this information disclosure vulnerability
may allow an attacker to collect sensitive information
from the affected host provided he is on the same
physical subnet as that host.
Risk factor:
Low
CVSS Base Score:3.3
CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N
See also:
http://www.nessus.org/u?719c90b4
Solution:
Contact the network device driver's vendor for a fix.
Plugin output:
Padding observed in one frame : 0x00: 10 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 ................ 0x10:
00 . Padding observed in another frame : 0x00: 50 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
P............... 0x10: 00 .
Plugin ID:
11197
CVE:
CVE-2003-0001
BID:
6535
Other references:
OSVDB:3873
Port sip? (5060/tcp)
[-/+]
Session Initiation Protocol Detection
Synopsis:
The remote system is a SIP signaling device.
Description:
The remote system is running software that speaks the Session Initiation
Protocol. SIP is a messaging protocol to initiate communication sessions
between systems. It is a protocol used mostly in IP Telephony networks /
systems to setup, control, and teardown sessions between two or more
systems.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution:
If possible, filter incoming connections to the port so that it is used by trusted
sources only.
Plugin output:
The remote service was identified as : VOIP P104SLD 02.11.14 It supports the
following options :
ACK,BYE,CANCEL,INVITE,NOTIFY,REFER,DO,UPDATE,OPTIONS,SUBSCRIBE,P
RACK,INFO
Plugin ID:
21642
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port echo (7/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An echo server is running on this port.
Plugin ID:
22964
Port www (9999/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.103
[^] Back
163.26.60.104
Scan Time
Start
time :
Fri Oct 1 07:16:41
2013
End time :
Fri Oct 1 07:20:09
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
9
Remote host information
EPSON Stylus
Printer Linksys
Operating
System :
Wireless Access
Point Oracle
Integrated Lights
Out Manager
NetBIOS
name :
DNS
name :
[^] Back to 163.26.60.104
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
[-/+]
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.104 : 163.26.60.115
163.26.60.104
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:16 Scan duration :
208 sec
Plugin ID:
19506
Open Port Re-check
Synopsis:
Previously open ports are now closed.
Description:
One of several ports that were previously open are
now closed or unresponsive. There are numerous
possible causes for this failure : - The scan may have
caused a service to freeze or stop running. - An
administrator may have stopped a particular service
during the scanning process. This might be an
availability problem related to the following reasons : A network outage has been experienced during the
scan, and the remote network cannot be reached from
the Vulnerability Scanner anymore. - This Vulnerability
Scanner has been blacklisted by the system
administrator or by automatic intrusion
detection/prevention systems which have detected the
vulnerability assessment. - The remote host is now
down, either because a user turned it off during the
scan or because a select denial of service was
effective. In any case, the audit of the remote host
might be incomplete and may need to be done again
Risk factor:
None
Solution:
- increase checks_read_timeout and/or reduce
max_checks - disable your IPS during the Nessus scan
Plugin output:
Port 443 was detected as being open but is now closed
Port 5060 was detected as being open but is now
closed Port 80 was detected as being open but is now
closed
Plugin ID:
10919
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : EPSON Stylus Printer
Linksys Wireless Access Point Oracle Integrated Lights
Out Manager Confidence Level : 59 Method : SinFP
The remote host is running one of these operating
systems : EPSON Stylus Printer Linksys Wireless
Access Point Oracle Integrated Lights Out Manager
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:18:e7:d6:d5:e3 : Cameo Communications, INC.
Plugin ID:
35716
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
10595 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port https? (443/tcp)
[-/+]
Port sip? (5060/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.104
[^] Back
163.26.60.105
Scan Time
Start
time :
Fri Oct 1 07:18:16
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
7
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.105
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.105 : 163.26.60.115
163.26.60.105
Plugin ID:
10287
IP Forwarding Enabled
Synopsis:
The remote host has IP forwarding enabled.
Description:
[-/+]
The remote host has IP forwarding enabled. An attacker may use this flaw to
use the to route packets through this host and potentially bypass some
firewalls / routers / NAC filtering. Unless the remote host is a router, it is
recommended that you disable IP forwarding.
Risk factor:
Low
CVSS Base Score:3.2
CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
Solution:
On Linux, you can disable IP forwarding by doing : echo 0 >
/proc/sys/net/ipv4/ip_forward On Windows, set the key 'IPEnableRouter' to 0
under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameter
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0 For other systems, check with your vendor.
Plugin ID:
50686
CVE:
CVE-1999-0511
Multiple Ethernet Driver Frame Padding
Information Disclosure (Etherleak)
Synopsis:
The remote host appears to leak memory in network
packets.
Description:
The remote host uses a network device driver that
pads ethernet frames with data which vary from one
packet to another, likely taken from kernel memory,
system memory allocated to the device driver, or a
hardware buffer on its network interface card. Known
as 'Etherleak', this information disclosure vulnerability
may allow an attacker to collect sensitive information
from the affected host provided he is on the same
physical subnet as that host.
Risk factor:
Low
CVSS Base Score:3.3
CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N
See also:
http://www.nessus.org/u?719c90b4
Solution:
Contact the network device driver's vendor for a fix.
Plugin output:
Padding observed in one frame : 0x00: 3D 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 =............... 0x10:
00 . Padding observed in another frame : 0x00: 5E 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
^............... 0x10: 00 .
Plugin ID:
11197
CVE:
CVE-2003-0001
BID:
6535
Other references:
OSVDB:3873
Port sip? (5060/tcp)
Session Initiation Protocol Detection
[-/+]
Synopsis:
The remote system is a SIP signaling device.
Description:
The remote system is running software that speaks the Session Initiation
Protocol. SIP is a messaging protocol to initiate communication sessions
between systems. It is a protocol used mostly in IP Telephony networks /
systems to setup, control, and teardown sessions between two or more
systems.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution:
If possible, filter incoming connections to the port so that it is used by trusted
sources only.
Plugin output:
The remote service was identified as : VOIP P104SLD 02.11.14 It supports the
following options :
ACK,BYE,CANCEL,INVITE,NOTIFY,REFER,DO,UPDATE,OPTIONS,SUBSCRIBE,P
RACK,INFO
Plugin ID:
21642
Port tftp (69/udp)
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
[-/+]
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port echo (7/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An echo server is running on this port.
Plugin ID:
22964
Port www (9999/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.105
[^] Back
163.26.60.106
Scan Time
Start
time :
Fri Oct 1 07:18:35
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
13
Remote host information
Operating System :
AIX 5.2
NetBIOS name :
DNS name :
[^] Back to 163.26.60.106
Port general (0/udp)
[-/+]
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.106 : 163.26.60.115
163.26.60.106
Plugin ID:
10287
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:ibm:aix:5.2 -> IBM AIX 5.2
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 65
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : AIX 5.2 Confidence Level :
65 Method : SinFP The remote host is running AIX 5.2
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:d0:e9:01:77:3d : Advantage Century
Telecommunication Corp.
Plugin ID:
35716
IP Forwarding Enabled
Synopsis:
The remote host has IP forwarding enabled.
Description:
The remote host has IP forwarding enabled. An attacker may use this flaw to
use the to route packets through this host and potentially bypass some
firewalls / routers / NAC filtering. Unless the remote host is a router, it is
recommended that you disable IP forwarding.
Risk factor:
Low
CVSS Base Score:3.2
CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
Solution:
On Linux, you can disable IP forwarding by doing : echo 0 >
/proc/sys/net/ipv4/ip_forward On Windows, set the key 'IPEnableRouter' to 0
under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameter
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0 For other systems, check with your vendor.
Plugin ID:
50686
CVE:
CVE-1999-0511
Multiple Ethernet Driver Frame Padding
Information Disclosure (Etherleak)
Synopsis:
The remote host appears to leak memory in network
packets.
Description:
The remote host uses a network device driver that
pads ethernet frames with data which vary from one
packet to another, likely taken from kernel memory,
system memory allocated to the device driver, or a
hardware buffer on its network interface card. Known
as 'Etherleak', this information disclosure vulnerability
may allow an attacker to collect sensitive information
from the affected host provided he is on the same
physical subnet as that host.
Risk factor:
Low
CVSS Base Score:3.3
CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N
See also:
http://www.nessus.org/u?719c90b4
Solution:
Contact the network device driver's vendor for a fix.
Plugin output:
Padding observed in one frame : 0x00: E0 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 ................ 0x10:
00 . Padding observed in another frame : 0x00: 76 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 v...............
0x10: 00 .
Plugin ID:
11197
CVE:
CVE-2003-0001
BID:
6535
Other references:
OSVDB:3873
Port sip? (5060/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port echo (7/tcp)
[-/+]
Echo Service Detection
Synopsis:
An echo service is running on the remote host.
Description:
The remote host is running the 'echo' service. This service echoes any data
which is sent to it. This service is unused these days, so it is strongly advised
that you disable it, as it may be used by attackers to set up denial of services
attacks against this host.
Risk factor:
None
Solution:
- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and
restart the inetd process - Under Windows systems, set the following registry
key to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEc
ho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEc
ho Then launch cmd.exe and type : net stop simptcp net start simptcp To
restart the service.
Plugin ID:
10061
CVE:
CVE-1999-0103, CVE-1999-0635
Other references:
OSVDB:150
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An echo server is running on this port.
Plugin ID:
22964
Port www (9999/tcp)
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
[-/+]
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Headers : Server: VOIP WWW-Authenticate: Digest
realm="VOIP",
nonce="e866bacb50b82d08514a8a2b187c437d",
opaque="e94e7b2da163c3228fb1357a786d586c",
stale=false, algorithm=MD5, qop="auth,auth-int"
WWW-Authenticate: Basic realm="VOIP"
Content-Type: text/html Content-Length: 23
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : VOIP
Plugin ID:
10107
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.106
[^] Back
163.26.60.107
Scan Time
Start
time :
End time :
Fri Oct 1 07:18:53
2013
Fri Oct 1 07:23:17
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
13
Remote host information
Operating System :
AIX 5.2
NetBIOS name :
DNS name :
[^] Back to 163.26.60.107
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.107 : 163.26.60.115
163.26.60.107
Plugin ID:
10287
[-/+]
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:ibm:aix:5.2 -> IBM AIX 5.2
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 65
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : AIX 5.2 Confidence Level :
65 Method : SinFP The remote host is running AIX 5.2
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:d0:e9:40:0a:5e : Advantage Century
Telecommunication Corp.
Plugin ID:
35716
IP Forwarding Enabled
Synopsis:
The remote host has IP forwarding enabled.
Description:
The remote host has IP forwarding enabled. An attacker may use this flaw to
use the to route packets through this host and potentially bypass some
firewalls / routers / NAC filtering. Unless the remote host is a router, it is
recommended that you disable IP forwarding.
Risk factor:
Low
CVSS Base Score:3.2
CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
Solution:
On Linux, you can disable IP forwarding by doing : echo 0 >
/proc/sys/net/ipv4/ip_forward On Windows, set the key 'IPEnableRouter' to 0
under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameter
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0 For other systems, check with your vendor.
Plugin ID:
50686
CVE:
CVE-1999-0511
Multiple Ethernet Driver Frame Padding
Information Disclosure (Etherleak)
Synopsis:
The remote host appears to leak memory in network
packets.
Description:
The remote host uses a network device driver that
pads ethernet frames with data which vary from one
packet to another, likely taken from kernel memory,
system memory allocated to the device driver, or a
hardware buffer on its network interface card. Known
as 'Etherleak', this information disclosure vulnerability
may allow an attacker to collect sensitive information
from the affected host provided he is on the same
physical subnet as that host.
Risk factor:
Low
CVSS Base Score:3.3
CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N
See also:
http://www.nessus.org/u?719c90b4
Solution:
Contact the network device driver's vendor for a fix.
Plugin output:
Padding observed in one frame : 0x00: 9E 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 ................ 0x10:
00 . Padding observed in another frame : 0x00: 42 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
B............... 0x10: 00 .
Plugin ID:
11197
CVE:
CVE-2003-0001
BID:
6535
Other references:
OSVDB:3873
Port sip? (5060/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port echo (7/tcp)
[-/+]
Echo Service Detection
Synopsis:
An echo service is running on the remote host.
Description:
The remote host is running the 'echo' service. This service echoes any data
which is sent to it. This service is unused these days, so it is strongly advised
that you disable it, as it may be used by attackers to set up denial of services
attacks against this host.
Risk factor:
None
Solution:
- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and
restart the inetd process - Under Windows systems, set the following registry
key to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEc
ho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEc
ho Then launch cmd.exe and type : net stop simptcp net start simptcp To
restart the service.
Plugin ID:
10061
CVE:
CVE-1999-0103, CVE-1999-0635
Other references:
OSVDB:150
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An echo server is running on this port.
Plugin ID:
22964
Port www (9999/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Headers : Server: VOIP WWW-Authenticate: Digest
realm="VOIP",
nonce="83a2de072437544ed0d8521022df0027",
opaque="6894a9f32d9cbfd5a010d8c64fc1c7c9",
stale=false, algorithm=MD5, qop="auth,auth-int"
WWW-Authenticate: Basic realm="VOIP"
Content-Type: text/html Content-Length: 23
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : VOIP
Plugin ID:
10107
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.107
[^] Back
163.26.60.108
Scan Time
Start
time :
Fri Oct 1 07:19:02
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
7
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.108
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
[-/+]
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.108 : 163.26.60.115
163.26.60.108
Plugin ID:
10287
IP Forwarding Enabled
Synopsis:
The remote host has IP forwarding enabled.
Description:
The remote host has IP forwarding enabled. An attacker may use this flaw to
use the to route packets through this host and potentially bypass some
firewalls / routers / NAC filtering. Unless the remote host is a router, it is
recommended that you disable IP forwarding.
Risk factor:
Low
CVSS Base Score:3.2
CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
Solution:
On Linux, you can disable IP forwarding by doing : echo 0 >
/proc/sys/net/ipv4/ip_forward On Windows, set the key 'IPEnableRouter' to 0
under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameter
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0 For other systems, check with your vendor.
Plugin ID:
50686
CVE:
CVE-1999-0511
Multiple Ethernet Driver Frame Padding
Information Disclosure (Etherleak)
Synopsis:
The remote host appears to leak memory in network
packets.
Description:
The remote host uses a network device driver that
pads ethernet frames with data which vary from one
packet to another, likely taken from kernel memory,
system memory allocated to the device driver, or a
hardware buffer on its network interface card. Known
as 'Etherleak', this information disclosure vulnerability
may allow an attacker to collect sensitive information
from the affected host provided he is on the same
physical subnet as that host.
Risk factor:
Low
CVSS Base Score:3.3
CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N
See also:
http://www.nessus.org/u?719c90b4
Solution:
Contact the network device driver's vendor for a fix.
Plugin output:
Padding observed in one frame : 0x00: A3 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 ................ 0x10:
00 . Padding observed in another frame : 0x00: 77 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00
w............... 0x10: 00 .
Plugin ID:
11197
CVE:
CVE-2003-0001
BID:
6535
Other references:
OSVDB:3873
Port sip? (5060/tcp)
[-/+]
Session Initiation Protocol Detection
Synopsis:
The remote system is a SIP signaling device.
Description:
The remote system is running software that speaks the Session Initiation
Protocol. SIP is a messaging protocol to initiate communication sessions
between systems. It is a protocol used mostly in IP Telephony networks /
systems to setup, control, and teardown sessions between two or more
systems.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution:
If possible, filter incoming connections to the port so that it is used by trusted
sources only.
Plugin output:
The remote service was identified as : VOIP P104SLD 02.11.14 It supports the
following options :
ACK,BYE,CANCEL,INVITE,NOTIFY,REFER,DO,UPDATE,OPTIONS,SUBSCRIBE,P
RACK,INFO
Plugin ID:
21642
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port echo (7/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An echo server is running on this port.
Plugin ID:
22964
Port www (9999/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.108
[^] Back
163.26.60.109
Scan Time
Start
time :
Fri Oct 1 07:20:10
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
7
Remote host information
Operating
System :
EPSON Stylus
Printer Linksys
Wireless Access
Point Oracle
Integrated Lights
Out Manager
NetBIOS
name :
DNS
name :
[^] Back to 163.26.60.109
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
[-/+]
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.109 : 163.26.60.115
163.26.60.109
Plugin ID:
10287
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : EPSON Stylus Printer
Linksys Wireless Access Point Oracle Integrated Lights
Out Manager Confidence Level : 59 Method : SinFP
The remote host is running one of these operating
systems : EPSON Stylus Printer Linksys Wireless
Access Point Oracle Integrated Lights Out Manager
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:26:5a:c1:0a:e5 : D-Link Corporation
Plugin ID:
35716
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
10587 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port https? (443/tcp)
[-/+]
Port sip? (5060/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.109
[^] Back
163.26.60.110
Scan Time
Start
time :
Fri Oct 1 07:20:40
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
7
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.110
Port general (0/udp)
[-/+]
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.110 : 163.26.60.115
163.26.60.110
Plugin ID:
10287
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:26:5a:c1:0a:f1 : D-Link Corporation
Plugin ID:
35716
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
10596 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Multiple Ethernet Driver Frame Padding
Information Disclosure (Etherleak)
Synopsis:
The remote host appears to leak memory in network
packets.
Description:
The remote host uses a network device driver that
pads ethernet frames with data which vary from one
packet to another, likely taken from kernel memory,
system memory allocated to the device driver, or a
hardware buffer on its network interface card. Known
as 'Etherleak', this information disclosure vulnerability
may allow an attacker to collect sensitive information
from the affected host provided he is on the same
physical subnet as that host.
Risk factor:
Low
CVSS Base Score:3.3
CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N
See also:
http://www.nessus.org/u?719c90b4
Solution:
Contact the network device driver's vendor for a fix.
Plugin output:
Padding observed in one frame : 0x00: 00 00 00 00 00
00 00 80 3A 09 00 00 8D 27 00 00 ........:....'.. 0x10:
00 . Padding observed in another frame : 0x00: 00 00
00 00 00 00 00 80 3A 09 00 00 8D 27 00
AA ........:....'.. 0x10: 55 U
Plugin ID:
11197
CVE:
CVE-2003-0001
BID:
6535
Other references:
OSVDB:3873
Port https? (443/tcp)
[-/+]
Port sip? (5060/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.110
[^] Back
163.26.60.112
Scan Time
Start
time :
Fri Oct 1 07:21:04
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
6
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.112
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.112 : 163.26.60.115
163.26.60.112
Plugin ID:
10287
[-/+]
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
10586 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port https? (443/tcp)
[-/+]
Port sip? (5060/tcp)
[-/+]
Session Initiation Protocol Detection
Synopsis:
The remote system is a SIP signaling device.
Description:
The remote system is running software that speaks the Session Initiation
Protocol. SIP is a messaging protocol to initiate communication sessions
between systems. It is a protocol used mostly in IP Telephony networks /
systems to setup, control, and teardown sessions between two or more
systems.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution:
If possible, filter incoming connections to the port so that it is used by trusted
sources only.
Plugin output:
The remote service was identified as : DPH-150SE 01.02 It supports the
following options :
ACK,BYE,CANCEL,INVITE,NOTIFY,REFER,DO,UPDATE,OPTIONS,SUBSCRIBE,I
NFO
Plugin ID:
21642
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.112
[^] Back
163.26.60.113
Scan Time
Start
time :
Fri Oct 1 07:21:04
2013
End time :
Fri Oct 1 07:23:13
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
9
Remote host information
Operating
System :
EPSON Stylus
Printer Linksys
Wireless Access
Point Oracle
Integrated Lights
Out Manager
NetBIOS
name :
DNS
name :
[^] Back to 163.26.60.113
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.113 : 163.26.60.115
163.26.60.113
[-/+]
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:21 Scan duration :
129 sec
Plugin ID:
19506
Open Port Re-check
Synopsis:
Previously open ports are now closed.
Description:
One of several ports that were previously open are
now closed or unresponsive. There are numerous
possible causes for this failure : - The scan may have
caused a service to freeze or stop running. - An
administrator may have stopped a particular service
during the scanning process. This might be an
availability problem related to the following reasons : A network outage has been experienced during the
scan, and the remote network cannot be reached from
the Vulnerability Scanner anymore. - This Vulnerability
Scanner has been blacklisted by the system
administrator or by automatic intrusion
detection/prevention systems which have detected the
vulnerability assessment. - The remote host is now
down, either because a user turned it off during the
scan or because a select denial of service was
effective. In any case, the audit of the remote host
might be incomplete and may need to be done again
Risk factor:
None
Solution:
- increase checks_read_timeout and/or reduce
max_checks - disable your IPS during the Nessus scan
Plugin output:
Port 443 was detected as being open but is now closed
Port 5060 was detected as being open but is now
closed Port 80 was detected as being open but is now
closed
Plugin ID:
10919
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : EPSON Stylus Printer
Linksys Wireless Access Point Oracle Integrated Lights
Out Manager Confidence Level : 59 Method : SinFP
The remote host is running one of these operating
systems : EPSON Stylus Printer Linksys Wireless
Access Point Oracle Integrated Lights Out Manager
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:26:5a:c0:fd:d2 : D-Link Corporation
Plugin ID:
35716
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
-1108 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port https? (443/tcp)
[-/+]
Port sip? (5060/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.113
[^] Back
163.26.60.115
Scan Time
Start
time :
Fri Oct 1 07:21:08
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
16
High :
0
Medium :
7
Low :
42
Remote host information
Operating
System :
Microsoft
Windows Vista
Business
NetBIOS
name :
ELISHA169
DNS name :
ELISHA169
[^] Back to 163.26.60.115
Port general (0/tcp)
[-/+]
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:microsoft:windows_vista:::business
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 99
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Microsoft Windows Vista
Business Confidence Level : 99 Method : MSRPC The
remote host is running Microsoft Windows Vista
Business
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:26:22:1d:38:b2 : COMPAL INFORMATION
(KUNSHAN) CO., LTD.
Plugin ID:
35716
Host Fully Qualified Domain Name (FQDN)
Resolution
Synopsis:
It was possible to resolve the name of the remote
host.
Description:
Nessus was able to resolve the FQDN of the remote
host.
Risk factor:
None
Solution:
n/a
Plugin output:
163.26.60.115 resolves as ELISHA169.
Plugin ID:
12053
Port nessus (1241/tcp)
[-/+]
SSL Self-Signed Certificate
Synopsis:
The SSL certificate chain for this service ends in an
unrecognized self-signed certificate.
Description:
The X.509 certificate chain for this service is not
signed by a recognized certificate authority. If the
remote host is a public host in production, this nullifies
the use of SSL as anyone could establish a man in the
middle attack against the remote host. Note that this
plugin does not check for certificate chains that end in
a certificate that is not self-signed, but is signed by an
unrecognized certificate authority.
Risk factor:
Medium
CVSS Base Score:6.4
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Solution:
Purchase or generate a proper certificate for this
service.
Plugin output:
The following certificate was found at the top of the
certificate chain sent by the remote host, but is
self-signed and was not found in the list of known
certificate authorities : |-Subject : O=Nessus Users
United/OU=Nessus Certification Authority/L=New
York/C=US/ST=NY/CN=Nessus Certification Authority
Plugin ID:
57582
SSL / TLS Renegotiation DoS
Synopsis:
The remote service allows repeated renegotiation of TLS / SSL
connections.
Description:
The remote service encrypts traffic using TLS / SSL and permits
clients to renegotiate connections. The computational
requirements for renegotiating a connection are asymmetrical
between the client and the server, with the server performing
several times more work. Since the remote host does not appear
to limit the number of renegotiations for a single TLS / SSL
connection, this permits a client to open several simultaneous
connections and repeatedly renegotiate them, possibly leading to
a denial of service condition.
Risk factor:
Medium
CVSS Base Score:4.3
CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
See also:
http://orchilles.com/2011/03/ssl-renegotiation-dos.html
See also:
http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
Solution:
Contact the vendor for specific patch information.
Plugin output:
The remote host is vulnerable to renegotiation DoS over TLSv1.
Plugin ID:
53491
CVE:
CVE-2011-1473
BID:
48626
Other references:
OSVDB:73894
SSL Certificate Cannot Be Trusted
Synopsis:
The SSL certificate for this service cannot be trusted.
Description:
The server's X.509 certificate does not have a
signature from a known public certificate authority.
This situation can occur in three different ways, each
of which results in a break in the chain below which
certificates cannot be trusted. First, the top of the
certificate chain sent by the server might not be
descended from a known public certificate authority.
This can occur either when the top of the chain is an
unrecognized, self-signed certificate, or when
intermediate certificates are missing that would
connect the top of the certificate chain to a known
public certificate authority. Second, the certificate
chain may contain a certificate that is not valid at the
time of the scan. This can occur either when the scan
occurs before one of the certificate's 'notBefore' dates,
or after one of the certificate's 'notAfter' dates. Third,
the certificate chain may contain a signature that
either didn't match the certificate's information, or was
not possible to verify. Bad signatures can be fixed by
getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be
verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support
or does not recognize. If the remote host is a public
host in production, any break in the chain nullifies the
use of SSL as anyone could establish a man in the
middle attack against the remote host.
Risk factor:
Medium
CVSS Base Score:6.4
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Solution:
Purchase or generate a proper certificate for this
service.
Plugin output:
The following certificates were at the top of the
certificate chain sent by the remote host, but are
signed by an unknown certificate authority :
|-Subject : O=Nessus Users United/OU=Nessus
Certification Authority/L=New
York/C=US/ST=NY/CN=Nessus Certification Authority
|-Issuer : O=Nessus Users United/OU=Nessus
Certification Authority/L=New
York/C=US/ST=NY/CN=Nessus Certification Authority
Plugin ID:
51192
SSL Certificate Information
Synopsis:
This plugin displays the SSL certificate.
Description:
This plugin connects to every SSL-related port and
attempts to extract and dump the X.509 certificate.
Risk factor:
None
Solution:
n/a
Plugin output:
Subject Name: Organization: Nessus Users United
Organization Unit: Nessus Server Locality: New York
Country: US State/Province: NY Common Name:
ELISHA169 Issuer Name: Organization: Nessus Users
United Organization Unit: Nessus Certification
Authority Locality: New York Country: US
State/Province: NY Common Name: Nessus
Certification Authority Serial Number: 00 AA 0B
Version: 3 Signature Algorithm: SHA-1 With RSA
Encryption Not Valid Before: Jan 26 06:01:46 2012
GMT Not Valid After: Jan 25 06:01:46 2016 GMT Public
Key Info: Algorithm: RSA Encryption Public Key: 00 BB
76 77 E9 59 61 01 F3 AD 15 42 8A AA 9A EA 0A 61 6E
1F B2 12 37 F3 3D 8D 87 25 79 1B 34 3A 70 08 10 5E
05 B4 31 9F 06 74 3F 89 ED 21 C7 A5 D0 F7 09 09 16
92 C8 8F 0A D8 7D 3D B6 29 8C 35 36 88 D4 4E FE 2F
5B 11 EB 5B A0 45 BD 9B C6 8C 36 2A 2C 9F 19 47 26
90 85 3E 21 92 CF D1 F5 BE 62 96 75 FF C6 B1 81 36
9C 14 B5 E9 35 89 ED 94 1F 6C CF C2 E1 5A 20 4F C1
EE 5A E7 07 48 07 15 73 Exponent: 01 00 01
Signature: 00 A2 A4 0F D2 CF B7 4A 70 1D 50 73 5B
B0 2E 6B E6 14 88 B4 22 49 33 81 B0 56 F3 B4 98 EF
DA 6F 08 56 FC 59 2B 96 E0 34 DF 14 47 F7 F0 C7 EB
2F E6 16 C0 D4 50 95 9C 70 00 26 CF 53 D1 EC 51 B4
35 C1 D8 5B EB 37 BE E8 81 F1 8B CB 4F 1B B8 E1 2E
3C FF E3 F7 AA 63 91 B7 16 66 8E 14 17 31 6E D8 13
B9 97 07 74 E8 D5 9B 1C 37 66 1E 33 20 66 7C 7E FB
E1 5B FC 8C 4B C5 A3 5A 52 90 BD 83 38 7B
Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03
02 06 40 Extension: Key Usage (2.5.29.15) Critical: 1
Key Usage: Digital Signature, Non Repudiation, Key
Encipherment
Plugin ID:
10863
SSL / TLS Versions Supported
Synopsis:
The remote service encrypts communications.
Description:
This script detects which SSL and TLS versions are
supported by the remote service for encrypting
communications.
Risk factor:
None
Solution:
n/a
Plugin output:
This port supports TLSv1.0.
Plugin ID:
56984
Nessus Server Detection
Synopsis:
A Nessus daemon is listening on the remote port.
Description:
A Nessus daemon is listening on the remote port. It is
not recommended to let anyone connect to this port.
Also, make sure that the remote Nessus installation
has been authorized.
Risk factor:
None
Solution:
Filter incoming traffic to this port.
Plugin ID:
10147
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A TLSv1 server answered on this port.
Plugin ID:
22964
Port www (12882/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : (Not implemented) Headers :
Connection: close Content-Type: image/gif
Content-Length: 28 Cache-control: no-cache Pragma:
no-cache
Plugin ID:
24260
Web Site Cross-Domain Policy File Detection
Synopsis:
The remote web server contains a 'crossdomain.xml' file.
Description:
The remote web server contains a cross-domain policy file. This is a simple
XML file used by Adobe's Flash Player to allow access to data that resides
outside the exact web domain from which a Flash movie file originated.
Risk factor:
None
See also:
http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html
See also:
http://www.adobe.com/go/tn_14213
See also:
http://www.nessus.org/u?74a6a9a5
See also:
http://www.nessus.org/u?50ee6db2
Solution:
Review the contents of the policy file carefully. Improper policies, especially
an unrestricted one with just '*', could allow for cross- site request forgery and
cross-site scripting attacks against the web server.
Plugin output:
Nessus was able to obtain a cross-domain policy file from the remote host
using the following URL : http://ELISHA169:12882/crossdomain.xml
Plugin ID:
32318
Web Server No 404 Error Code Check
Synopsis:
The remote web server does not return 404 error
codes.
Description:
The remote web server is configured such that it does
not return '404 Not Found' error codes when a
nonexistent file is requested, perhaps returning
instead a site map, search page or authentication
page. Nessus has enabled some counter measures for
this. However, they might be insufficient. If a great
number of security holes are produced for this port,
they might not all be accurate.
Risk factor:
None
Solution:
n/a
Plugin output:
Unfortunately, Nessus has been unable to find a way
to recognize this page so some CGI-related checks
have been disabled.
Plugin ID:
10386
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
Port epmap (135/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available locally :
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Local RPC service Named pipe : samss
lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Local RPC service Named pipe :
protected_storage Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Local RPC service Named pipe :
securityevent Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Local RPC service Named pipe : audit
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Local RPC service Named pipe :
LRPC-32e26f163fce83233a Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : DNSResolver Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : keysvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : keysvc2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : OLE770126BF46EB49BDBA92273FC3D0
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : nlaplg Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : nlaapi Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : tapsrvlpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : unimdmsvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Local RPC service Named pipe :
LRPC-8226a95a7d93a37552 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
dd490425-5325-4565-b774-7e27d6c09c24, version
1.0 Description : Unknown RPC service Annotation :
Base Firewall Engine API Type : Local RPC service
Named pipe : LRPC-e384ddd06c2d67143d Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03,
version 1.0 Description : Unknown RPC service
Annotation : Fw APIs Type : Local RPC service Named
pipe : LRPC-e384ddd06c2d67143d Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service Annotation : Fw
APIs Type : Local RPC service Named pipe :
LRPC-e384ddd06c2d67143d Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service Annotation :
Spooler function endpoint Type : Local RPC service
Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
ae33069b-a2a8-46ee-a235-ddfd339be281, version
1.0 Description : Unknown RPC service Annotation :
Spooler base remote object endpoint Type : Local RPC
service Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service Annotation :
Spooler function endpoint Type : Local RPC service
Named pipe : spoolss Object UUID :
e6a48980-943e-403f-8f76-fc9d58ba5294 UUID :
98e96949-bc59-47f1-92d1-8c25b46f85c7, version 1.0
Description : Unknown RPC service Annotation :
IhvExtRpcServer Type : Local RPC service Named
pipe : LRPC-700a5ed01539beb74e Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
25952c5d-7976-4aa1-a3cb-c35f7ae79d1b, version 1.0
Description : Unknown RPC service Annotation :
Wireless Diagnostics Type : Local RPC service Named
pipe : OLE48E14A6342BA4B3F8FD41CAA56E3 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 25952c5d-7976-4aa1-a3cb-c35f7ae79d1b,
version 1.0 Description : Unknown RPC service
Annotation : Wireless Diagnostics Type : Local RPC
service Named pipe : LRPC-43487dc9c77b5d4c5a
Object UUID :
6e616c77-7673-0063-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : OLE48E14A6342BA4B3F8FD41CAA56E3 Object
UUID : 6e616c77-7673-0063-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : LRPC-43487dc9c77b5d4c5a
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9, version 1.0
Description : Unknown RPC service Annotation : Wlan
Service Type : Local RPC service Named pipe :
OLE48E14A6342BA4B3F8FD41CAA56E3 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9, version 1.0
Description : Unknown RPC service Annotation : Wlan
Service Type : Local RPC service Named pipe :
LRPC-43487dc9c77b5d4c5a Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
c3f42c6e-d4cc-4e5a-938b-9c5e8a5d8c2e, version 1.0
Description : Unknown RPC service Annotation :
IhvExtRpcServer Type : Local RPC service Named
pipe : OLE48E14A6342BA4B3F8FD41CAA56E3 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : c3f42c6e-d4cc-4e5a-938b-9c5e8a5d8c2e,
version 1.0 Description : Unknown RPC service
Annotation : IhvExtRpcServer Type : Local RPC service
Named pipe : LRPC-43487dc9c77b5d4c5a Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 654976df-1498-4056-a15e-cb4e87584bd8,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe :
OLE48E14A6342BA4B3F8FD41CAA56E3 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
654976df-1498-4056-a15e-cb4e87584bd8, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : LRPC-43487dc9c77b5d4c5a
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0767a036-0d22-48aa-ba69-b619480f38cb, version
1.0 Description : Unknown RPC service Annotation :
PcaSvc Type : Local RPC service Named pipe :
OLE48E14A6342BA4B3F8FD41CAA56E3 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0767a036-0d22-48aa-ba69-b619480f38cb, version
1.0 Description : Unknown RPC service Annotation :
PcaSvc Type : Local RPC service Named pipe :
LRPC-43487dc9c77b5d4c5a Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b58aa02e-2884-4e97-8176-4ee06d794184, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe :
OLE48E14A6342BA4B3F8FD41CAA56E3 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b58aa02e-2884-4e97-8176-4ee06d794184, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : LRPC-43487dc9c77b5d4c5a
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b58aa02e-2884-4e97-8176-4ee06d794184, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : trkwks Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service Annotation : NSI
server endpoint Type : Local RPC service Named pipe :
OLED12D1E1581AE46FBAD830E879E76 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa,
version 1.0 Description : Unknown RPC service
Annotation : NSI server endpoint Type : Local RPC
service Named pipe : LRPC-45cd871bca7d6ca2c5
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service Windows process : unknow
Type : Local RPC service Named pipe :
OLED12D1E1581AE46FBAD830E879E76 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f,
version 1.0 Description : SSDP service Windows
process : unknow Type : Local RPC service Named
pipe : LRPC-45cd871bca7d6ca2c5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service Windows process : unknow
Type : Local RPC service Named pipe : W32TIME_ALT
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : OLED12D1E1581AE46FBAD830E879E76
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : LRPC-45cd871bca7d6ca2c5 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10,
version 5.0 Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service Type : Local
RPC service Named pipe : W32TIME_ALT Object
UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b,
version 1.0 Description : Scheduler Service Windows
process : svchost.exe Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f,
version 1.0 Description : Scheduler Service Windows
process : svchost.exe Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : IUserProfile2 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511,
version 1.0 Description : Unknown RPC service
Annotation : IKE/Authip API Type : Local RPC service
Named pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Local RPC service Named
pipe : SECLOGON Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Local RPC service Named
pipe : SECLOGON Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLE9DA3C386242C481CBF789DF65C63 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Local RPC service Named
pipe : SECLOGON Object UUID :
6c637067-6569-746e-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-5761a2ac26bed76106 Object UUID :
24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID :
2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : LRPC-5761a2ac26bed76106
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Local RPC service Named pipe :
eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : AudioClientRpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : Audiosrv Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe :
OLEAA8A3DBA76A04330BEE0D97AAD85 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6,
version 1.0 Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint Type :
Local RPC service Named pipe : dhcpcsvc6 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Local RPC service Named pipe :
eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : AudioClientRpc
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : Audiosrv Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Local RPC service Named pipe :
OLEAA8A3DBA76A04330BEE0D97AAD85 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Local RPC service Named pipe :
dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : dhcpcsvc
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service Annotation :
Security Center Type : Local RPC service Named pipe :
eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service Annotation :
Security Center Type : Local RPC service Named pipe :
AudioClientRpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service Annotation :
Security Center Type : Local RPC service Named pipe :
Audiosrv Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service Annotation :
Security Center Type : Local RPC service Named pipe :
OLEAA8A3DBA76A04330BEE0D97AAD85 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023,
version 1.0 Description : Unknown RPC service
Annotation : Security Center Type : Local RPC service
Named pipe : dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service Annotation :
Security Center Type : Local RPC service Named pipe :
dhcpcsvc Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000001 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WMsgKRpc0FF9F1 Object UUID :
52ef130c-08fd-4388-86b3-6edf00000001 UUID :
12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service Annotation :
Secure Desktop LRPC interface Type : Local RPC
service Named pipe : WMsgKRpc0FF9F1 Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000000 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WMsgKRpc0FCEC0 Object
UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WindowsShutdown
Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : WMsgKRpc0FCEC0 Object
UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WindowsShutdown
Object UUID :
6d726574-7273-0076-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-8b556f6392d2bcc250 Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-32e26f163fce83233a Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : audit Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : securityevent Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : protected_storage Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : LRPC-32e26f163fce83233a Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : audit Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : securityevent Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : protected_storage
Plugin ID:
10736
Port netbios-ns (137/udp)
[-/+]
Windows NetBIOS / SMB Remote Host
Information Disclosure
Synopsis:
It is possible to obtain the network name of the
remote host.
Description:
The remote host listens on UDP port 137 or TCP port
445 and replies to NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in
other plugins but does not itself generate a report.
Risk factor:
None
Solution:
n/a
Plugin output:
The following 4 NetBIOS names have been gathered :
ELISHA169 = Computer name WORKGROUP =
Workgroup / Domain name ELISHA169 = File Server
Service WORKGROUP = Browser Service Elections The
remote host has the following MAC address on its
adapter : 00:26:22:1d:38:b2
Plugin ID:
10150
Port smb (139/tcp)
Microsoft Windows SMB Service Detection
[-/+]
Synopsis:
A file / print sharing service is listening on the remote
host.
Description:
The remote service understands the CIFS (Common
Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files,
printers, etc between nodes on a network.
Risk factor:
None
Solution:
n/a
Plugin output:
An SMB server is running on this port.
Plugin ID:
11011
Port dce-rpc (1688/tcp)
[-/+]
MSRPC Service Detection
Synopsis:
A DCE/RPC server is listening on the remote host.
Description:
The remote host is running a Windows RPC service.
This service replies to the RPC Bind Request with a
Bind Ack response. However it is not possible to
determine the uuid of this service.
Risk factor:
None
Solution:
n/a
Plugin ID:
22319
Port rtmp (1935/tcp)
[-/+]
RTMP Server Detection
Synopsis:
A Flash media server is listening on the remote host.
Description:
The remote service supports Real Time Messaging Protocol
(RTMP), a proprietary protocol used by Flash Player for
streaming real-time audio, video, and objects using a binary
connection.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Real_Time_Messaging_Protocol
Solution:
Limit incoming traffic to this port if desired.
Plugin ID:
31097
Port cifs (445/tcp)
SMB Signing Disabled
Synopsis:
Signing is disabled on the remote SMB server.
[-/+]
Description:
Signing is disabled on the remote SMB server. This can allow
man-in-the-middle attacks against the SMB server.
Risk factor:
Medium
CVSS Base Score:5.0
CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
See also:
http://support.microsoft.com/kb/887429
See also:
http://www.nessus.org/u?74b80723
See also:
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
Solution:
Enforce message signing in the host's configuration. On Windows, this
is found in the Local Security Policy. On Samba, the setting is called
'server signing'. See the 'see also' links for further details.
Plugin ID:
57608
Microsoft Windows SMB Registry : Nessus
Cannot Access the Windows Registry
Synopsis:
Nessus is not able to access the remote Windows
Registry.
Description:
It was not possible to connect to PIPE\winreg on the
remote host. If you intend to use Nessus to perform
registry-based checks, the registry checks will not
work because the 'Remote Registry Access' service
(winreg) has been disabled on the remote host or can
not be connected to with the supplied credentials.
Risk factor:
None
Solution:
n/a
Plugin output:
Could not connect to the registry because: Could not
connect to \winreg
Plugin ID:
26917
Microsoft Windows SMB Log In Possible
Synopsis:
It is possible to log into the remote host.
Description:
The remote host is running Microsoft Windows operating system
or Samba, a CIFS/SMB server for Unix. It was possible to log into
it using one of the following accounts : - NULL session - Guest
account - Given Credentials
Risk factor:
None
See also:
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
See also:
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Solution:
n/a
Plugin output:
- NULL sessions are enabled on the remote host
Plugin ID:
10394
Microsoft Windows SMB NativeLanManager
Remote System Information Disclosure
Synopsis:
It is possible to obtain information about the remote
operating system.
Description:
It is possible to get the remote operating system name
and version (Windows and/or Samba) by sending an
authentication request to port 139 or 445.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote Operating System is : Windows Vista (TM)
Business 6001 Service Pack 1 The remote native lan
manager is : Windows Vista (TM) Business 6.0 The
remote SMB Domain Name is : ELISHA169
Plugin ID:
10785
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available
remotely : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Remote RPC service Named pipe :
\PIPE\protected_storage Netbios name : \\ELISHA169
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Remote RPC service Named pipe :
\pipe\lsass Netbios name : \\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Remote RPC service
Named pipe : \pipe\keysvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Remote RPC service
Named pipe : \pipe\tapsrv Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b58aa02e-2884-4e97-8176-4ee06d794184, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \pipe\trkwks Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service Windows process : unknow
Type : Remote RPC service Named pipe :
\PIPE\wkssvc Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f,
version 1.0 Description : SSDP service Windows
process : unknow Type : Remote RPC service Named
pipe : \PIPE\DAV RPC SERVICE Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service Windows process : unknow
Type : Remote RPC service Named pipe :
\PIPE\W32TIME_ALT Netbios name : \\ELISHA169
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\wkssvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\DAV RPC SERVICE Netbios
name : \\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\W32TIME_ALT Netbios
name : \\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f,
version 1.0 Description : Scheduler Service Windows
process : svchost.exe Type : Remote RPC service
Named pipe : \PIPE\atsvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\atsvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Remote RPC service Named
pipe : \PIPE\atsvc Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511,
version 1.0 Description : Unknown RPC service
Annotation : IKE/Authip API Type : Remote RPC
service Named pipe : \PIPE\srvsvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service
Named pipe : \PIPE\srvsvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\browser Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service
Named pipe : \PIPE\atsvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\srvsvc Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service
Named pipe : \PIPE\browser Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service
Named pipe : \PIPE\srvsvc Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\browser Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c,
version 1.0 Description : Unknown RPC service
Annotation : Event log TCPIP Type : Remote RPC
service Named pipe : \pipe\eventlog Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Remote RPC
service Named pipe : \pipe\eventlog Netbios name :
\\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service Named pipe :
\pipe\eventlog Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023,
version 1.0 Description : Unknown RPC service
Annotation : Security Center Type : Remote RPC
service Named pipe : \pipe\eventlog Netbios name :
\\ELISHA169 Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000000 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\InitShutdown Netbios
name : \\ELISHA169 Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\InitShutdown Netbios
name : \\ELISHA169 Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name : \\ELISHA169 Object
UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Remote RPC
service Named pipe : \PIPE\protected_storage Netbios
name : \\ELISHA169 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name : \\ELISHA169 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac,
version 1.0 Description : Security Account Manager
Windows process : lsass.exe Type : Remote RPC
service Named pipe : \PIPE\protected_storage Netbios
name : \\ELISHA169
Plugin ID:
10736
Microsoft Windows SMB Service Detection
Synopsis:
A file / print sharing service is listening on the remote
host.
Description:
The remote service understands the CIFS (Common
Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files,
printers, etc between nodes on a network.
Risk factor:
None
Solution:
n/a
Plugin output:
A CIFS server is running on this port.
Plugin ID:
11011
Port dce-rpc (49152/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49152 : Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49152 IP : 163.26.60.115
Plugin ID:
10736
Port dce-rpc (49153/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49153 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.115 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Remote RPC
service TCP Port : 49153 IP : 163.26.60.115 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.115 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service Annotation :
Security Center Type : Remote RPC service TCP Port :
49153 IP : 163.26.60.115
Plugin ID:
10736
Port dce-rpc (49154/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49154 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service Annotation :
KeyIso Type : Remote RPC service TCP Port : 49154
IP : 163.26.60.115 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service TCP
Port : 49154 IP : 163.26.60.115
Plugin ID:
10736
Port dce-rpc (49155/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49155 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49155 IP : 163.26.60.115
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Remote RPC service TCP Port :
49155 IP : 163.26.60.115 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.115 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.115 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.115
Plugin ID:
10736
Port dce-rpc (49156/tcp)
DCE Services Enumeration
[-/+]
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49156 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service Annotation :
Remote Fw APIs Type : Remote RPC service TCP Port :
49156 IP : 163.26.60.115 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Remote RPC service TCP Port :
49156 IP : 163.26.60.115
Plugin ID:
10736
Port www (49157/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : (Not implemented) Headers :
SERVER: 6.0.6001 2/Service Pack 1, UPnP/1.0,
Portable SDK for UPnP devices/1.4.7 CONNECTION:
close CONTENT-LENGTH: 60 CONTENT-TYPE:
text/html
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : 6.0.6001 2/Service
Pack 1, UPnP/1.0, Portable SDK for UPnP
devices/1.4.7
Plugin ID:
10107
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
Port dce-rpc (49166/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49166 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49166 IP : 163.26.60.115
Plugin ID:
10736
Port www (7955/tcp)
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
[-/+]
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : (Not implemented) Headers : Date:
2012/10/12 W 07:22:02 Server: Pandora TV Media
Server
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : Pandora TV Media
Server
Plugin ID:
10107
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
Port www (8834/tcp)
[-/+]
SSL Self-Signed Certificate
Synopsis:
The SSL certificate chain for this service ends in an
unrecognized self-signed certificate.
Description:
The X.509 certificate chain for this service is not
signed by a recognized certificate authority. If the
remote host is a public host in production, this nullifies
the use of SSL as anyone could establish a man in the
middle attack against the remote host. Note that this
plugin does not check for certificate chains that end in
a certificate that is not self-signed, but is signed by an
unrecognized certificate authority.
Risk factor:
Medium
CVSS Base Score:6.4
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Solution:
Purchase or generate a proper certificate for this
service.
Plugin output:
The following certificate was found at the top of the
certificate chain sent by the remote host, but is
self-signed and was not found in the list of known
certificate authorities : |-Subject : O=Nessus Users
United/OU=Nessus Certification Authority/L=New
York/C=US/ST=NY/CN=Nessus Certification Authority
Plugin ID:
57582
SSL / TLS Renegotiation DoS
Synopsis:
The remote service allows repeated renegotiation of TLS / SSL
connections.
Description:
The remote service encrypts traffic using TLS / SSL and permits
clients to renegotiate connections. The computational
requirements for renegotiating a connection are asymmetrical
between the client and the server, with the server performing
several times more work. Since the remote host does not appear
to limit the number of renegotiations for a single TLS / SSL
connection, this permits a client to open several simultaneous
connections and repeatedly renegotiate them, possibly leading to
a denial of service condition.
Risk factor:
Medium
CVSS Base Score:4.3
CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
See also:
http://orchilles.com/2011/03/ssl-renegotiation-dos.html
See also:
http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
Solution:
Contact the vendor for specific patch information.
Plugin output:
The remote host is vulnerable to renegotiation DoS over TLSv1 /
SSLv3.
Plugin ID:
53491
CVE:
CVE-2011-1473
BID:
48626
Other references:
OSVDB:73894
SSL Certificate Cannot Be Trusted
Synopsis:
The SSL certificate for this service cannot be trusted.
Description:
The server's X.509 certificate does not have a
signature from a known public certificate authority.
This situation can occur in three different ways, each
of which results in a break in the chain below which
certificates cannot be trusted. First, the top of the
certificate chain sent by the server might not be
descended from a known public certificate authority.
This can occur either when the top of the chain is an
unrecognized, self-signed certificate, or when
intermediate certificates are missing that would
connect the top of the certificate chain to a known
public certificate authority. Second, the certificate
chain may contain a certificate that is not valid at the
time of the scan. This can occur either when the scan
occurs before one of the certificate's 'notBefore' dates,
or after one of the certificate's 'notAfter' dates. Third,
the certificate chain may contain a signature that
either didn't match the certificate's information, or was
not possible to verify. Bad signatures can be fixed by
getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be
verified are the result of the certificate's issuer using a
signing algorithm that Nessus either does not support
or does not recognize. If the remote host is a public
host in production, any break in the chain nullifies the
use of SSL as anyone could establish a man in the
middle attack against the remote host.
Risk factor:
Medium
CVSS Base Score:6.4
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Solution:
Purchase or generate a proper certificate for this
service.
Plugin output:
The following certificates were at the top of the
certificate chain sent by the remote host, but are
signed by an unknown certificate authority :
|-Subject : O=Nessus Users United/OU=Nessus
Certification Authority/L=New
York/C=US/ST=NY/CN=Nessus Certification Authority
|-Issuer : O=Nessus Users United/OU=Nessus
Certification Authority/L=New
York/C=US/ST=NY/CN=Nessus Certification Authority
Plugin ID:
51192
SSL Certificate Information
Synopsis:
This plugin displays the SSL certificate.
Description:
This plugin connects to every SSL-related port and
attempts to extract and dump the X.509 certificate.
Risk factor:
None
Solution:
n/a
Plugin output:
Subject Name: Organization: Nessus Users United
Organization Unit: Nessus Server Locality: New York
Country: US State/Province: NY Common Name:
ELISHA169 Issuer Name: Organization: Nessus Users
United Organization Unit: Nessus Certification
Authority Locality: New York Country: US
State/Province: NY Common Name: Nessus
Certification Authority Serial Number: 00 AA 0B
Version: 3 Signature Algorithm: SHA-1 With RSA
Encryption Not Valid Before: Jan 26 06:01:46 2012
GMT Not Valid After: Jan 25 06:01:46 2016 GMT Public
Key Info: Algorithm: RSA Encryption Public Key: 00 BB
76 77 E9 59 61 01 F3 AD 15 42 8A AA 9A EA 0A 61 6E
1F B2 12 37 F3 3D 8D 87 25 79 1B 34 3A 70 08 10 5E
05 B4 31 9F 06 74 3F 89 ED 21 C7 A5 D0 F7 09 09 16
92 C8 8F 0A D8 7D 3D B6 29 8C 35 36 88 D4 4E FE 2F
5B 11 EB 5B A0 45 BD 9B C6 8C 36 2A 2C 9F 19 47 26
90 85 3E 21 92 CF D1 F5 BE 62 96 75 FF C6 B1 81 36
9C 14 B5 E9 35 89 ED 94 1F 6C CF C2 E1 5A 20 4F C1
EE 5A E7 07 48 07 15 73 Exponent: 01 00 01
Signature: 00 A2 A4 0F D2 CF B7 4A 70 1D 50 73 5B
B0 2E 6B E6 14 88 B4 22 49 33 81 B0 56 F3 B4 98 EF
DA 6F 08 56 FC 59 2B 96 E0 34 DF 14 47 F7 F0 C7 EB
2F E6 16 C0 D4 50 95 9C 70 00 26 CF 53 D1 EC 51 B4
35 C1 D8 5B EB 37 BE E8 81 F1 8B CB 4F 1B B8 E1 2E
3C FF E3 F7 AA 63 91 B7 16 66 8E 14 17 31 6E D8 13
B9 97 07 74 E8 D5 9B 1C 37 66 1E 33 20 66 7C 7E FB
E1 5B FC 8C 4B C5 A3 5A 52 90 BD 83 38 7B
Extension: 2.16.840.1.113730.1.1 Critical: 0 Data: 03
02 06 40 Extension: Key Usage (2.5.29.15) Critical: 1
Key Usage: Digital Signature, Non Repudiation, Key
Encipherment
Plugin ID:
10863
Web Server / Application favicon.ico Vendor
Fingerprinting
Synopsis:
The remote web server contains a graphic image that
is prone to information disclosure.
Description:
The 'favicon.ico' file found on the remote web server
belongs to a popular web server. This may be used to
fingerprint the web server.
Risk factor:
None
Solution:
Remove the 'favicon.ico' file or create a custom one for
your site.
Plugin output:
The MD5 fingerprint for 'favicon.ico' suggests the web
server is Nessus 4.x Web Client.
Plugin ID:
20108
Other references:
OSVDB:39272
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : yes Keep-Alive : no
Options allowed : (Not implemented) Headers : Date:
Thu, 11 Oct 2012 23:22:02 GMT Server: NessusWWW
Connection: close Expires: Thu, 11 Oct 2012 23:22:02
GMT Content-Length: 6525 Content-Type: text/html
X-Frame-Options: DENY Cache-Control: Expires: 0
Pragma :
Plugin ID:
24260
SSL / TLS Versions Supported
Synopsis:
The remote service encrypts communications.
Description:
This script detects which SSL and TLS versions are
supported by the remote service for encrypting
communications.
Risk factor:
None
Solution:
n/a
Plugin output:
This port supports SSLv3/TLSv1.0.
Plugin ID:
56984
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : NessusWWW
Plugin ID:
10107
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port through TLSv1.
Plugin ID:
22964
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A TLSv1 server answered on this port.
Plugin ID:
22964
[^] Back to 163.26.60.115
[^] Back
163.26.60.122
Scan Time
Start
time :
Fri Oct 1 07:21:27
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
6
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.122
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.122 : 163.26.60.115
163.26.60.122
Plugin ID:
10287
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
[-/+]
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
10582 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port https? (443/tcp)
[-/+]
Port sip? (5060/tcp)
[-/+]
Session Initiation Protocol Detection
Synopsis:
The remote system is a SIP signaling device.
Description:
The remote system is running software that speaks the Session Initiation
Protocol. SIP is a messaging protocol to initiate communication sessions
between systems. It is a protocol used mostly in IP Telephony networks /
systems to setup, control, and teardown sessions between two or more
systems.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution:
If possible, filter incoming connections to the port so that it is used by trusted
sources only.
Plugin output:
The remote service was identified as : DPH-150SE 01.02 It supports the
following options :
ACK,BYE,CANCEL,INVITE,NOTIFY,REFER,DO,UPDATE,OPTIONS,SUBSCRIBE,I
NFO
Plugin ID:
21642
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
Service Detection
Synopsis:
[-/+]
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.122
[^] Back
163.26.60.124
Scan Time
Start
time :
Fri Oct 1 07:21:32
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
5
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.124
Port general (0/udp)
[-/+]
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.124 : 163.26.60.115
163.26.60.124
Plugin ID:
10287
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
10593 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port https? (443/tcp)
[-/+]
Port sip? (5060/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
[-/+]
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.124
[^] Back
163.26.60.2
Scan Time
Start
time :
Fri Oct 1 07:13:15
2013
End time :
Fri Oct 1 07:16:39
2013
Number of vulnerabilities
Open ports :
10
High :
0
Medium :
3
Low :
35
Remote host information
Operating
System :
Microsoft
Windows Server
2008
NetBIOS
name :
DNS name :
ABRAHAM7
[^] Back to 163.26.60.2
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.2 : 163.26.60.115
163.26.60.2
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
[-/+]
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
204 sec
Plugin ID:
19506
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:microsoft:windows_server_2008
Following application CPE matched on the remote
system : cpe:/a:microsoft:iis:7.0 -> Microsoft Internet
Information Services (IIS) 7.0
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 75
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Microsoft Windows Server
2008 Confidence Level : 75 Method : HTTP The remote
host is running Microsoft Windows Server 2008
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
e0:cb:4e:7f:d7:63 : ASUSTek COMPUTER INC.
Plugin ID:
35716
Host Fully Qualified Domain Name (FQDN)
Resolution
Synopsis:
It was possible to resolve the name of the remote
host.
Description:
Nessus was able to resolve the FQDN of the remote
host.
Risk factor:
None
Solution:
n/a
Plugin output:
163.26.60.2 resolves as ABRAHAM7.
Plugin ID:
12053
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The ICMP timestamps seem to be in little endian
format (not in network format) The difference
between the local and remote clocks is -374 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port daytime (13/tcp)
[-/+]
Daytime Service Detection
Synopsis:
A daytime service is running on the remote host.
Description:
The remote host is running a 'daytime' service. This service is designed to give
the local time of the day of this host to whoever connects to this port. The date
format issued by this service may sometimes help an attacker to guess the
operating system type of this host, or to set up timed authentication attacks
against the remote host. In addition, if the daytime service is running on a UDP
port, an attacker may link it to the echo port of a third-party host using
spoofing, thus creating a possible denial of service condition between this host
and the third party.
Risk factor:
None
Solution:
- On Unix systems, comment out the 'daytime' line in /etc/inetd.conf and
restart the inetd process. - On Windows systems, set the following registry
keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpDa
ytime
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpDa
ytime Next, launch cmd.exe and type : net stop simptcp net start simptcp This
will restart the service.
Plugin ID:
10052
Daytime Service Detection
Synopsis:
A daytime service is running on the remote host.
Description:
The remote host is running a 'daytime' service. This service is designed to give
the local time of the day of this host to whoever connects to this port. The date
format issued by this service may sometimes help an attacker to guess the
operating system type of this host, or to set up timed authentication attacks
against the remote host. In addition, if the daytime service is running on a UDP
port, an attacker may link it to the echo port of a third-party host using
spoofing, thus creating a possible denial of service condition between this host
and the third party.
Risk factor:
None
Solution:
- On Unix systems, comment out the 'daytime' line in /etc/inetd.conf and
restart the inetd process. - On Windows systems, set the following registry
keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpDa
ytime
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpDa
ytime Next, launch cmd.exe and type : net stop simptcp net start simptcp This
will restart the service.
Plugin ID:
10052
Service Detection (GET request)
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A DAYTIME server is running on this port
Plugin ID:
17975
Port epmap (135/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available locally :
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : dsrole Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : protected_storage Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : securityevent Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : audit Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : LRPC-741d9e24c8f0f176ce Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : samss lpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : tapsrvlpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : unimdmsvc Object UUID :
09924ef7-288d-4f95-958d-378bd55e855e UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-3af348828c45d29dae Object
UUID : ea282ca6-9079-47c2-902f-9df1ec3ce5c7
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type : Local
RPC service Named pipe : LRPC-3af348828c45d29dae
Object UUID :
9e85bcd2-25db-4a1b-bec8-31853d1419c3 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-3af348828c45d29dae Object
UUID : b85e5f5d-ae59-4846-b399-c53324f86942
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type : Local
RPC service Named pipe : LRPC-3af348828c45d29dae
Object UUID :
8eb4a442-6f37-400d-b19c-224a210ca7af UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : OLE4280EA2DE3E440F89B9B7E0219AE
Object UUID :
8eb4a442-6f37-400d-b19c-224a210ca7af UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC-9af2396a1c24acd681 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab,
version 1.0 Description : IPsec Services (Windows XP
& 2003) Windows process : lsass.exe Annotation :
IPSec Policy agent endpoint Type : Local RPC service
Named pipe : LRPC-7dcd427efd95b720e6 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1,
version 1.0 Description : Unknown RPC service
Annotation : Spooler function endpoint Type : Local
RPC service Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
ae33069b-a2a8-46ee-a235-ddfd339be281, version
1.0 Description : Unknown RPC service Annotation :
Spooler base remote object endpoint Type : Local RPC
service Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service Annotation :
Spooler function endpoint Type : Local RPC service
Named pipe : spoolss Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
dd490425-5325-4565-b774-7e27d6c09c24, version
1.0 Description : Unknown RPC service Annotation :
Base Firewall Engine API Type : Local RPC service
Named pipe : LRPC-236b52b92cca55e32b Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03,
version 1.0 Description : Unknown RPC service
Annotation : Fw APIs Type : Local RPC service Named
pipe : LRPC-236b52b92cca55e32b Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service Annotation : Fw
APIs Type : Local RPC service Named pipe :
LRPC-236b52b92cca55e32b Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service Annotation : NSI
server endpoint Type : Local RPC service Named pipe :
OLE9EAEE9F3E2AC44F9B087A4B02BB5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service Annotation : NSI
server endpoint Type : Local RPC service Named pipe :
LRPC-a32ffa01b0f60568ff Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : OLE9EAEE9F3E2AC44F9B087A4B02BB5
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : LRPC-a32ffa01b0f60568ff Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : W32TIME_ALT Object UUID :
3bdb59a0-d736-4d44-9074-c1ee00000001 UUID :
24019106-a203-4642-b88d-82dae9158929, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : LRPC-7ec5c64e1ef349cd97
Object UUID :
666f7270-6c69-7365-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
736e6573-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Local RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
SECLOGON Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
SECLOGON Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Local RPC service Named pipe :
SECLOGON Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : IUserProfile2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : senssvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe :
OLE65651F6309864B069411B2F5AF8D Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : SECLOGON Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : IUserProfile2 Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : senssvc Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : OLE65651F6309864B069411B2F5AF8D Object
UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : SECLOGON Object UUID :
6c637067-6569-746e-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-77f5054acfdca9e033 Object UUID :
24d1f7c7-76af-4f28-9ccd-7f6cb6468601 UUID :
2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : LRPC-77f5054acfdca9e033
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Local RPC service Named pipe :
eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : eventlog Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Local RPC service
Named pipe : dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : eventlog Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Local RPC service Named pipe :
dhcpcsvc6 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : dhcpcsvc
Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000001 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WMsgKRpc0140D81 Object
UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WMsgKRpc0CBB60
Object UUID :
b08669ee-8cb5-43a5-a017-84fe00000000 UUID :
76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service Type : Local RPC
service Named pipe : WindowsShutdown Object
UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d,
version 1.0 Description : Unknown RPC service Type :
Local RPC service Named pipe : WMsgKRpc0CBB60
Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Local
RPC service Named pipe : WindowsShutdown Object
UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Local RPC
service Named pipe : LRPC-e53f453fa9cfc11157
Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : LRPC-741d9e24c8f0f176ce Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : audit Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : securityevent Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : protected_storage Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Local RPC service Named
pipe : dsrole
Plugin ID:
10736
Port nsjtp-data? (1688/tcp)
[-/+]
Port qotd (17/tcp)
[-/+]
Quote of the Day (QOTD) Service Detection
Synopsis:
The quote service (qotd) is running on this host.
Description:
A server listens for TCP connections on TCP port 17. Once a connection is
established a short message is sent out the connection (and any data received
is thrown away). The service closes the connection after sending the quote.
Another quote of the day service is defined as a datagram based application on
UDP. A server listens for UDP datagrams on UDP port 17. When a datagram is
received, an answering datagram is sent containing a quote (the data in the
received datagram is ignored). An easy attack is 'pingpong' which IP spoofs a
packet between two machines running qotd. This will cause them to spew
characters at each other, slowing the machines down and saturating the
network.
Risk factor:
None
Solution:
- Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf and
restart the inetd process - Under Windows systems, set the following registry
keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQo
td
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQ
otd Then launch cmd.exe and type : net stop simptcp net start simptcp To
restart the service.
Plugin ID:
10198
CVE:
CVE-1999-0103
Other references:
OSVDB:150
Quote of the Day (QOTD) Service Detection
Synopsis:
The quote service (qotd) is running on this host.
Description:
A server listens for TCP connections on TCP port 17. Once a connection is
established a short message is sent out the connection (and any data received
is thrown away). The service closes the connection after sending the quote.
Another quote of the day service is defined as a datagram based application on
UDP. A server listens for UDP datagrams on UDP port 17. When a datagram is
received, an answering datagram is sent containing a quote (the data in the
received datagram is ignored). An easy attack is 'pingpong' which IP spoofs a
packet between two machines running qotd. This will cause them to spew
characters at each other, slowing the machines down and saturating the
network.
Risk factor:
None
Solution:
- Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf and
restart the inetd process - Under Windows systems, set the following registry
keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQo
td
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQ
otd Then launch cmd.exe and type : net stop simptcp net start simptcp To
restart the service.
Plugin ID:
10198
CVE:
CVE-1999-0103
Other references:
OSVDB:150
Service Detection (GET request)
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
qotd seems to be running on this port
Plugin ID:
17975
Port chargen (19/tcp)
Service Detection
Synopsis:
The remote service could be identified.
[-/+]
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A chargen server is running on this port.
Plugin ID:
22964
Port msrdp (3389/tcp)
[-/+]
Terminal Services Doesn't Use Network Level
Authentication (NLA)
Synopsis:
The remote Terminal Services doesn't use Network Level
Authentication.
Description:
The remote Terminal Services is not configured to use
Network Level Authentication (NLA). NLA uses the
Credential Security Support Provider (CredSSP) protocol to
perform strong server authentication either through
TLS/SSL or Kerberos mechanisms, which protect against
man-in-the-middle attacks. In addition to improving
authentication, NLA also helps protect the remote
computer from malicious users and software by
completing user authentication before a full RDP
connection is established.
Risk factor:
Medium
CVSS Base Score:4.3
CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
See also:
http://technet.microsoft.com/en-us/library/cc732713.aspx
See also:
http://www.nessus.org/u?e2628096
Solution:
Enable Network Level Authentication (NLA) on the remote
RDP server. This is generally done on the 'Remote' tab of
the 'System' settings on Windows.
Plugin ID:
58453
Microsoft Windows Remote Desktop Protocol
Server Man-in-the-Middle Weakness
Synopsis:
It may be possible to get access to the remote host.
Description:
The remote version of the Remote Desktop Protocol
Server (Terminal Service) is vulnerable to a
man-in-the-middle (MiTM) attack. The RDP client makes
no effort to validate the identity of the server when setting
up encryption. An attacker with the ability to intercept
traffic from the RDP server can establish encryption with
the client and server without being detected. A MiTM
attack of this nature would allow the attacker to obtain any
sensitive information transmitted, including authentication
credentials. This flaw exists because the RDP server stores
a hardcoded RSA private key in the mstlsapi.dll library. Any
local user with access to this file (on any Windows system)
can retrieve the key and use it for this attack.
Risk factor:
Medium
CVSS Base Score:5.1
CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
See also:
http://www.oxid.it/downloads/rdp-gbu.pdf
See also:
http://www.nessus.org/u?e2628096
See also:
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution:
- Force the use of SSL as a transport layer for this service if
supported, or/and - Select the 'Allow connections only
from computers running Remote Desktop with Network
Level Authentication' setting if it is available.
Plugin ID:
18405
CVE:
CVE-2005-1794
BID:
13818
Other references:
OSVDB:17131
Terminal Services Encryption Level is Medium or
Low
Synopsis:
The remote host is using weak cryptography.
Description:
The remote Terminal Services service is not configured
to use strong cryptography. Using weak cryptography
with this service may allow an attacker to eavesdrop
on the communications more easily and obtain
screenshots and/or keystrokes.
Risk factor:
Medium
CVSS Base Score:4.3
CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Solution:
Change RDP encryption level to one of : 3. High 4.
FIPS Compliant
Plugin output:
The terminal services encryption level is set to : 2.
Medium
Plugin ID:
57690
Terminal Services Encryption Level is not
FIPS-140 Compliant
Synopsis:
The remote host is not FIPS-140 compliant.
Description:
The encryption setting used by the remote Terminal
Services service is not FIPS-140 compliant.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Change RDP encryption level to : 4. FIPS Compliant
Plugin output:
The terminal services encryption level is set to : 2.
Medium (Client Compatible)
Plugin ID:
30218
Windows Terminal Services Enabled
Synopsis:
The remote Windows host has Terminal Services
enabled.
Description:
Terminal Services allows a Windows user to remotely
obtain a graphical login (and therefore act as a local
user on the remote host). If an attacker gains a valid
login and password, he may be able to use this service
to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack
against the remote host to try to log in remotely. Note
that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for
attackers to steal the credentials of legitimate users by
impersonating the Windows server.
Risk factor:
None
Solution:
Disable Terminal Services if you do not use it, and do
not allow this service to run across the Internet.
Plugin ID:
10940
Port microsoft-ds? (445/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available
remotely : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \PIPE\protected_storage Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name : \\ABRAHAM7 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db,
version 1.0 Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint Type : Remote
RPC service Named pipe : \pipe\tapsrv Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\wkssvc Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\W32TIME_ALT Netbios
name : \\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\ABRAHAM7 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f,
version 1.0 Description : Scheduler Service Windows
process : svchost.exe Type : Remote RPC service
Named pipe : \PIPE\atsvc Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\atsvc Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
a398e520-d59a-4bdd-aa7a-3c1e0303a511, version
1.0 Description : Unknown RPC service Annotation :
IKE/Authip API Type : Remote RPC service Named
pipe : \PIPE\atsvc Netbios name : \\ABRAHAM7 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service
Named pipe : \PIPE\atsvc Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\srvsvc Netbios name : \\ABRAHAM7 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service
Named pipe : \PIPE\atsvc Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\srvsvc Netbios name : \\ABRAHAM7 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service
Named pipe : \PIPE\atsvc Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service Named pipe :
\PIPE\srvsvc Netbios name : \\ABRAHAM7 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1,
version 1.0 Description : Unknown RPC service Type :
Remote RPC service Named pipe : \PIPE\atsvc Netbios
name : \\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\srvsvc Netbios name :
\\ABRAHAM7 Object UUID :
73736573-6f69-656e-6e76-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service Named
pipe : \PIPE\atsvc Netbios name : \\ABRAHAM7 Object
UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Remote RPC
service Named pipe : \PIPE\srvsvc Netbios name :
\\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Remote RPC service Named pipe :
\pipe\eventlog Netbios name : \\ABRAHAM7 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6,
version 1.0 Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint Type :
Remote RPC service Named pipe : \pipe\eventlog
Netbios name : \\ABRAHAM7 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service Named pipe :
\pipe\eventlog Netbios name : \\ABRAHAM7 Object
UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af,
version 1.0 Description : Unknown RPC service Type :
Remote RPC service Named pipe : \PIPE\InitShutdown
Netbios name : \\ABRAHAM7 Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service Named pipe : \PIPE\InitShutdown Netbios
name : \\ABRAHAM7 Object UUID :
00736665-0000-0000-0000-000000000000 UUID :
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version
1.0 Description : Unknown RPC service Annotation :
Impl friendly name Type : Remote RPC service Named
pipe : \pipe\lsass Netbios name : \\ABRAHAM7 Object
UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Remote RPC
service Named pipe : \PIPE\protected_storage Netbios
name : \\ABRAHAM7
Plugin ID:
10736
Port dce-rpc (49152/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49152 : Object UUID :
765294ba-60bc-48b8-92e9-89fd77769d91 UUID :
d95afe70-a6d5-4259-822e-2c84da1ddb0d, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49152 IP : 163.26.60.2
Plugin ID:
10736
Port dce-rpc (49153/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49153 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service Annotation : Event
log TCPIP Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service Annotation :
DHCPv6 Client LRPC Endpoint Type : Remote RPC
service TCP Port : 49153 IP : 163.26.60.2 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5,
version 1.0 Description : DHCP Client Service Windows
process : svchost.exe Annotation : DHCP Client LRPC
Endpoint Type : Remote RPC service TCP Port : 49153
IP : 163.26.60.2
Plugin ID:
10736
Port dce-rpc (49154/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49154 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service TCP
Port : 49154 IP : 163.26.60.2
Plugin ID:
10736
Port dce-rpc (49155/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49155 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
86d35949-83c9-4044-b424-db363231fd0c, version
1.0 Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49155 IP : 163.26.60.2 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511,
version 1.0 Description : Unknown RPC service
Annotation : IKE/Authip API Type : Remote RPC
service TCP Port : 49155 IP : 163.26.60.2 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a,
version 1.0 Description : Unknown RPC service
Annotation : AppInfo Type : Remote RPC service TCP
Port : 49155 IP : 163.26.60.2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version
1.0 Description : Unknown RPC service Annotation :
AppInfo Type : Remote RPC service TCP Port : 49155
IP : 163.26.60.2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49155 IP : 163.26.60.2 Object
UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277,
version 1.0 Description : Unknown RPC service
Annotation : Impl friendly name Type : Remote RPC
service TCP Port : 49155 IP : 163.26.60.2
Plugin ID:
10736
Port dce-rpc (49156/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49156 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service Annotation :
Remote Fw APIs Type : Remote RPC service TCP Port :
49156 IP : 163.26.60.2 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Remote RPC service TCP Port :
49156 IP : 163.26.60.2
Plugin ID:
10736
Port dce-rpc (49157/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 49157 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service Type : Remote
RPC service TCP Port : 49157 IP : 163.26.60.2
Plugin ID:
10736
Port llmnr (5355/udp)
[-/+]
Link-Local Multicast Name Resolution (LLMNR)
Detection
Synopsis:
The remote device supports LLMNR.
Description:
The remote device answered to a Link-local Multicast
Name Resolution (LLMNR) request. This protocol provides
a name lookup service similar to NetBIOS or DNS. It is
enabled by default on modern Windows versions.
Risk factor:
None
See also:
http://www.nessus.org/u?85beb421
See also:
http://technet.microsoft.com/en-us/library/bb878128.aspx
Solution:
Make sure that use of this software conforms to your
organization's acceptable use and security policies.
Plugin output:
According to LLMNR, the name of the remote host is
'ABRAHAM7'.
Plugin ID:
53513
Port echo (7/tcp)
[-/+]
Echo Service Detection
Synopsis:
An echo service is running on the remote host.
Description:
The remote host is running the 'echo' service. This service echoes any data
which is sent to it. This service is unused these days, so it is strongly advised
that you disable it, as it may be used by attackers to set up denial of services
attacks against this host.
Risk factor:
None
Solution:
- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and
restart the inetd process - Under Windows systems, set the following registry
key to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEc
ho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEc
ho Then launch cmd.exe and type : net stop simptcp net start simptcp To
restart the service.
Plugin ID:
10061
CVE:
CVE-1999-0103, CVE-1999-0635
Other references:
OSVDB:150
Echo Service Detection
Synopsis:
An echo service is running on the remote host.
Description:
The remote host is running the 'echo' service. This service echoes any data
which is sent to it. This service is unused these days, so it is strongly advised
that you disable it, as it may be used by attackers to set up denial of services
attacks against this host.
Risk factor:
None
Solution:
- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and
restart the inetd process - Under Windows systems, set the following registry
key to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEc
ho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEc
ho Then launch cmd.exe and type : net stop simptcp net start simptcp To
restart the service.
Plugin ID:
10061
CVE:
CVE-1999-0103, CVE-1999-0635
Other references:
OSVDB:150
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An echo server is running on this port.
Plugin ID:
22964
Port www (80/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD,
POST Headers : Content-Type: text/html
Last-Modified: Tue, 09 Oct 2012 08:45:22 GMT
Accept-Ranges: bytes ETag: "d0c67e6bfaa5cd1:0"
Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2012 23:18:40 GMT
Content-Length: 19247
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : Microsoft-IIS/7.0
Plugin ID:
10107
HTTP Methods Allowed (per directory)
Synopsis:
This plugin determines which HTTP methods are
allowed on various CGI directories.
Description:
By calling the OPTIONS method, it is possible to
determine which HTTP methods are allowed on each
directory. As this list may be incomplete, the plugin
also tests - if 'Thorough tests' are enabled or 'Enable
web applications tests' is set to 'yes' in the scan policy
- various known HTTP methods on each directory and
considers them as unsupported if it receives a
response code of 400, 403, 405, or 501. Note that the
plugin output is only informational and does not
necessarily indicate the presence of any security
vulnerabilities.
Risk factor:
None
Solution:
n/a
Plugin output:
Based on the response to an OPTIONS request : HTTP methods GET HEAD POST TRACE OPTIONS are
allowed on : /
Plugin ID:
43111
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
Port discard (9/tcp)
[-/+]
Discard Service Detection
Synopsis:
A discard service is running on the remote host.
Description:
The remote host is running a 'discard' service. This service typically sets up a
listening socket and will ignore all the data which it receives. This service is
unused these days, so it is advised that you disable it.
Risk factor:
None
Solution:
- Under Unix systems, comment out the 'discard' line in /etc/inetd.conf and
restart the inetd process - Under Windows systems, set the following registry
key to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpDis
card Then launch cmd.exe and type : net stop simptcp net start simptcp To
restart the service.
Plugin ID:
11367
Port sd? (9876/tcp)
[-/+]
[^] Back to 163.26.60.2
[^] Back
163.26.60.3
Scan Time
Start
Fri Oct 1 07:13:16
time :
End time :
2013
Fri Oct 1 07:15:25
2013
Number of vulnerabilities
Open ports :
4
High :
0
Medium :
0
Low :
16
Remote host information
Operating
System :
Microsoft
Windows Server
2003
NetBIOS
name :
DNS name :
[^] Back to 163.26.60.3
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
[-/+]
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.3 : 163.26.60.115
163.26.60.3
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
129 sec
Plugin ID:
19506
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:microsoft:windows_2003_server
Following application CPE matched on the remote
system : cpe:/a:microsoft:iis:6.0 -> Microsoft Internet
Information Services (IIS) 6.0
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 75
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Microsoft Windows Server
2003 Confidence Level : 75 Method : HTTP The remote
host is running Microsoft Windows Server 2003
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:1f:c6:7c:a2:91 : ASUSTek COMPUTER INC.
Plugin ID:
35716
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The ICMP timestamps seem to be in little endian
format (not in network format) The difference
between the local and remote clocks is -150 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port dce-rpc (1025/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 1025 : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Remote RPC service TCP Port :
1025 IP : 163.26.60.3 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service TCP
Port : 1025 IP : 163.26.60.3
Plugin ID:
10736
Port dce-rpc (1026/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available on TCP
port 1026 : Object UUID :
a81947b2-4f02-4d17-b04a-f763f5b55c07 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Remote RPC
service TCP Port : 1026 IP : 163.26.60.3 Object UUID :
fbc2df9e-2c02-463b-894c-b14bef185d29 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Remote RPC
service TCP Port : 1026 IP : 163.26.60.3 Object UUID :
be04b764-8e1b-45dc-be6b-fcb4adabb938 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Remote RPC
service TCP Port : 1026 IP : 163.26.60.3 Object UUID :
963647fc-c042-484c-9b51-5e4e096539eb UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Remote RPC
service TCP Port : 1026 IP : 163.26.60.3
Plugin ID:
10736
Port epmap (135/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available locally :
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : dhcpcsvc
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service Windows process :
svchost.exe Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service Named pipe : DNSResolver
Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Local RPC service Named pipe :
dsrole Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Local RPC service Named pipe :
protected_storage Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Local RPC service Named pipe :
securityevent Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Local RPC service Named pipe :
audit Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : tapsrvlpc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service Annotation :
Unimodem LRPC Endpoint Type : Local RPC service
Named pipe : unimdmsvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Local RPC service
Named pipe : W32TIME_ALT Object UUID :
23cb5420-4496-463d-bbc4-dd4e82e58da2 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe :
OLEB6D72FF6C93E4AE8AAAFBD64E5BD Object
UUID : 23cb5420-4496-463d-bbc4-dd4e82e58da2
UUID : 906b0ce0-c70b-1067-b317-00dd010662da,
version 1.0 Description : Distributed Transaction
Coordinator Windows process : msdtc.exe Type : Local
RPC service Named pipe : LRPC00000af0.00000001
Object UUID :
a81947b2-4f02-4d17-b04a-f763f5b55c07 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC00000570.00000001 Object UUID :
fbc2df9e-2c02-463b-894c-b14bef185d29 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC00000570.00000001 Object UUID :
be04b764-8e1b-45dc-be6b-fcb4adabb938 UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC00000570.00000001 Object UUID :
963647fc-c042-484c-9b51-5e4e096539eb UUID :
906b0ce0-c70b-1067-b317-00dd010662da, version
1.0 Description : Distributed Transaction Coordinator
Windows process : msdtc.exe Type : Local RPC service
Named pipe : LRPC00000570.00000001 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
wzcsvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEF26F56FC22A74DD3A7E811EE8C7F Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
wzcsvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEF26F56FC22A74DD3A7E811EE8C7F Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
wzcsvc Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Local RPC service Named pipe :
OLEF26F56FC22A74DD3A7E811EE8C7F Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : audit Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : securityevent Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : protected_storage Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Local RPC service Named
pipe : dsrole
Plugin ID:
10736
Port microsoft-ds? (445/tcp)
[-/+]
DCE Services Enumeration
Synopsis:
A DCE/RPC service is running on the remote host.
Description:
By sending a Lookup request to the portmapper (TCP
135 or epmapper PIPE) it was possible to enumerate
the Distributed Computing Environment (DCE)
services running on the remote port. Using this
information it is possible to connect and bind to each
service by sending an RPC request to the remote
port/pipe.
Risk factor:
None
Solution:
n/a
Plugin output:
The following DCERPC services are available
remotely : Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Remote RPC service Named
pipe : \PIPE\protected_storage Netbios name :
\\SAMUEL5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345678-1234-abcd-ef00-0123456789ab, version
1.0 Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe Annotation : IPSec Policy
agent endpoint Type : Remote RPC service Named
pipe : \PIPE\lsass Netbios name : \\SAMUEL5 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db,
version 1.0 Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint Type : Remote
RPC service Named pipe : \pipe\tapsrv Netbios name :
\\SAMUEL5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
3473dd4d-2e88-4006-9cba-22570909dd10, version
5.0 Description : Unknown RPC service Annotation :
WinHttp Auto-Proxy Service Type : Remote RPC
service Named pipe : \PIPE\W32TIME_ALT Netbios
name : \\SAMUEL5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\SAMUEL5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\SAMUEL5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service Windows process :
svchost.exe Type : Remote RPC service Named pipe :
\PIPE\atsvc Netbios name : \\SAMUEL5 Object UUID :
00000000-0000-0000-0000-000000000000 UUID :
12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager Windows
process : lsass.exe Type : Remote RPC service Named
pipe : \PIPE\lsass Netbios name : \\SAMUEL5 Object
UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac,
version 1.0 Description : Security Account Manager
Windows process : lsass.exe Type : Remote RPC
service Named pipe : \PIPE\protected_storage Netbios
name : \\SAMUEL5
Plugin ID:
10736
Port www (80/tcp)
[-/+]
Microsoft SharePoint Server Detection
Synopsis:
The remote web server contains a document sharing
software
Description:
The remote web server is running SharePoint, a web
interface for document management. As this interface
is likely to contain sensitive information, make sure
only authorized personel can log into this site
Risk factor:
None
See also:
http://www.microsoft.com/Sharepoint/default.mspx
Solution:
Make sure the proper access controls are put in place
Plugin output:
The following instance of SharePoint was detected on
the remote host : Version : 6.0.2.6568 URL :
http://163.26.60.3/
Plugin ID:
38157
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD,
POST Headers : Date: Thu, 11 Oct 2012 23:17:42 GMT
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 6.0.2.6568
X-Powered-By: ASP.NET Location: /default.aspx
Cache-Control: private Content-Length: 9
Public-Extension:
http://schemas.microsoft.com/repl-2
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : Microsoft-IIS/6.0
Plugin ID:
10107
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.3
[^] Back
163.26.60.44
Scan Time
Start
Fri Oct 1 07:13:31
time :
End time :
2013
Fri Oct 1 07:20:39
2013
Number of vulnerabilities
Open ports :
0
High :
0
Medium :
0
Low :
2
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.44
Port general (0/tcp)
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
[-/+]
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
428 sec
Plugin ID:
19506
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
8c:89:a5:98:f9:26 : Micro-Star INT'L CO., LTD
Plugin ID:
35716
[^] Back to 163.26.60.44
[^] Back
163.26.60.49
Scan Time
Start
time :
Fri Oct 1 07:13:31
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
0
High :
0
Medium :
0
Low :
2
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.49
Port smb (139/tcp)
[-/+]
Microsoft Windows SMB Service Detection
Synopsis:
A file / print sharing service is listening on the remote
host.
Description:
The remote service understands the CIFS (Common
Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files,
printers, etc between nodes on a network.
Risk factor:
None
Solution:
n/a
Plugin output:
An SMB server is running on this port.
Plugin ID:
11011
Port snmp (161/udp)
[-/+]
SNMP Protocol Version Detection
Synopsis:
This plugin reports the protocol version negotiated with the remote
SNMP agent.
Description:
By sending an SNMP 'get-next-request', it is possible to determine
the protocol version of the remote SNMP agent.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Solution:
Disable the SNMP service on the remote host if you do not use it, or
filter incoming UDP packets going to this port.
Plugin output:
Nessus has negotiated SNMP communications at SNMPv1.
Plugin ID:
35296
[^] Back to 163.26.60.49
[^] Back
163.26.60.65
Scan Time
Start
Fri Oct 1 07:13:36
time :
End time :
2013
Fri Oct 1 07:18:52
2013
Number of vulnerabilities
Open ports :
4
High :
0
Medium :
0
Low :
10
Remote host information
Operating
System :
Fortigate Linux
Kernel 2.4 Linux
Kernel 2.6
NetBIOS
name :
DNS name :
[^] Back to 163.26.60.65
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.65 : 163.26.60.115
163.26.60.65
Plugin ID:
10287
[-/+]
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
316 sec
Plugin ID:
19506
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE's : cpe:/o:linux:linux_kernel:2.4
cpe:/o:linux:linux_kernel:2.6
Plugin ID:
45590
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Fortigate Linux Kernel 2.4
Linux Kernel 2.6 Confidence Level : 54 Method : SinFP
The remote host is running one of these operating
systems : Fortigate Linux Kernel 2.4 Linux Kernel 2.6
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:0d:e0:64:02:ff : ICPDAS Co.,LTD
Plugin ID:
35716
IP Forwarding Enabled
Synopsis:
The remote host has IP forwarding enabled.
Description:
The remote host has IP forwarding enabled. An attacker may use this flaw to
use the to route packets through this host and potentially bypass some
firewalls / routers / NAC filtering. Unless the remote host is a router, it is
recommended that you disable IP forwarding.
Risk factor:
Low
CVSS Base Score:3.2
CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
Solution:
On Linux, you can disable IP forwarding by doing : echo 0 >
/proc/sys/net/ipv4/ip_forward On Windows, set the key 'IPEnableRouter' to 0
under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameter
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0 For other systems, check with your vendor.
Plugin ID:
50686
CVE:
CVE-1999-0511
Port ndmp? (10000/tcp)
[-/+]
Unknown Service Detection: Banner Retrieval
Synopsis:
There is an unknown service running on the remote
host.
Description:
Nessus was unable to identify a service on the remote
host even though it returned a banner of some type.
Risk factor:
None
Solution:
n/a
Plugin output:
If you know what this service is and think the banner
could be used to identify it, please send a description
of the service along with the following output to
[email protected] : Port : 10000 Type :
get_http Banner : 0x00: 45 72 72 6F 72 20 43 6F 6D
6D 61 6E 64 0D 0A Error Command..
Plugin ID:
11154
Port asa-appl-proto? (502/tcp)
[-/+]
Unknown Service Detection: Banner Retrieval
Synopsis:
There is an unknown service running on the remote
host.
Description:
Nessus was unable to identify a service on the remote
host even though it returned a banner of some type.
Risk factor:
None
Solution:
n/a
Plugin output:
If you know what this service is and think the banner
could be used to identify it, please send a description
of the service along with the following output to
[email protected] : Port : 502 Type : help
Banner : 0x00: 48 45 4C 50 0D 04 01 01 01 00
HELP......
Plugin ID:
11154
Port www (80/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.0 SSL : no Keep-Alive : no
Options allowed : (Not implemented) Headers :
WWW-Authenticate: Basic realm="ET-7044"
Plugin ID:
24260
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
Port distinct? (9999/tcp)
[-/+]
[^] Back to 163.26.60.65
[^] Back
163.26.60.70
Scan Time
Start
time :
Fri Oct 1 07:13:41
2013
End time :
Fri Oct 1 07:19:01
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
2
Low :
16
Remote host information
Operating
System :
NetBIOS
name :
EthernetBoard
OkiLAN 8100e
KM25BB2B
DNS name :
[^] Back to 163.26.60.70
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
[-/+]
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.70 : 163.26.60.115
163.26.60.70
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
320 sec
Plugin ID:
19506
Additional DNS Hostnames
Synopsis:
Potential virtual hosts have been detected.
Description:
Hostnames different from the current hostname have
been collected by miscellaneous plugins. Different web
servers may be hosted on name- based virtual hosts.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Virtual_hosting
Solution:
If you want to test them, re-scan using the special
vhost syntax, such as :
www.example.com[192.0.32.10]
Plugin output:
- km25bb2b
Plugin ID:
46180
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : switch Confidence level : 65
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : EthernetBoard OkiLAN
8100e Confidence Level : 65 Method : SinFP The
remote host is running EthernetBoard OkiLAN 8100e
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:c0:ee:25:bb:2b : KYOCERA CORPORATION
Plugin ID:
35716
Port netbios-ns (137/udp)
[-/+]
Windows NetBIOS / SMB Remote Host
Information Disclosure
Synopsis:
It is possible to obtain the network name of the
remote host.
Description:
The remote host listens on UDP port 137 or TCP port
445 and replies to NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in
other plugins but does not itself generate a report.
Risk factor:
None
Solution:
n/a
Plugin output:
The following 5 NetBIOS names have been gathered :
KM25BB2B = Computer name KM25BB2B =
Messenger Service KM25BB2B = File Server Service
NetPrinters = Workgroup / Domain name NetPrinters
= Browser Service Elections The remote host has the
following MAC address on its adapter :
00:c0:ee:25:bb:2b
Plugin ID:
10150
Port ftp (21/tcp)
FTP Privileged Port Bounce Scan
[-/+]
Synopsis:
The remote FTP server is vulnerable to a FTP server bounce attack.
Description:
It is possible to force the remote FTP server to connect to third
parties using the PORT command. The problem allows intruders to
use your network resources to scan other hosts, making them think
the attack comes from your network.
Risk factor:
High
CVSS Base Score:7.5
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
See also:
http://archives.neohapsis.com/archives/bugtraq/1995_3/0047.html
See also:
http://www.cert.org/advisories/CA-1997-27.html
Solution:
See the CERT advisory in the references for solutions and
workarounds .
Plugin output:
The following command, telling the server to connect to
169.254.175.112 on port 10794: PORT 169,254,175,112,42,42
produced the following output: 200 PORT command Ok.
Plugin ID:
10081
CVE:
CVE-1999-0017
BID:
126
Other references:
OSVDB:71
Anonymous FTP Enabled
Synopsis:
Anonymous logins are allowed on the remote FTP
server.
Description:
This FTP service allows anonymous logins. Any remote
user may connect and authenticate without providing
a password or unique credentials. This allows a user to
access any files made available on the FTP server.
Risk factor:
Medium
CVSS Base Score:5.0
CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Solution:
Disable anonymous FTP if it is not required. Routinely
check the FTP server to ensure sensitive content is not
available.
Plugin output:
The contents of the remote FTP root are : total 0
Plugin ID:
10079
CVE:
CVE-1999-0497
Other references:
OSVDB:69
Multiple Vendor Embedded FTP Service Any
Username Authentication Bypass
Synopsis:
A random username and password can be used to
authenticate to the remote FTP server.
Description:
The FTP server running on the remote host can be
accessed using a random username and password.
Nessus has enabled some countermeasures to prevent
other plugins from reporting vulnerabilities incorrectly
because of this.
Risk factor:
Medium
CVSS Base Score:5.0
CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Solution:
Contact the FTP server's documentation so that the
service handles authentication requests properly.
Plugin ID:
10990
Other references:
OSVDB:813
FTP Supports Clear Text Authentication
Synopsis:
Authentication credentials might be intercepted.
Description:
The remote FTP server allows the user's name and
password to be transmitted in clear text, which could
be intercepted by a network sniffer or a
man-in-the-middle attack.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Switch to SFTP (part of the SSH suite) or FTPS (FTP
over SSL/TLS). In the latter case, configure the server
so that control connections are encrypted.
Plugin output:
This FTP server does not support 'AUTH TLS'.
Plugin ID:
34324
Other references:
CWE:522, CWE:523
FTP Server Detection
Synopsis:
An FTP server is listening on this port.
Description:
It is possible to obtain the banner of the remote FTP
server by connecting to the remote port.
Risk factor:
None
Solution:
N/A
Plugin output:
The remote FTP banner is : 220 NS-30 Ver 1.4.02 FTP
server.
Plugin ID:
10092
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An FTP server is running on this port.
Plugin ID:
22964
Port telnet (23/tcp)
[-/+]
Unencrypted Telnet Server
Synopsis:
The remote Telnet server transmits traffic in cleartext.
Description:
The remote host is running a Telnet server over an
unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins,
passwords and commands are transferred in cleartext.
An attacker may eavesdrop on a Telnet session and
obtain credentials or other sensitive information. Use
of SSH is prefered nowadays as it protects credentials
from eavesdropping and can tunnel additional data
streams such as the X11 session.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Disable this service and use SSH instead.
Plugin output:
Nessus collected the following banner from the remote
Telnet server : ------------------------------ snip
------------------------------ NS-30 Ver 1.4.02 TELNET
server. Copyright(C)2001 KYOCERA MITA Corporation
Copyright(C)2006 Revised Edition KYOCERA MITA
Corporation All Rights Reserved. login:
------------------------------ snip
-----------------------------Plugin ID:
42263
Telnet Server Detection
Synopsis:
A Telnet server is listening on the remote port.
Description:
The remote host is running a Telnet server, a remote
terminal server.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
Here is the banner from the remote Telnet server :
------------------------------ snip
------------------------------ NS-30 Ver 1.4.02 TELNET
server. Copyright(C)2001 KYOCERA MITA Corporation
Copyright(C)2006 Revised Edition KYOCERA MITA
Corporation All Rights Reserved. login:
------------------------------ snip
-----------------------------Plugin ID:
10281
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A telnet server is running on this port.
Plugin ID:
22964
Port www (80/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : (Not implemented) Headers :
Connection: close Server: NetworkScanner WebServer
Ver1.0 Cache-Control: no-cache Content-Type:
TEXT/HTML
Plugin ID:
24260
HTTP Server Type and Version
Synopsis:
A web server is running on the remote host.
Description:
This plugin attempts to determine the type and the
version of the remote web server.
Risk factor:
None
Solution:
n/a
Plugin output:
The remote web server type is : NetworkScanner
WebServer Ver1.0
Plugin ID:
10107
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.70
[^] Back
163.26.60.74
Scan Time
Start
time :
Fri Oct 1 07:13:41
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
3
High :
0
Medium :
0
Low :
15
Remote host information
Operating
System :
Linux Kernel
2.4
NetBIOS name :
DNS name :
[^] Back to 163.26.60.74
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
[-/+]
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.74 : 163.26.60.115
163.26.60.74
Plugin ID:
10287
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:linux:linux_kernel:2.4
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 70
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Linux Kernel 2.4
Confidence Level : 70 Method : SinFP The remote host
is running Linux Kernel 2.4
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:0c:2a:02:af:e6 : OCTTEL Communication Co., Ltd.
Plugin ID:
35716
IP Forwarding Enabled
Synopsis:
The remote host has IP forwarding enabled.
Description:
The remote host has IP forwarding enabled. An attacker may use this flaw to
use the to route packets through this host and potentially bypass some
firewalls / routers / NAC filtering. Unless the remote host is a router, it is
recommended that you disable IP forwarding.
Risk factor:
Low
CVSS Base Score:3.2
CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
Solution:
On Linux, you can disable IP forwarding by doing : echo 0 >
/proc/sys/net/ipv4/ip_forward On Windows, set the key 'IPEnableRouter' to 0
under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameter
On Mac OS X, you can disable IP forwarding by executing the command :
sysctl -w net.inet.ip.forwarding=0 For other systems, check with your vendor.
Plugin ID:
50686
CVE:
CVE-1999-0511
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
10854 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port telnet (23/tcp)
[-/+]
Unencrypted Telnet Server
Synopsis:
The remote Telnet server transmits traffic in cleartext.
Description:
The remote host is running a Telnet server over an
unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins,
passwords and commands are transferred in cleartext.
An attacker may eavesdrop on a Telnet session and
obtain credentials or other sensitive information. Use
of SSH is prefered nowadays as it protects credentials
from eavesdropping and can tunnel additional data
streams such as the X11 session.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Disable this service and use SSH instead.
Plugin output:
Nessus collected the following banner from the remote
Telnet server : ------------------------------ snip
------------------------------ << Command Line Interface
V 2.1.7.5 >> User: ------------------------------ snip
-----------------------------Plugin ID:
42263
Telnet Server Detection
Synopsis:
A Telnet server is listening on the remote port.
Description:
The remote host is running a Telnet server, a remote
terminal server.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
Here is the banner from the remote Telnet server :
------------------------------ snip
------------------------------ << Command Line Interface
V 2.1.7.5 >> User: ------------------------------ snip
-----------------------------Plugin ID:
10281
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A telnet server is running on this port.
Plugin ID:
22964
Port sip? (5060/tcp)
[-/+]
Session Initiation Protocol Detection
Synopsis:
The remote system is a SIP signaling device.
Description:
The remote system is running software that speaks the Session Initiation
Protocol. SIP is a messaging protocol to initiate communication sessions
between systems. It is a protocol used mostly in IP Telephony networks /
systems to setup, control, and teardown sessions between two or more
systems.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
Solution:
If possible, filter incoming connections to the port so that it is used by trusted
sources only.
Plugin output:
The remote service was identified as : 128
12-38-38929131-0.9.5.1.1818-PSTN404 It supports the following options :
Allow:INVITE,ACK,OPTIONS,BYE,CANCEL,INFO,PRACK,REFER,SUBSCRIBE,NO
TIFY,UPDATE
Plugin ID:
21642
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
The service closed the connection without sending any
data. It might be protected by some sort of TCP
wrapper.
Plugin ID:
22964
Port www (80/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.1 SSL : no Keep-Alive : no
Options allowed : (Not implemented) Headers :
Connection: close Date: Sat, 01 Jan 2000 00:00:25
GMT Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html Content-Length: 639
Plugin ID:
24260
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
[^] Back to 163.26.60.74
[^] Back
163.26.60.80
Scan Time
Start
time :
Fri Oct 1 07:13:46
2013
End time :
Fri Oct 1 07:18:15
2013
Number of vulnerabilities
Open ports :
6
High :
0
Medium :
0
Low :
22
Remote host information
Operating
System :
NetBIOS name :
DNS name :
Linux Kernel
2.4
[^] Back to 163.26.60.80
Port general (0/udp)
[-/+]
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.80 : 163.26.60.115
163.26.60.80
Plugin ID:
10287
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
269 sec
Plugin ID:
19506
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE : cpe:/o:linux:linux_kernel:2.4
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 70
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Linux Kernel 2.4
Confidence Level : 70 Method : SinFP The remote host
is running Linux Kernel 2.4
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:0f:3a:01:8b:35 : HISHARP
Plugin ID:
35716
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
901 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
Port rpc-portmapper (111/tcp)
[-/+]
RPC Services Enumeration
Synopsis:
An ONC RPC service is running on the remote host.
Description:
By sending a DUMP request to the portmapper, it was
possible to enumerate the ONC RPC services running
on the remote port. Using this information, it is
possible to connect and bind to each service by
sending an RPC request to the remote port.
Risk factor:
None
Solution:
n/a
Plugin output:
The following RPC services are available on UDP port
111 : - program: 100000 (portmapper), version: 2
Plugin ID:
11111
RPC portmapper Service Detection
Synopsis:
An ONC RPC portmapper is running on the remote
host.
Description:
The RPC portmapper is running on this port. The
portmapper allows someone to get the port number of
each RPC service running on the remote host by
sending either multiple lookup requests or a DUMP
request.
Risk factor:
None
Solution:
n/a
Plugin ID:
10223
CVE:
CVE-1999-0632
RPC Services Enumeration
Synopsis:
An ONC RPC service is running on the remote host.
Description:
By sending a DUMP request to the portmapper, it was
possible to enumerate the ONC RPC services running
on the remote port. Using this information, it is
possible to connect and bind to each service by
sending an RPC request to the remote port.
Risk factor:
None
Solution:
n/a
Plugin output:
The following RPC services are available on TCP port
111 : - program: 100000 (portmapper), version: 2
Plugin ID:
11111
RPC portmapper (TCP)
Synopsis:
An ONC RPC portmapper is running on the remote
host.
Description:
The RPC portmapper is running on this port. The
portmapper allows someone to get the port number of
each RPC service running on the remote host by
sending either multiple lookup requests or a DUMP
request.
Risk factor:
None
Solution:
n/a
Plugin ID:
53335
Port ftp (21/tcp)
[-/+]
FTP Supports Clear Text Authentication
Synopsis:
Authentication credentials might be intercepted.
Description:
The remote FTP server allows the user's name and
password to be transmitted in clear text, which could
be intercepted by a network sniffer or a
man-in-the-middle attack.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Switch to SFTP (part of the SSH suite) or FTPS (FTP
over SSL/TLS). In the latter case, configure the server
so that control connections are encrypted.
Plugin output:
This FTP server does not support 'AUTH TLS'.
Plugin ID:
34324
Other references:
CWE:522, CWE:523
FTP Server Detection
Synopsis:
An FTP server is listening on this port.
Description:
It is possible to obtain the banner of the remote FTP
server by connecting to the remote port.
Risk factor:
None
Solution:
N/A
Plugin output:
The remote FTP banner is : 220---------- Welcome to
Pure-FTPd ---------- 220-You are user number 1 of 50
allowed. 220-Local time is now 07:00. Server port: 21.
220-This is a private system - No anonymous login 220
You will be disconnected after 15 minutes of inactivity.
Plugin ID:
10092
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
An FTP server is running on this port.
Plugin ID:
22964
Port telnet (23/tcp)
[-/+]
Unencrypted Telnet Server
Synopsis:
The remote Telnet server transmits traffic in cleartext.
Description:
The remote host is running a Telnet server over an
unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins,
passwords and commands are transferred in cleartext.
An attacker may eavesdrop on a Telnet session and
obtain credentials or other sensitive information. Use
of SSH is prefered nowadays as it protects credentials
from eavesdropping and can tunnel additional data
streams such as the X11 session.
Risk factor:
Low
CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution:
Disable this service and use SSH instead.
Plugin output:
Nessus collected the following banner from the remote
Telnet server : ------------------------------ snip
------------------------------ Welcome to DVR-166 Board.
dvr login: ------------------------------ snip
-----------------------------Plugin ID:
42263
Telnet Server Detection
Synopsis:
A Telnet server is listening on the remote port.
Description:
The remote host is running a Telnet server, a remote
terminal server.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin output:
Here is the banner from the remote Telnet server :
------------------------------ snip
------------------------------ Welcome to DVR-166 Board.
dvr login: ------------------------------ snip
-----------------------------Plugin ID:
10281
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A telnet server is running on this port.
Plugin ID:
22964
Port irc-serv? (6666/tcp)
[-/+]
Port tftp (69/udp)
[-/+]
TFTP Daemon Detection
Synopsis:
A TFTP server is listening on the remote port.
Description:
The remote host is running a TFTP (Trivial File
Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their
configuration. It is also used by worms to propagate.
Risk factor:
None
Solution:
Disable this service if you do not use it.
Plugin ID:
11819
Port www (80/tcp)
[-/+]
HyperText Transfer Protocol (HTTP)
Information
Synopsis:
Some information about the remote HTTP
configuration can be extracted.
Description:
This test gives some information about the remote
HTTP protocol - the version used, whether HTTP
Keep-Alive and HTTP pipelining are enabled, etc... This
test is informational only and does not denote any
security problem.
Risk factor:
None
Solution:
n/a
Plugin output:
Protocol version : HTTP/1.0 SSL : no Keep-Alive : no
Options allowed : (Not implemented) Headers :
Content-type: text/html Date: Thu, 11 Oct 2012
23:02:26 GMT Connection: close Last-Modified: Fri, 23
Mar 2007 02:42:09 GMT Content-length: 3737
Plugin ID:
24260
Service Detection
Synopsis:
The remote service could be identified.
Description:
It was possible to identify the remote service by its
banner or by looking at the error message it sends
when it receives an HTTP request.
Risk factor:
None
Solution:
n/a
Plugin output:
A web server is running on this port.
Plugin ID:
22964
Port ddi-tcp-1? (8888/tcp)
[-/+]
Unknown Service Detection: Banner Retrieval
Synopsis:
There is an unknown service running on the remote
host.
Description:
Nessus was unable to identify a service on the remote
host even though it returned a banner of some type.
Risk factor:
None
Solution:
n/a
Plugin output:
If you know what this service is and think the banner
could be used to identify it, please send a description
of the service along with the following output to
[email protected] : Port : 8888 Type :
spontaneous Banner : 0x00: 22 74 65 73 74 22 0A
"test".
Plugin ID:
11154
[^] Back to 163.26.60.80
[^] Back
163.26.60.84
Scan Time
Start
time :
Fri Oct 1 07:13:46
2013
End time :
Fri Oct 1 07:21:09
2013
Number of vulnerabilities
Open ports :
1
High :
0
Medium :
0
Low :
7
Remote host information
Operating
System :
Microsoft
Windows 2000
Microsoft
Windows XP
NetBIOS
name :
DNS name :
[^] Back to 163.26.60.84
Port general (0/udp)
Traceroute Information
Synopsis:
It was possible to obtain traceroute information.
Description:
Makes a traceroute to the remote host.
Risk factor:
None
Solution:
n/a
Plugin output:
For your information, here is the traceroute from
163.26.60.115 to 163.26.60.84 : 163.26.60.115
163.26.60.84
Plugin ID:
10287
Nessus Scan Information
Synopsis:
[-/+]
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
443 sec
Plugin ID:
19506
Common Platform Enumeration (CPE)
Synopsis:
It is possible to enumerate CPE names that matched
on the remote system.
Description:
By using information obtained from a Nessus scan, this
plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products
found on a host. Note that if an official CPE is not
available for the product, this plugin computes the
best possible CPE based on the information available
from the scan.
Risk factor:
None
See also:
http://cpe.mitre.org/
Solution:
n/a
Plugin output:
The remote operating system matched the following
CPE's : cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_xp
Plugin ID:
45590
Device Type
Synopsis:
It is possible to guess the remote device type.
Description:
Based on the remote operating system, it is possible to
determine what the remote system type is (eg: a
printer, router, general-purpose computer, etc).
Risk factor:
None
Solution:
n/a
Plugin output:
Remote device type : general-purpose Confidence
level : 54
Plugin ID:
54615
OS Identification
Synopsis:
It is possible to guess the remote operating system.
Description:
Using a combination of remote probes, (TCP/IP, SMB,
HTTP, NTP, SNMP, etc...) it is possible to guess the
name of the remote operating system in use, and
sometimes its version.
Risk factor:
None
Solution:
n/a
Plugin output:
Remote operating system : Microsoft Windows 2000
Microsoft Windows XP Confidence Level : 54 Method :
SinFP The remote host is running one of these
operating systems : Microsoft Windows 2000 Microsoft
Windows XP
Plugin ID:
11936
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:14:2a:69:c9:29 : Elitegroup Computer System Co.,
Ltd
Plugin ID:
35716
TCP/IP Timestamps Supported
Synopsis:
The remote service implements TCP timestamps.
Description:
The remote host implements TCP timestamps, as
defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be
computed.
Risk factor:
None
See also:
http://www.ietf.org/rfc/rfc1323.txt
Solution:
n/a
Plugin ID:
25220
Port commplex-main? (5000/tcp)
[-/+]
[^] Back to 163.26.60.84
[^] Back
163.26.60.88
Scan Time
Start
time :
Fri Oct 1 07:13:51
2013
End time :
Fri Oct 1 07:20:59
2013
Number of vulnerabilities
Open ports :
0
High :
0
Medium :
0
Low :
3
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.88
Port general (0/tcp)
[-/+]
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
428 sec
Plugin ID:
19506
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:1a:1e:cc:a6:cf : Aruba Networks
Plugin ID:
35716
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
-111 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
[^] Back to 163.26.60.88
[^] Back
163.26.60.89
Scan Time
Start
time :
Fri Oct 1 07:13:51
2013
End time :
Fri Oct 1 07:21:01
2013
Number of vulnerabilities
Open ports :
0
High :
0
Medium :
0
Low :
3
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.89
Port general (0/tcp)
[-/+]
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
430 sec
Plugin ID:
19506
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:1a:1e:cc:a7:9e : Aruba Networks
Plugin ID:
35716
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
-112 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
[^] Back to 163.26.60.89
[^] Back
163.26.60.90
Scan Time
Start
time :
Fri Oct 1 07:13:51
2013
End time :
Fri Oct 1 07:21:02
2013
Number of vulnerabilities
Open ports :
0
High :
0
Medium :
0
Low :
3
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.90
Port general (0/tcp)
[-/+]
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
431 sec
Plugin ID:
19506
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:1a:1e:ce:e4:99 : Aruba Networks
Plugin ID:
35716
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
-111 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
[^] Back to 163.26.60.90
[^] Back
163.26.60.93
Scan Time
Start
time :
Fri Oct 1 07:13:56
2013
End time :
Fri Oct 1 07:21:06
2013
Number of vulnerabilities
Open ports :
0
High :
0
Medium :
0
Low :
3
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.93
Port general (0/tcp)
[-/+]
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:13 Scan duration :
430 sec
Plugin ID:
19506
Ethernet Card Manufacturer Detection
Synopsis:
The manufacturer can be deduced from the Ethernet
OUI.
Description:
Each ethernet MAC address starts with a 24-bit
'Organizationally Unique Identifier'. These OUI are
registered by IEEE.
Risk factor:
None
See also:
http://standards.ieee.org/faqs/OUI.html
See also:
http://standards.ieee.org/regauth/oui/index.shtml
Solution:
n/a
Plugin output:
The following card manufacturers were identified :
00:1a:1e:ce:da:a2 : Aruba Networks
Plugin ID:
35716
ICMP Timestamp Request Remote Date
Disclosure
Synopsis:
It is possible to determine the exact time set on the
remote host.
Description:
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the date that
is set on the targeted machine, which may assist an
unauthenticated, remote attacker in defeating
time-based authentication protocols. Timestamps
returned from machines running Windows Vista / 7 /
2008 / 2008 R2 are deliberately incorrect, but usually
within 1000 seconds of the actual system time.
Risk factor:
None
Solution:
Filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Plugin output:
The difference between the local and remote clocks is
-111 seconds.
Plugin ID:
10114
CVE:
CVE-1999-0524
Other references:
OSVDB:94, CWE:200
[^] Back to 163.26.60.93
[^] Back
163.26.60.96
Scan Time
Start
time :
Fri Oct 1 07:14:06
2013
End time :
Fri Oct 1 07:23:15
2013
Number of vulnerabilities
Open ports :
0
High :
0
Medium :
0
Low :
2
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.96
Port smb (139/tcp)
[-/+]
Microsoft Windows SMB Service Detection
Synopsis:
A file / print sharing service is listening on the remote
host.
Description:
The remote service understands the CIFS (Common
Internet File System) or Server Message Block (SMB)
protocol, used to provide shared access to files,
printers, etc between nodes on a network.
Risk factor:
None
Solution:
n/a
Plugin output:
An SMB server is running on this port.
Plugin ID:
11011
Port snmp (161/udp)
[-/+]
SNMP Protocol Version Detection
Synopsis:
This plugin reports the protocol version negotiated with the remote
SNMP agent.
Description:
By sending an SNMP 'get-next-request', it is possible to determine
the protocol version of the remote SNMP agent.
Risk factor:
None
See also:
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
Solution:
Disable the SNMP service on the remote host if you do not use it, or
filter incoming UDP packets going to this port.
Plugin output:
Nessus has negotiated SNMP communications at SNMPv1.
Plugin ID:
35296
[^] Back to 163.26.60.96
[^] Back
163.26.60.97
Scan Time
Start
time :
Fri Oct 1 07:14:06
2013
End time :
Fri Oct 1 07:14:31
2013
Number of vulnerabilities
Open ports :
8
High :
0
Medium :
0
Low :
2
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to 163.26.60.97
Port general (0/tcp)
[-/+]
Nessus Scan Information
Synopsis:
Information about the Nessus scan.
Description:
This script displays, for each tested host, information
about the scan itself : - The version of the plugin set The type of plugin feed (HomeFeed or
ProfessionalFeed) - The version of the Nessus Engine The port scanner(s) used - The port range scanned Whether credentialed or third-party patch
management checks are possible - The date of the
scan - The duration of the scan - The number of hosts
scanned in parallel - The number of checks done in
parallel
Risk factor:
None
Solution:
n/a
Plugin output:
Information about this scan : Nessus version : 4.4.1
(Build 15078) (Nessus 5.0.1 is available - consider
upgrading) Plugin feed version : 201210082315 Type
of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 163.26.60.115 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough
tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : yes Optimize the
test : yes Credentialed checks : no Patch management
checks : None CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv
timeout : 5 Backports : None Allow post-scan editing:
Yes Scan Start Date : 2012/10/12 7:14 Scan duration :
25 sec
Plugin ID:
19506
Do not scan printers
Synopsis:
The remote host appears to be a fragile device and will
not be scanned.
Description:
The remote host appears to be a network printer,
multi-function device, or other fragile device. Such
devices often react very poorly when scanned. To
avoid problems, Nessus has marked the remote host
as 'Dead' and will not scan it.
Risk factor:
None
Solution:
If you are not concerned about such behavior, enable
the 'Scan Network Printers' setting under the 'Do not
scan fragile devices' advanced settings block and
re-run the scan.
Plugin output:
SNMP reports it as KYOCERA MITA Printing.
Plugin ID:
11933
Port ftp? (21/tcp)
[-/+]
Port printer? (515/tcp)
[-/+]
Port ipp? (631/tcp)
[-/+]
Port http? (80/tcp)
[-/+]
Port pdl-datastream? (9100/tcp)
[-/+]
Port bacula-dir? (9101/tcp)
[-/+]
Port bacula-fd? (9102/tcp)
[-/+]
Port bacula-sd? (9103/tcp)
[-/+]
[^] Back to 163.26.60.97
[^] Back
SCAN-ERROR
Scan Time
Number of vulnerabilities
Open ports :
0
High :
1
Medium :
0
Low :
0
Remote host information
Operating System :
NetBIOS name :
DNS name :
[^] Back to SCAN-ERROR
Port general (0/tcp)
[-/+]
Scan Error
Too many live hosts scanned in a row while on a
HomeFeed - please upgrade to a ProfessionalFeed
Plugin ID:
19506
[^] Back to SCAN-ERROR
Download